I'm a Hacker and I believe that compliance with PCI DSS 6.6 is not a good indicator that a web application is truly secure. Just like any honey badger, I will fight to prove David wrong because honey badgers just don't care. In my years of assessing web applications I have encountered many vulnerabilities that many web application scanners are unable to detect. I have also encountered many web application firewalls that are so poorly configured that they did very little to protect the web application from attack. I am Security Consultant on the Risk Management team at SecureState, a Cleveland, Ohio based security consulting company. At SecureState, I perform vulnerability assessments, war dialing, penetration tests, physical penetration tests and web application security reviews. My research interests include the development and implementation of vulnerability management programs, lock picking, and SSL vulnerabilities.