Following PCI compliance keeps web apps more secure

Following PCI compliance keeps web apps more secure

An eCommerce company has a lot to keep track of when it comes to securing their customers' private payment information. The PCI Security Standards Council and Imperva recently released a white paper that reviews the rules of mitigating web application vulnerabilities, which can be helped with security tools like high assurance SSL certificates.

"Analyzing and upgrading secure code for every application is a costly, time consuming process that can delay new product or application rollouts," the white paper said. "Worse, it is virtually impossible to catch all vulnerabilities, or keep pace with the evolving threat landscape, which means your web applications remain susceptible to attack. The best way to effectively meet PCI’s web security requirements is to integrate a web application firewall into your overall security solution."

Implementation of secure codes can help reduce the number of vulnerabilities, according to the white paper. While it is challenging to implement, the two organizations said it is an important part of application security. Even so, companies cannot forget about vulnerabilities such as software bugs, IT resource changes and inconsistent architecture coming with new technology.

According to the white paper, web application firewarlls reduce the window of exposure to vulnerabilities, inhibit malicious traffic and provide continuous security.

SSL Shopper said while SSL certificates may only be a small part of the PCI DSS rules, they're an important part.

"SSL allows you to protect customer data as it is being transmitted to and from the web server," the website said. "If you don't properly set-up your web server to use SSL certificates, you can't meet the PCI standards that are required to accept credit cards on your site."

Tim Callan from VeriSign told SSL Shopper that VeriSign SSL certificates can help businesses avoid phishing and help a business become more trusted by customers.