http://phoenix.issa.org/conference2008/index.htm

Advancing your education at an unbeatable price!

• Learn from leading edge industry professionals
• Network with peers in the security community
• Included: Breakfast, lunch, snacks
• More than 20 speakers!!
• Attendee packet
• Lots of door prizes!
• Vendor Expo
• CPE credits
• State of the art venue
• Convenient location close to airport, downtown and Interstate 10.
• Free parking

Adam Muntner, Managing Partner of QuietMove, is presenting a talk entitled ” Rethinking the Perimeter.”

The clarification document is available here:  https://www.pcisecuritystandards.org/pdfs/infosupp_6_6_applicationfirewalls_codereviews.pdf

A few comments:

We are very pleased that the document highlights the value of defense in depth strategies.

While it specifies that testing can be performed by internal resources, so long as they are independent from the development organization, it also clarifies the role of 3rd party testing organizations like QuietMove:

 ”While the final sign-off/approval of the review/scan results must be done by an
independent organization, it is recommended that reviews and scans also be performed
as early as possible in the development process. Tools should be made available to
software developers and integrated into their development suite as much as practical.”

The Web Application Firewall product selection and configuration criteria are also defined in depth.

Bravo to PCI SSC for clarifying these requirements.