Archive for May, 2009

OWASP PCI Project

May 26, 2009

OWASP PCI Project :: Introduction and Call for Participation!

We are formally introducing the OWASP PCI Project to the Web Application Security community! The industry needs a workspace for PCI QSAs* and Application Security experts to work constructively together – the OWASP PCI Project will serve as the platform in building community consensus. 

The PCI Project drives focused discussion and awareness, promoting a thorough understanding of how to ensure safety in online payments.  Our mission is to:

  • Make payment application security requirements achievable,
  • QSA perspective and audit points accessible,
  • A unified and mutually agreed upon approach to secure payment applications, and sustainable compliance

The scope of this group will ultimately extend beyond PCI, becoming a scalable software risk management framework for other regulations.  By focusing on managing risk – we are ensuring web sites, applications, and web enabled software of any type are secured the right way (and making compliance a natural and sustainable byproduct).

Now is the time to get involved!  Visit the project site and sign up!   We are starting to build the project roadmap, we need YOUR help in framing this project!

Proposed projects include:

  • PCI Application Security Scoping Guidance,
  • Application Security Development Guidance,
  • PCI Application Security Auditor’s Playbooks,
  • More to come!

OWASP PCI Project : http://www.owasp.org/index.php/Category:OWASP_PCI_Project

* QSAs are Qualified Security Assessors- the individuals responsible for performing onsite audits and interpreting the PCI standard)

Advertisements