Find underlying cause or cure symptoms ?

The standards and regulations of web security are mostly following the OWASP Guidelines and PCI-DSS (Payment Card Industry Data Security Standard). The rigorous PCI-DSS aims on improving security reinforcement of online transaction websites using payment cards / credit cards. In order to sufficiently protect websites against malicious cyber attacks, the implementation of Web Application Firewalls and Code Review mechanism must be done to comply with PCI-DSS 6.6, an amendment created in 2008.

PCI-DSS 6.6 structure:

 

Code Review

WAF

Main Concept

Find underlying causes

Cure symptoms

Solution

Radical treatment

Alleviate symptoms

Technicality

High

Low

Procurement cost

High

Low

Maintenance Cost

High
(hidden costs)
1. Highly-skilled technician to patch
2. Need a complete patch plan
3. Need to evaluate patch time
4. Need to evaluate patch result
5. A post-patch re-evaluation is suggested

Low

Attacks are blocked by default setting, tuning of UI makes it easy to adjust, no need for highly-skilled technical background

Check frequency

Web page and module updates

Permanent protection after implementation

Execution time

Before launch

Direct defense

Log

No attackers information

Provide list of attackers’ IP