Credit card providers are redoubling efforts to ensure that all partnering businesses and financial institutions comply with PCI DSS. MasterCard Worldwide has announced that Level 2 merchants must validate PCI compliance through an on-site review by December 31, 2010.

While PCI DSS security involves multiple systems and interfaces, web applications potentially present the largest attack surface, especially with the ongoing adoption of Web 2.0. Online application vulnerabilities are arguably the fastest growing area of concern as cyber attacks are becoming more sophisticated than ever.

PCI DSS requires all web-facing applications to either undergo a code review or be protected by a web application firewall. But source codes reviews and application firewalls are clearly not equivalent means to achieve tight security. Though web application firewalls may be quicker and less expensive, they are not a complete guarantee and do not ensure 100% protection.

Clearly a combination of firewalls and code reviews is a surer route to take. However are you challenged when it comes to code reviews because of the likely expense and time they entail?

Take web application security all the way
Marlabs can help you scale up code reviews while bringing down the cost. With an extensive web security practice, Marlabs has the resources and expertise to streamline application code review. Having built a code parser that automatically processes code, looks at data flows, and detects issues; we have been able to accelerate the process.

Combined with manual review, comprehensive vulnerability assessments, and implementation of application firewalls, you can rest assured that you are getting a complete security solution.

Which enables you to strengthen your SDLC cycle, create a secure software architecture and business model, and mitigate the risk of online threats. Going beyond compliance, you are able to take control of your web application security needs.