PCI SSC finally released “Information Supplement: Payment Card Industry Data Security Standard (PCI DSS) Requirement 6.6 Code Reviews and Application Firewalls” that would clean some air on how much application security is really required for PCI DSS compliance. I have often had long discussions on the intent of 6.6 requirement, and to me it always was clear that Section 6.6 wanted application owners to be cautious against web based attacks than just web-application security testing.
The supplement is a must read and can be downloaded from here
0 Responses to “PCI DSS 6.6 Supplement”