|
PCI's False Dilemma: Code Review or Application Firewall?
sponsored by Imperva
|
|
|
Posted:
|
08 Oct 2008
|
|
Published:
|
08 Oct 2008
|
|
Format:
|
PDF
|
|
Length:
|
4
Page(s)
|
|
Type:
|
White Paper
|
|
Language:
|
English
|
|
|
ABSTRACT:
For organizations attempting to secure their Web applications to meet compliance standards, PCI regulations present a choice of two options: Perform a code review or install a WAF. This, however, is a false choice. The best course of action is to do both.
Requirement 6.6 of PCI DSS specifies the means for protecting Web-facing applications, either by "Having all custom application code reviewed for
common vulnerabilities by an organization that specializes in application security" or by :installing an application layer firewall in front of Web-facing applications."
This short-worded requirement has raised one of the largest PCI debates: Which method should be put in place, a code review or a Web application firewall (WAF)?
|
|
|
Author
Amichai Shulman
CTO
,
Imperva
Amichai Shulman is CTO of application data security vendor Imperva and director of the Imperva Application Defense Center, an application and database security research organization.
|
|
BROWSE RELATED
RESOURCES
Compliance (Systems Operations) | Compliance Best Practices | Data Security | Databases | Payment Card Industry | Payment Card Industry Data Security Standard Compliance | Security Software
|
View All Resources
sponsored by Imperva
|
|
SmartBiz IT Research Library Copyright © 1998-2008 Bitpipe, Inc. All Rights Reserved. Designated trademarks and brands are the property of their respective owners. TechTarget · 117 Kendrick St · Needham, MA · 02494
Use of this web site constitutes acceptance of the Bitpipe Terms and Conditions and Privacy Policy. webmaster@bitpipe.com
|
