Define "firewall" in this context, I guess, right? Something that controls network and application access, separate from the application itself? I don't recall it being defined in PCI DSS itself, so I'm sure it'll be fine so long as one can properly explain it to the QSA. :)
-ben McGovern, James F (HTSC, IT) wrote: > Interesting approach. Curious to know if this will satisfy a PCI > auditor as a compensating control (section 6) > > -----Original Message----- From: sc-l-boun...@securecoding.org > [mailto:sc-l-boun...@securecoding.org] On Behalf Of Kenneth Van Wyk > Sent: Thursday, September 24, 2009 12:03 PM To: Secure Coding > Subject: [SC-L] Another WAF in town > > FYI, some activity in the open source WAF space: > > http://www.darkreading.com/security/app-security/showArticle.jhtml?artic > leID=220100630 > > Cheers, > > Ken > > ----- Kenneth R. van Wyk SC-L Moderator > > ************************************************************ This > communication, including attachments, is for the exclusive use of > addressee and may contain proprietary, confidential and/or privileged > information. If you are not the intended recipient, any use, > copying, disclosure, dissemination or distribution is strictly > prohibited. If you are not the intended recipient, please notify the > sender immediately by return e-mail, delete this communication and > destroy all copies. > ************************************************************ > > > _______________________________________________ Secure Coding mailing > list (SC-L) SC-L@securecoding.org List information, subscriptions, > etc - http://krvw.com/mailman/listinfo/sc-l List charter available at > - http://www.securecoding.org/list/charter.php SC-L is hosted and > moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, > non-commercial service to the software security community. > _______________________________________________ > > -- Benjamin Tomhave, MS, CISSP fal...@secureconsulting.net Blog: http://www.secureconsulting.net/ Twitter: http://twitter.com/falconsview Photos: http://photos.secureconsulting.net/ Web: http://falcon.secureconsulting.net/ LI: http://www.linkedin.com/in/btomhave [ Random Quote: ] "Perhaps in time the so-called Dark Ages will be thought of as including our own." Georg Christoph Lichtenberg _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________