Payment Card Industry Mandate Stresses Importance of Web Application Security: Recommended Becomes Required
by Danny Allan - IBM Rational's Director of Security Research - Tuesday, 10 June 2008.
Meeting the PCI requirements for Web application security by employing code review and a Web application firewall is a great starting point, but to fully protect consumer data and implement a comprehensive online risk management strategy, organizations must also enforce policies that include ongoing compliance monitoring procedures.

Consider these recommendations:
  • Educate consumers about the dangers of online scams and alert them to threats such as phishing, key logging and pharming. The more knowledgeable customers are to online scams, the less fearful and vulnerable they will be.

  • Offer privacy and security guarantees to customers in the event of fraud or identity theft. Prominently highlight the company’s promise to protect customer information and make privacy and security policies simple to understand and easily accessible on the website.
  • Communicate and market the website’s online privacy and security features in ways consumers can understand. Retailers have an opportunity to incorporate site features that promote confidence and trust, such as offering clear and easy ways to find help.
  • Closely monitor and manage relationships with third parties to ensure the same, if not higher, security standards are in place to protect customer information. Security and privacy are not only about your company’s site but also that of outsourcers and partners that may handle sensitive information.
  • Develop an action plan to immediately update customers, legal authorities and the hosting provider of the offending site when a scam has been detected. Taking the appropriate steps to address the problem limits a company’s exposure window.
  • Use automated solutions to monitor for application vulnerabilities and achieve compliance with a range of laws, best practices and security and privacy policies. These also include the identification of privacy and Web application security issues and cross-site scripting vulnerabilities that can lead to breaches. Preventing or detecting glitches early gives companies more lead-time to execute a response plan and encourages a trusted online environment for customers.
While Web teams are busy optimizing websites to support online transactions, do not neglect the important step of securing the site, the applications and the data they collect. Not only will this fulfill the latest PCI mandate, but it will improve an organization’s security overall and ensure that there is a framework in place to manage future threats. It takes only a single breach to ruin a reputation.

Spotlight

Most popular Android apps open users to MITM attacks

Posted on 21 August 2014.  |  An analysis of the 1,000 most popular free Android apps from the Google Play store has revealed a depressing fact: most of them sport an SSL/TLS vulnerability that can be misused for executing MITM attacks, and occasionally additional ones, as well.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Aug 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //