The New PCI 6.6
All Your Public facing Web Apps Are Relevant To Us. I’m going to start off this post with the moral of the story: Good intentions often have bad, unintended consequences. The following is the ‘Testing Procedures’ text of requirement 6.6 from the new PCI DSS v1.2 (source: [https://www.pcisecuritystandards.org/security_standards/pci_dss_download.html] (https://www.pcisecuritystandards.org/security_standards/pci_dss_download.html)): For public-facing web applications, ensure that either one of the following methods are in place as follows: Verify that public-facing web applications are reviewed (using either manual or automated vulnerability security assessment tools or methods), as follows: