Thursday, December 13, 2007

My Article On PCI And Application Security

My article came out today on SearchSecurity about application security and the Payment Card Industry (PCI) standard.

Specifically, I wrote about Section 6, which is different than the other PCI requirements. First, it's the only one dealing with application security. Second, it's only a recommendation today but will be a full requirement in June 2008.

But mostly, I emphasized that traditional PCI solutions and regular vulnerability scans aren't enough for the infamous Section 6, and I give some creative ways to be compliant.


Post a Comment

<< Home