Protecting Web Based Applications: A Best Practices Guide

10 Pages Posted: 2 Dec 2008

Date Written: November 29, 2008

Abstract

Organizations handling credit cards feel pressure building as the deadline for PCI Requirement 6.6 compliance [1] has passed and well documented breaches have heightened the public and regulatory agencies' concerns about how well companies are securing consumer-specific information. Despite some initial advances, sensitive information is still frequently stolen. Internal threat an issue, magnified by extended partnerships which ultimately lead to more tasks will be performed outside company facilities. Web Application Firewalls (WAF) are the most effective mechanisms to immediately address security issues since the security rule set can be adjusted to stop new attack types without the time required to change the application code. Time is a critical factor in selecting solutions to prevent breaches. WAF will give a quick solution for PCI 6.6. WAF can protect custom applications, 3rd party applications, and legacy applications - even in cases where the organization does not control the source code (as for SAP, Oracle, PeopleSoft web applications and portals) and where the people who understand the application are no longer accessible. It is also important to minimize the number of bugs in applications. No matter what tool used, this should be accompanied with code reviews, appropriate testing including such as fuzzy testing, code standards that are followed, and proper education. No matter what tool configuration selected, manual code reviews, education, coding standards and proper testing must also be applied.

Keywords: Protecting Web Based Applications, WAF, Best Practices, PCI

JEL Classification: O31

Suggested Citation

Mattsson, Ulf T., Protecting Web Based Applications: A Best Practices Guide (November 29, 2008). Available at SSRN: https://ssrn.com/abstract=1308922 or http://dx.doi.org/10.2139/ssrn.1308922

Ulf T. Mattsson (Contact Author)

Protegrity Corp. ( email )

One Cantebury Green
Stamford, CT 06901
United States

HOME PAGE: http://www.ulfmattsson.com

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
186
Abstract Views
1,136
Rank
321,663
PlumX Metrics