Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, April 23, 2008

Two additional supplements for PCU

The PCI Security Standards Council announced the availability of two Information Supplements providing further clarification for PCI DSS requirement 11.3, regarding penetration testing, and Requirement 6.6, regarding application code review and application firewalls.  Both of these information supplements provide guidance to help merchants and service providers meet these two requirements in support of their PCI DSS compliance efforts.

Requirement 11.3 addresses penetration testing, which includes network and application layer testing, as well as controls and processes around the networks and applications. Proper use of automated source code analyzer (scanning) tools.

The second option for Requirement 6.6 is a Web Application Firewall (WAF) which is a security policy enforcement point positioned between a web application and a client end point.

The Information Supplement provides recommended capabilities of a select WAF, additional recommended capabilities for certain environments, additional considerations for organizations implementing a WAF and additional sources of information on Web application security.

Posted on 04/23