| TABLE OF CONTENTS
PCI DSS compliance: The basics
PCI DSS compliance: Code review
PCI DSS compliance: Web application firewalls (WAFs)
Web application security and PCI DSS
|Web application firewalls (WAFs)|
The other option merchants have to comply with requirement 6.6 is implementation of a Web application firewall (WAF). The information supplement from the PCI council states "In the context of Requirement 6.6, an 'application firewall' is a Web application firewall (WAF), which is a security policy enforcement point positioned between a Web application and the client end point. This functionality can be implemented in software or hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components."
Our poll indicates that WAFs are an unpopular choice for SearchSoftwareQuality.com readers looking to comply with requirement 6.6. With only 11% of the vote, WAFs tied "Other" and was beaten by "Don't know."
Visit our next section on Web application security and the PCI DSS.