Guide to PCI Compliance for Web Applications: Updated for Version 1.2 of the Payment Card Industry Data Security Standard

On the surface, the Payment Card Industry (PCI) Data Security Standard (DSS) reads as a series of do this, don't do that" absolutes. Vet, in three areas, the standard gives organizations some flexibility in their options. The most critical of these choices lies in Requirement 8.6. This section states that all web applications must be protected by an application-layer firewall (also known as a web application firewall) or undergo a code review by an organization that specializes in application security. With all the noise in the market, how does one decide which solution is right for organization? This white paper will help one make that decision.