[WEB SECURITY] New PCI requires code review or WAF
Jeremiah Grossman
jeremiah at whitehatsec.com
Fri Sep 8 13:37:30 EDT 2006
I posted a somewhat lengthy overview about the announcement and my
take on its effects
http://jeremiahgrossman.blogspot.com/2006/09/new-pci-data-security-
standard.html
More comments inline:
On Sep 8, 2006, at 4:24 AM, Jeff Robertson wrote:
> Before actually reading the PDF, I immediately want to ask:
>
> 1. What are the criteria for an "organization that specializes in
> application security"?
Unknown.
> 2. What is considered an application layer firewall?
Any of the products (or similar) on the following list would probably
be suitable.
Forrester Wave™: Web Application Firewalls, Q2 2006
http://www.forrester.com/Research/Document/Excerpt/0,7211,38766,00.html
> Maybe these questions are answered in the document.
Not really.
Regards,
Jeremiah Grossman
Chief Technology Officer
WhiteHat Security, Inc.
http://www.whitehatsec.com/
----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
More information about the websecurity
mailing list