ZDNet / IT Library / Software and Web Development / Software Development Tools / Application Security Tools /

An Evaluation of the ModSecurity Pro M1100 Web Application Firewall Relative to the Payment Card Industry

By Aegenis Group on April 11, 2008 (709 days ago)

See also

Firewalls, Security Management

More Whitepapers

Data Management

Desktops, Laptops and OS

Enterprise Applications

IT Management

Networking and Communications

Professions and Industries

Security

Servers and Server OS

Software and Web Development

Storage

Publisher's description

This paper discusses the occurrence and causes of data compromises in the Payment Card Industry. Understanding the genesis of the application security requirements of the PCI DSS provides a firm foundation for determining the applicability and effectiveness of the WebDefend application layer firewall. In addition to discussing the impact of the ModSecurity Pro product on PCI DSS compliance, a brief discussion of the ways in which WebDefend can help companies meet non-security related business objectives will also be included.

Registration Required
File size 758.80kb - Check your internet speed
File format PDF - Download the latest version of Adobe Acrobat Reader

Download for free now

Similar whitepapers

Webcast: Securing Your Web Applications

As more application traffic moves to the web, the information assets are facing new security threats. Web application security is a comprehensive, policy-based method designed to help manage these emerging threats at the application level, so one can prevent attacks that no other firewalls can address. The attendee of this webcast will find out how F5 can provide the flexible, efficient and cost-effective web application security that allows to do business the way one want and keeping it secure, fast and available.

79 days ago by F5 Networks Download

PCI DSS Compliance in the UNIX/Linux Datacenter Environment

This document explains how BeyondTrust PowerBroker supports the Payment Card Industry Data Security Standard (PCI DSS) by limiting and tracking authorization to execute commands and programs that access servers and applications storing and using proprietary cardholder. BeyondTrust PowerBroker provides an auditable process that controls, monitors and records that access.

158 days ago by BeyondTrust Download

Application Security

All are living in an age in which companies have to open up their IT infrastructure to employees, customers, suppliers and partners. Being able to access certain information on the Internet in real time has become the norm. In this context, application security has become a strategic area for companies and has turned out to be inseparable from other components of IT infrastructure On the other hand there is a trend to represent corporate governance and legal guidelines and processes within the IT systems. Implementing application security allows companies to check, measure and enhance the compliance of their IT infrastructure, which is why it is increasingly becoming an indispensable tool.

193 days ago by ELCA Download

The 11 Secrets of Business Rules Success

Managing business rules gives you control over high volume operational decisions and delivers unprecedented agility. Based on decades of experience developing decision management applications, FICO has developed 11 steps to help you make the most of business rules. These include:

  • Picking the right applications. Business rules are a powerful tool for building smarter decisions into your applications but are better suited for some applications than others.
  • Following a process. Like any development technology, business rules work best when you have a structure and follow a suitable methodology.
  • Writing the right rules, the right way, and reusing them. Ensure your business rules are concise and atomic and use the right metaphor to manage them. Take advantage of your ability to manage them for reuse and to systematically verify, validate and simulate rules to get the result you want.
  • Operationalizing predictive analytics. Business rules are an ideal platform for putting predictive analytics to work to improve the effectiveness and precision of decisions.
Discover the 11 secrets to business rules success. Whether you are considering using business rules or are already a practitioner, this paper will help you advance your success.

201 days ago by FICO Download

Epping Forest District Council Turns to Breach WebDefend to Protect Customer Data, Obtain Application Security Solutions

Epping Forest District Council provides a range of services to its residents, many of which are statutory. The Council offers services relating to business properties, emergency planning, housing, environmental health, land drainage, and recycling and waste management, among others. As a government organization, Epping Forest District Council sought to protect customer data online and serve residents in the best possible way by implementing a web application security solution. The Council selected Breach Security's WebDefend as part of its search for an application that provided the organization with clear visibility regarding web security and application issues the Council's sites may be experiencing. In addition, the Council was impressed by WebDefend's ability to deliver realistic advice and solutions.

304 days ago by Breach Security Download

Stateful Assessment

First generation Web application security vulnerability scanners employed an approach based on the use of signatures (matching of regular expressions) to detect vulnerabilities. This paper explores the limitations of signatures and provides examples of a more effective approach it termed Stateful Assessment. Stateful Assessment is based on a process of generating Web application transactions and evaluating the response of the browser over the course of the entire transaction. The advantage of this approach is a dramatic increase in the number of vulnerabilities found, a decrease in false vulnerabilities (false positives), and validation inherent in the process.

324 days ago by Cenzic Download

Aegenis Group whitepapers

A Definition of Cardholder Data: Implications for PCI DSS Compliance

In spite of the best efforts of the card brands, and the payments industry at large, including the release of the Payment Card Industry Data Security Standard (PCI DSS) in February 2006, the compromise of Cardholder Data has continued to increase. As a result, companies have begun to evaluate new approaches to managing the risk associated with data compromise. These new approaches primarily focus upon the concept of risk avoidance by applying technology that allows organizations to operate with limited or no Cardholder Data. More recently the effectiveness of such solutions has been under debate within the industry. This paper will attempt to define Cardholder Data and illustrate the value of these alternative solutions.

552 days ago by Aegenis Group Download

An Evaluation of Breach Security WebDefend Web Application Firewall Relative to the Payment Card Industry

This paper discusses the occurrence and causes of data compromises in the Payment Card Industry. Understanding the genesis of the application security requirements of the PCI DSS provides a firm foundation for determining the applicability and effectiveness of the WebDefend application layer firewall. In addition to discussing the impact of the WebDefend product on PCI DSS compliance, a brief discussion of the ways in which WebDefend can help companies meet non-security related business objectives will also be included.

709 days ago by Aegenis Group Download

Top stories

Virtual PC hole could lead to attacks, security firm says

Jury rules against Microsoft in patent suit

Microsoft modernizes Web ambitions with IE9

Use the tradeoff matrix in agile projects

Is Google Wave getting Buzzed?

Inside ZDNet Asia

Special Report: Tech Focus in 2010

Latest Videos on Tech Industry

Insight: Interviews with Newsmakers

Search for over 15,000 Tech Jobs in Asia

Find your Tech answers in TechGuides

IT Library: Over 60,000 IT papers at your fingertips

Download IT Priorities 2010 Report