As PCI recommends, the use of automated scanning tools makes it possible to test for security from the very beginning and continually throughout the software development lifecycle, preventing vulnerabilities from turning into threats. Dealing with the root of the problem by embedding security analysis into the lifecycle of an application will not only guarantee improved security but it will save your organization time and money.

Smart companies will use the latest PCI upgrade as the motivation for putting their entire security and privacy compliance programs in order, building in security assessment from the ground up. Complying once and then forgetting about it until the next audit is bad practice. To successfully drive more business through the online channel, organizations cannot ignore Web privacy and application security. Only through a combination of dedication, education, business process improvement and risk management technology will firms be able to properly protect and control the online channel.


Meeting the PCI requirements for Web application security by employing code review and a Web application firewall is a great starting point, but to fully protect consumer data and implement a comprehensive online risk management strategy, organizations must also enforce policies that include ongoing compliance monitoring procedures.