Passing PCI Compliance Section 6.6: Code Reviews and Application Firewalls

HP - Enterprise

If your company stores or processes credit card information, you must be able to demonstrate compliance with the Payment Card Industry (PCI) Data Security Standards (DSS). These standards include requirements for security management, policies, procedures, network architecture, design, and other critical protective measures. They also include one very prescriptive requirement:  Section 6.6 mandates that organizations secure all Web applications by conducting a code review or installing an application layer firewall. Companies have had a very difficult time passing the other parts of Section 6 and they have experienced a rising number of data breaches. Unless companies take 6.6 seriously, PCI compliance failure rates, and data breaches, will continue to grow.  Read this whitepaper to gain an overview of best practices to pass Section 6.6 and an understanding of the technology available to you.

Tags : business risk, security, application security, audit, risk, vulnerabilities, fortify, fortify software
 Email this page
Published:  Oct 16, 2008
Length:  14
Type:  White Paper