New OWASP project - PCI Web Security Standards

[mike.owasp () gmail com]

Hello list,

I'm pleased to announce the start of a new OWASP project focused on creating a proposed set of Web-application Security 
Standards for sites that process credit card information.  

As things currently stand, the payment card industry (PCI - Visa, Mastercard, etc) plan to specify compliance to the 
OWASP Top Ten as part of successfully passing a scan/audit.  Although the Top Ten lists the common threats to web 
applications, it is neither comprehensive nor testable in a pass/fail methodology.

The OWAS PCI-WASS project aims at producing a set of *minimum* standards a web-application should be tested against if 
it is to process credit card information.  A final goal is to arrive at a set of testable criteria, much the same as 
the existing PCI security standard.  

If this interests you, please visit the project home page at http://www.owasp.org/standards/pci-wass.html.  There you 
will find a strawman document (available at http://www.owasp.org/docroot/owasp/misc/PCI-WASS_Strawman_Draft.doc) to 
start discussions and set direction.  To marshal comments, ideas, discussions, criticism, and feedback, I have set up 
another list at owasp-standards () lists sourceforge net

I look forward to your participation.

Cheers,
Mike.