Re: Web 2.0 support group

["Catherine Pagliaro" <cc () csfm com>]

The Payment Card Industry Security Standards and Payment Application Data
Security Standards attempt to get programmers to code securely. I
underline attempt.  We as payment application developers must follow
owasp.org standards and common sense security best business practises for
developing any type of code, hardening servers and locking down network
systems,as well as assuring our physical environments are locked down to
maintain our PCI DSS compliance.  As we do these types of assessments it
is frightening the lack of education and training on all aspects of
physical and IT application development and hosting security.  Education,
training and attention to security best business practises for all types
of software and languages is necessary to minimize the rising criminal
activity.  PCI DSS and the other security requirements for doing business
online is just the first small step to getting all applications coded
securely to avoid data loss, fraud and identity theft.  We also need a
committment from all application developers to code securely...as we have
a committment from security professionals, law enforcement, the card
associations and payment service providers and acuirting facilities to
make this happen...Go to the PCI Security Standards website - you can
google it...it is a first start at getting our industry standardized for
coding securely....


> Steven M. Christey wrote:
> > So I've been an observer of the "Web 2.0 is a security nightmare" camp
> > with the occasional head nods and detached agreement, being enough of a
> > generalist that I didn't have anything to add to the alarms raised by
> > the
> > specialists.  Where is the support group for those who have recently
> > realized just how desperate the situation is?
> >
> > I'm not being entirely facetious.  Is there any hope at all?
> >
> > - Steve
>
> 1. No, but there is no hope for generalized security apart from "Web
> 2.0" either.  There is only risk reduction.
>
> 2. Stop complaining about Web 2.0.  Really.  It doesn't exist.  There
> are security problems specific to JSON, AJAX, REST, SOAP, FLEX, social
> networking, P2P, etc.  If you want to actually discuss the risk, name
> the risk you're interested in.  Web 2.0 doesn't mean anything we can
> discuss like rational people.  Same goes for "the Cloud".
>
> Steve
> --
>   | Steven E. Pinkham                      |
>   | Security Researcher, Maven Security    |
>   | steve.pinkham () mavensecurity com        |
>   | GPG public key ID CD31CAFB             |


Catherine Pagliaro, B.B.A.,
CEO, C.N. Wylie Group Inc.
703 - 889 West Pender, Vancouver, BC V6C3B2
#13 - 465 King Street East, Toronto, On, M5A1L6
Tel: 1 800 811-7811
Toronto
Tel: 905 910-0575
www.cnwylie.com
PRIVILEGE AND CONFIDENTIALITY NOTICE This electronic transmission,
including all attachments, is directed in confidence solely to the
person(s) to which it is addressed, or an authorized recipient, and may
not otherwise be distributed, copied, printed or disclosed.  If you have
received this electronic transmission in error, please notify the sender
immediately by return electronic transmission and then immediately delete
this
transmission, including all attachments, without copying, printing,
distributing or disclosing same. Thank you.