Watchfire Certified as PCI Security Standards Council Approved Scanning Vendor
Well, this is a good news for all the folks in the PCI compliance business. Watchfire has been certified as a PCI scanning vendor. Quoting the press release:
WALTHAM, MA - March 12, 2007 - Watchfire, the market leading provider of web application security software and services, announced today that its AppScan® product has successfully completed the PCI Security Standards Council Approved Scanning Vendors testing process and is validated as compliant with the Payment Card Industry Data Security Standard (PCI DSS). Watchfire is the only web application security testing software vendor to earn PCI certification and can perform PCI scans to help validate the security of its customers’ websites according to the Payment Card Industry Data Security Standard.
I wonder when SPI Dynamics will follow, because I’m a big fan of WebInspect 
Thank you for reading this post. You can now Read Comment (1) or Leave A Trackback.
Print This Post
Post Info
This entry was posted on Sunday, March 18th, 2007 and is filed under Articles, Web Applications.You can follow any responses to this entry through the Comments Feed. You can Leave A Comment, or A Trackback.
Previous Post: Month of PHP Bugs - Day 10 »
Next Post: Web App Audit in 3 easy steps - powered by SANS »
Read More
Related Reading:- 8 mm Vulnerability Management Presentation
- Gemalto - Security To Be Free
- Free alternative to ArcSight ESM ? Hardly..
- Privacy Dilemma: How to Protect Yourself Online
- Solera Networks Deep-Packet Capture Review
- WordPress Exploit Scanner
- Phishing Exposed, Brands Secured
- Scanners: New Nessus Release; New eEye Web Scanner
- Good News from ArcSight and Imperva
- CCTV Security Camera and Surveillance Equipment
March 18th, 2007 21:58
Hi there. SPI is working to have our WebInspect Direct and assessment services group PCI certified. This is similar to what Watchfire has done but was misleading in their press release with regard to PCI. The PCI group has made it pretty clear that products won’t be certified and they only certify services organizations (as it should be, no single product could ever effectively verify PCI compliance and it’s really the realm of services organizations who might use tools like WebInspect).