Im a Hackerand Im a QSA (Hacking PCI Requirement 6.6. Why Your Web Applications are Still Not Secure)

No ratings

Presented at Notacon 9 by

Gary Mccully

David Sopata

PCI Requirement 6.6 is meant to ensure that there are security controls in place to protect web applications that store, process, or transmit credit card data. One of Daves main jobs as a QSA is to ensure that organizations who process credit cards comply with the PCI DSS standard. As a Security Consultant one of Garys main roles is to perform web application security assessments. Gary thinks that PCI Requirement 6.6 is not a good enough standard to truly protect web application securely, but Dave believes that other controls in the standard help should help protect web applications. In this presentation Gary will review why PCI DSS 6.6 does not equal security (through discussion and demonstrations) and Dave will try and defend the PCI DSS using the controls that are required to be in place. Watch Gary and Dave battle over the ability of PCI DSS 6.6 to protect web applications.