Web application vulnerabilities put critical business applications and back-end databases at risk from attack, theft and fraud. The Payment Card Industry Data Security Standard, which recognizes the threat Web application vulnerabilities pose to credit card data, allows organizations to choose between two mitigation techniques. Requirement 6.6 of PCI DSS specifies the means for protecting Web-facing applications, either by code review or by installing an application layer firewall.
April 23rd 2008