WebApp Sec mailing list archives
New OWASP project - PCI Web Security Standards
From: mike.owasp () gmail com
Date: 19 Dec 2005 19:45:00 -0000
Hello list, I'm pleased to announce the start of a new OWASP project focused on creating a proposed set of Web-application Security Standards for sites that process credit card information. As things currently stand, the payment card industry (PCI - Visa, Mastercard, etc) plan to specify compliance to the OWASP Top Ten as part of successfully passing a scan/audit. Although the Top Ten lists the common threats to web applications, it is neither comprehensive nor testable in a pass/fail methodology. The OWAS PCI-WASS project aims at producing a set of *minimum* standards a web-application should be tested against if it is to process credit card information. A final goal is to arrive at a set of testable criteria, much the same as the existing PCI security standard. If this interests you, please visit the project home page at http://www.owasp.org/standards/pci-wass.html. There you will find a strawman document (available at http://www.owasp.org/docroot/owasp/misc/PCI-WASS_Strawman_Draft.doc) to start discussions and set direction. To marshal comments, ideas, discussions, criticism, and feedback, I have set up another list at owasp-standards () lists sourceforge net I look forward to your participation. Cheers, Mike.
Current thread:
- New OWASP project - PCI Web Security Standards mike . owasp (Dec 20)
- RE: New OWASP project - PCI Web Security Standards Lyal Collins (Dec 20)
- RE: New OWASP project - PCI Web Security Standards Justin Derry (Dec 21)
- RE: New OWASP project - PCI Web Security Standards Lyal Collins (Dec 21)
- Re: New OWASP project - PCI Web Security Standards Eoin (Dec 22)
- RE: New OWASP project - PCI Web Security Standards Justin Derry (Dec 21)
- Re: New OWASP project - PCI Web Security Standards Jean-Jacques Halans (Dec 22)
- <Possible follow-ups>
- RE: New OWASP project - PCI Web Security Standards Ahmed Shahzad (Dec 21)
- RE: New OWASP project - PCI Web Security Standards MollM (Dec 22)
- RE: New OWASP project - PCI Web Security Standards Lyal Collins (Dec 20)