PCI DSS stands for Payment Card Industry Data Security Standard. Its purpose is to make credit card transactions between merchants and users more secure. Over the past four years, the PCI has created a council, the Security Standards Council, which has put rules in place designed to encourage greater software security. Requirement 6.6, which turned from a best practice into an actual requirement on June 30, 2008, addresses Web application security specifically. It is considered by many in the security field to be an inadequate requirement but nonetheless a step in the right direction.
These tips, articles, expert responses, book excerpts, and webcasts will help you figure out how to comply with PCI DSS requirement 6.6 and increase your application security. If you have any resources that you would like to share, or have suggestions for a future Learning Guide topic, please email me.
| TABLE OF CONTENTS
PCI DSS compliance: The basics
PCI DSS compliance: Code review
PCI DSS compliance: Web application firewalls (WAFs)
Web application security and the PCI DSS
|PCI DSS compliance: The basics|
Requirement 6.6 of the PCI DSS specifies that merchants must either implement code reviews or install a Web application firewall (WAF) to be in compliance. Ideally, security experts agree, companies will do both.
The PCI DSS has been clarified and added to several times over the years. This section includes an overview of requirement 6.6 in its present state and how it came to be.
Visit our next section on code review.