Well, this is a good news for all the folks in the PCI compliance business. Watchfire has been certified as a PCI scanning vendor.

Exploit Prevention Labs released the results of its February 2007 Exploit Prevalence Survey™. The Top 5 Web Exploits for February 2007 are

Anurag Agarwal continued his series of Reflections on web security superstars by presenting Ivan Ristic, the man who put ModSecurity on the map of mandatory security controls. Just like before, Anurag covers all the articles, books, tools and great contributions to the information security made by Ivan Ristic.

Cursor Injection – A New Method for Exploiting PL/SQL Injection and Potential Defences David Litchfield, NGSSoftware , released this paper which describes a new method whereby an attacker, seeking to exploit a SQL injection flaw in an Oracle database server, may do so without the need to create an auxiliary inject function in order to execute arbitrary SQL.