Difference between revisions of "Key Project Information:OWASP PCI Project"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
----
+
=Main=
{| style="width:100%" border="0" align="center"
+
! colspan="8" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT INFORMATION'''
+
|-
+
| style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''
+
| colspan="7" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP PCI TOOLKIT Project'''
+
|-
+
| style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''
+
| colspan="7" style="width:85%; background:#cccccc" align="left"|
+
The OWASP PCI toolkit is a group of new and existing OWASP tools & Documentation that will provide organizations full support for PCI compliance process, from scoping to implementation.
+
The Toolkit consist of:
+
  
<b>OWASP PCI Scope Assessment tool (WPF .NET app)</b> this tool will allow organizations to create a full assessment scope. Based on the Open PCI DSS Scoping Toolkit Document, the tool will allow organizations to create a total report assessment, by providing the user with a complete analysis mechanism to all (inserted) system components
+
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cornucopia-header.jpg|link=]]</div>
  
<b>OWASP PCI assessment criteria tool</b> once the scoping process has been finalized, the Assessment criteria toolkit will provide you with a complete analysis of the defined system components, based on the areas where the systems belong to. Example: A proxy server (Category 1) falls under the "Build and maintain a secure Network" requirements
+
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
The tool will deliver also, clear links and resources of existing OWASP tools and Documentation while applying the PCI testing procedures.
+
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
  
<b>Technical Info</b> The tool will be built as a WPF-.NET (c#) program
+
==OWASP PCI Scope Toolkit==
 +
OWASP PCI Scope toolkit is an Open Source Google Engine App, that will help you to scope the PCI-DSS requirements for your System Components.
  
 +
==Introduction==
  
 +
The PCI toolkit is based on a decision tree assesment methodology, to help you define if the system components of your network, fall within the PCI-DSS requirements. By decomposing , one by one with the help of this Google App Engine, you will be able to create an assesment and a final report of your scope delimitation.
 +
 +
 +
==Licensing==
 +
OWASP Corncucopia is free to use. It is licensed under the [http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
 +
 +
==Other Security Gamification==
 +
If you are interested in using gaming for security, also see [http://www.microsoft.com/security/sdl/adopt/eop.aspx Elevation of Privilege: The Threat Modeling Game] mentioned above, and the board game [http://www.controlalthack.com/ Control-Alt-Hack] ([http://media.blackhat.com/bh-us-12/Briefings/Kohno/BH_US_12_Kohno_Control_Alt_Hack_Slides.pdf presentation] for latter).
 +
 +
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
 +
 +
 +
 +
== Presentation ==
 +
Soon
 +
 +
 +
== Project Leader ==
 +
 +
Johanna Curiel
 +
Tom Brennan
 +
 +
 +
== Related Projects ==
 +
 +
* [[OWASP Secure Coding Practices - Quick Reference Guide]]
 +
* [[:Category:OWASP Application Security Verification Standard Project|OWASP Application Security Verification Standard]]
 +
 +
 +
| valign="top"  style="padding-left:25px;width:200px;" |
 +
 +
== Hyperlink to Google Engine App==
 +
 +
 +
 +
== Reference Files ==
 +
 +
* [https://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.pdf OWASP SCP requirements]
 +
* [http://www.owasp.org/images/4/4e/OWASP_ASVS_2009_Web_App_Std_Release.pdf OWASP ASVS verification IDs]
 +
* [https://www.owasp.org/index.php/AppSensor_DetectionPoints OWASP AppSensor attack detection point IDs]
 +
* [http://capec.mitre.org/data/archive/capec_v1.7.1.zip CAPEC IDs]
 +
* [http://www.safecode.org/publications/SAFECode_Agile_Dev_Security0712.pdf SAFECode security-focused story IDs]
 +
 +
The OWASP SCP does not include identity values for the requirements, so please use [https://www.owasp.org/index.php/File:Owasp-requirements-numbering.zip this list].
 +
 +
 +
== News and Events ==
 +
 +
 +
==PCIDSS==
 +
[[File:Cornucopia-pcidss-ecommerce-guidelines-small.jpg|link=https://www.pcisecuritystandards.org/pdfs/PCI_DSS_v2_eCommerce_Guidelines.pdf]]
 +
 +
OWASP Cornucopia Ecommerce Website Edition is referenced in the new [https://www.pcisecuritystandards.org Payment Card Industry Security Standards Council]  information supplement [https://www.pcisecuritystandards.org/pdfs/PCI_DSS_v2_eCommerce_Guidelines.pdf PCI DSS E-commerce Guidelines] v2, January 2013
 +
 +
==Classifications==
 +
 +
  {| width="200" cellpadding="2"
 +
  |-
 +
  | align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=:Category:OWASP_Project#tab=Terminology]]
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] 
 +
  |-
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
 +
  |}
  
|-
 
| style="width:15%; background:#7B8ABD" align="center"|
 
'''Key Project Information'''
 
| style="width:14%; background:#cccccc" align="center"|
 
Project Leader<br>Johanna Curiel, Tom Brennan
 
| style="width:15%; background:#cccccc" align="center"|
 
Project Contibutors<br>
 
| style="width:10%; background:#cccccc" align="center"|
 
Mailing List<br>[https://lists.owasp.org/mailman/listinfo/owasp-pci-project '''Subscribe here''']<br>[mailto:owasp-pci-project@lists.owasp.org '''Use here''']
 
| style="width:17%; background:#cccccc" align="center"|
 
License<br>[http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0''']
 
| style="width:14%; background:#cccccc" align="center"|
 
Project Type<br>[https://www.owasp.org/index.php/Category:OWASP_Project#tab=Alpha_Status_Projects '''Documentation + Tools''']
 
| style="width:15%; background:#cccccc" align="center"|
 
Sponsors<br>[http://www.whitehatsec.com/home/index.html '''WhiteHat Security''']<br>[http://www.orbitz.com/ '''Orbitz''']<br>[https://www.paymentsecuritypros.com/ '''SPSP''']
 
 
|}
 
|}
{| style="width:100%" border="0" align="center"
+
 
! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Release Status'''
+
= How to  =
! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Main Links'''
+
 
! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Related Projects'''
+
 
|-
+
=FAQs=
| style="width:29%; background:#cccccc" align="center"|
+
 
[[:Category:OWASP Project Assessment#Alpha Quality Documentation Criteria|'''Apha Quality''']]<br>[[:OWASP PCI Project - Assessment Frame|Please see here for complete information.]]
+
 
| style="width:42%; background:#cccccc" align="center"|
+
= Acknowledgements =
* add link(s)
+
==Volunteers==
| style="width:29%; background:#cccccc" align="center"|
+
Cornucopia is developed by a worldwide team of volunteers. The primary contributors to date have been:
*  if any, add link(s)
+
 
|}
+
* Ken Ferris
----
+
* Colin Watson
 +
 
 +
==Others==
 +
 
 +
 
 +
= Road Map and Getting Involved =
 +
 
 +
 
 +
==Localization==
 +
 
 +
==Design==
 +
 
 +
==Feedback==
 +
 
 +
 
 +
= About Ecommerce Website Edition =
 +
{{:Projects/OWASP Cornucopia Ecommerce Website Edition | Project About}}
 +
 
 +
__NOTOC__ <headertabs />
 +
 
 +
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]] [[Category:OWASP_Download]]

Revision as of 08:35, 28 October 2013

[edit]

Cornucopia-header.jpg

OWASP PCI Scope Toolkit

OWASP PCI Scope toolkit is an Open Source Google Engine App, that will help you to scope the PCI-DSS requirements for your System Components.

Introduction

The PCI toolkit is based on a decision tree assesment methodology, to help you define if the system components of your network, fall within the PCI-DSS requirements. By decomposing , one by one with the help of this Google App Engine, you will be able to create an assesment and a final report of your scope delimitation.


Licensing

OWASP Corncucopia is free to use. It is licensed under the Creative Commons Attribution-ShareAlike 3.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

Other Security Gamification

If you are interested in using gaming for security, also see Elevation of Privilege: The Threat Modeling Game mentioned above, and the board game Control-Alt-Hack (presentation for latter).


Presentation

Soon


Project Leader

Johanna Curiel Tom Brennan


Related Projects


Hyperlink to Google Engine App

Reference Files

The OWASP SCP does not include identity values for the requirements, so please use this list.


News and Events

PCIDSS

Cornucopia-pcidss-ecommerce-guidelines-small.jpg

OWASP Cornucopia Ecommerce Website Edition is referenced in the new Payment Card Industry Security Standards Council information supplement PCI DSS E-commerce Guidelines v2, January 2013

Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png

Volunteers

Cornucopia is developed by a worldwide team of volunteers. The primary contributors to date have been:

  • Ken Ferris
  • Colin Watson

Others

Localization

Design

Feedback

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP_Cornucopia Ecommerce Website Edition (home page)
Purpose: Cornucopia is a card game used to help development teams, especially those using Agile methodologies, identify application security requirements and develop security-based user stories. This edition is for ecommerce websites.
License: Creative Commons Attribution ShareAlike 3.0 License (best for documentation projects)
who is working on this project?
Project Leader(s):
  • Colin Watson @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: [Road Map and Getting Involved View]
Key Contacts
  • Contact Colin Watson @ to contribute to this project
  • Contact Colin Watson @ to review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases