Whilst a presentation about an e-commerce security standard might sound very dull, the reality is that this is probably one of the most important topics on the cf.Objective() schedule. "Any company processes, stores or transmits credit card numbers is required to be PCI DSS compliant." John Mason explains the scope of PCI DSS, where you fall within its levels and what is required of you - and how expensive non-compliance can be! He covers each of the major areas of PCI DSS such as network security, encryption, vulnerability management, access controls, monitoring / testing and policy issues. Some of the requirements are "duh!" obvious but some were quite surprising to me (and some are surprisingly burdensome). Along the way he provides examples of specific things you need to deal with in your CFML code.
Even if you don't do e-commerce, there are a lot of useful security tips in this presentation - or at least potential security problems that you may not have considered yet.
