Learning Guide

Web application security and the PCI DSS

TABLE OF CONTENTS
   PCI DSS compliance: The basics
   PCI

    Requires Free Membership to View

DSS compliance: Code review

   PCI DSS compliance: Web application firewalls (WAFs)
   Web application security and the PCI DSS



  Web application security and the PCI DSS
Expert advice software security

Do you have questions about software security? Let our security experts, Chris Wysopal, Caleb Sima, Dan Cornell and Ramesh Nagappan guide you. Read advice they have given or submit your own questions.

Web application firewalls and code reviews, detailed, manual, automatic or otherwise, are good components of an application security program. They are not, however, the only components. Experts stress that security must be integrated into the entire software development lifecycle.

  • Tip: Secure software measures: Their strengths and limitations: Greg Reber evaluates security processes in depth, including the methods recommended by requirement 6.6. Like most application security experts, he recommends a holistic approach to security.


  • Tip: Web application hacking: Inside the mind of an attacker: App security expert Kevin Beaver emphasizes that a malicious mindset is the key to a good security analysis. He includes many specific examples where security professionals may apply this technique.


  • Tip: Secure SDLC: Integrating security into your software development lifecycle: This is a heavily detailed and hyperlinked guide from Anurag Agarwal that explains how organizations can incorporate security practices into their SDLC.


  • Article: Application security shouldn't involve duct tape, Band-Aids or bubble gum: Application security involves integrating security into the SDLC. And it involves security professionals, risk mitigation, and data protection, at least. Joe Basirico breaks the development lifecycle down by phase: requirements gathering, requirements authoring, design, development, testing, release, and documentation.


  • Expert advice: Web application security testing basics: Expert Dan Cornell breaks down security testing techniques, how to use them, what they do, and when they are applicable.


  • Learning Guide: Application security testing techniques: This guide covers the major app sec testing techniques, such as vulnerability assessment, penetration testing, fuzz testing, obfuscation and, of course, source code analysis.


  • Expert advice: Application security careers have bright future: Dan Cornell explains why application security professionals are going to be needed in greater numbers than ever before.


  • Tip: Writing software requirements that address security issues: The requirements phase is the first opportunity for integration of security in the SDLC. Kevin Beaver outlines how to approach this process.
  • Send in your suggestions
    Are there other topics you'd like to see learning guides on? Send associate editor Jennette Mullaney an e-mail at jmullaney@techtarget.com and let her know what they are.

    This was first published in July 2008

    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: