Find underlying cause or cure symptoms ?
The standards and regulations of web security are mostly following the OWASP Guidelines and PCI-DSS (Payment Card Industry Data Security Standard). The rigorous PCI-DSS aims on improving security reinforcement of online transaction websites using payment cards / credit cards. In order to sufficiently protect websites against malicious cyber attacks, the implementation of Web Application Firewalls and Code Review mechanism must be done to comply with PCI-DSS 6.6, an amendment created in 2008.
|
PCI-DSS 6.6 structure: |
|
Code Review |
WAF |
Main Concept |
Find underlying causes |
Cure symptoms |
Solution |
Radical treatment |
Alleviate symptoms |
Technicality |
High |
Low |
Procurement cost |
High |
Low |
Maintenance Cost |
High
(hidden costs)
1. Highly-skilled technician to patch
2. Need a complete patch plan
3. Need to evaluate patch time
4. Need to evaluate patch result
5. A post-patch re-evaluation is suggested |
Low
Attacks are blocked by default setting, tuning of UI makes it easy to adjust, no need for highly-skilled technical background |
Check frequency |
Web page and module updates |
Permanent protection after implementation |
Execution time |
Before launch |
Direct defense |
Log |
No attackers information |
Provide list of attackers’ IP |
|
|
|
