Questions? Call 877-752-7170 or


The New PCI 6.6

By Matt Flick in PCI

All Your Public facing Web Apps Are Relevant To Us. I’m going to start off this post with the moral of the story: Good intentions often have bad, unintended consequences. The following is the ‘Testing Procedures’ text of requirement 6.6 from the new PCI DSS v1.2 (source: [] ( For public-facing web applications, ensure that either one of the following methods are in place as follows: Verify that public-facing web applications are reviewed (using either manual or automated vulnerability security assessment tools or methods), as follows:

Continue reading