Veracode's strength lies in its unique intellectual property, innovative service delivery model and veteran executive team.
– Simeon Simeonov, partner at Polaris Venture Partners
Veracode SecurityReview for PCI compliance Turn manual code reviews into an automated, cost-effective process to achieve PCI DSS and PA-DSS compliance and meet the June & July 2008 deadlines for application security reviews. Veracode PCI SecurityReviewVeracode helps organizations meet the application security and code review requirements of the PCI standard. As an expert in application security, Veracode is in a unique position to provide an independent assessment and standards-based rating to ensure your applications comply with PCI DSS and PCI PA-DSS. Unlike costly and labor intensive manual code analysis, Veracode’s on-demand service allows organizations to automate application reviews and receive results within 24-72 hours. This revolutionary approach means organizations can simplify their compliance efforts by using a single provider for all their PCI application security needs. For Merchants and Service ProvidersAccording to research by Gartner and Symantec, close to 90 percent of software attacks are aimed at the application layer. Thus, it comes as no surprise that the PCI DSS has made application security one of its cornerstones. Requirements 6.3.7, 6.5 and 6.6 identify specific steps in secure application development and deployment which organizations must meet in order to achieve PCI compliance. Additionally, in June of 2008, section 6.6 became mandatory and companies must have their custom application code reviewed for vulnerabilities by an independent application security organization or install a web application firewall. However, Gartner recommends code review as the preferred method for securing applications and to only use web application firewalls when code reviews are not feasible. For Payment Software VendorsVisa Payment Application Best Practices (PABP) standard applies to software vendors who develop payment applications that store, process, or transmit cardholder data as part of authorization or settlement. PCI has adopted Visa’s PABP and released a new standard called the Payment Application Data Security Standard (PA-DSS). Payment Software Vendors will need to certify their products to PA-DSS and demonstrate that their application code has undergone vulnerability analysis per the requirements specified in section 5. Visa has mandated that after July 2008, only certified payment software can be used for new deployments.
|
|||||||||||||||



