App security: How much is enough?
According to TechTarget contributor Mike Chapple, companies have serious vulnerabilities in their online applications. He noted that these programs are often developed without knowledge of the security requirements of individual cases. Applications, especially those used to make payments, are governed by strict restrictions. According to Chapple, however, there are intuitive ways for companies to stay on top of their security commitments, a must if they hope to pass inspection.
Legal requirements govern app world
Chapple noted that some IT staffers may be unaware of the measures needed to ensure their applications have achieved PCI compliance. He explained that the official guidelines require constant checks to ensure applications do not have vulnerabilities in their code. He explained that a series of firewalls specifically erected to protect web apps could be the answer to these risks, stating that the latest draft of the PCI code makes direct mention of such systems.
While firewalls may be important during an app's lifetime, Chapple noted that much of a program's security preparedness comes during its development stages. He explained that companies must constantly perform tests to make sure applications are secure. Firms have access to a wide variety of security options to keep apps safe, including penetration testing intended to highlight any existing weaknesses in the code.
According to compliance and security expert Charles Denyer, companies frequently make a variety of errors regarding organization-wide PCI compliance and security measures. He, like Chapple, explained that firewalls around web applications are a must. He also stated that they are often overlooked, placing such systems among the most common oversights that harm a company during the PCI approval process. Denyer found companies also sometimes overlook teaching workers best practices regarding data security, an error arguably more common than tech shortcomings.