Okay, this isn’t a really valuable post. The following links are core documents relevant to the PCI Security Standard.
Primary Site: https://www.pcisecuritystandards.org/
Requirement 6.6 Information Supplement
<post workshop updates>
Okay, the group in our session was absolutely awesome, thanks to everyone that came out! Three and a half hours for ANY topic, let alone a regulatory body (on a geek topic no less) is a marathon. In attendance we had a couple of QSAs, some military folks discussing strategy, and even a couple people from a major payment brand. (seriously, I thought they were coming to clean my clock… 
I mentioned I would follow up with some information and other links I mentioned in our workshop so here they are:
OWASP – Open Web Application Security Project
WASC – Web Application Security Consortium
Bidiblah – a tool from the team of rockstars at Sensepost
Also, we discussed PA-DSS deadlines, so I will point you to the Payment Application Security Mandates document over at the Visa site. Here is an image that gives you a summary:
Visa's Payment Application Compliance Mandate
March 22, 2009 at 11:50 am |
Trey – I can’t believe you did what, 5 hours, for a PCI talk? That’s a tough subject to tackle to begin with, and I heard you did a masterful job… you are officially the PCI Guru.