With its next-generation WAF capabilities, ThreatSign! fortifies web applications against common attacks such as SQL injection and cross-site scripting. This proactive defense not only secures cardholder data but also aligns with PCI-DSS requirements for implementing security measures in the development and maintenance of web applications. ThreatSign! performs comprehensive vulnerability assessments and scanning, addressing vulnerabilities promptly to ensure secure configurations of systems and web applications.

Here is a list of common threats, with a focus on how Quttera Website Malware Scanner stands out in addressing them:

Requirement 6: Develop and Maintain Secure Systems and Software

• 6.2 Bespoke and custom software is developed securely

• Aligned: 6.2.1 Bespoke and custom software are developed securely
• Aligned: 6.2.3 Bespoke and custom software is reviewed before being released into production or to customers to identify and correct potential coding vulnerabilities
• Aligned: 6.2.4 Attacks on business logic, including attempts to abuse or bypass application features and functionalities by manipulating APIs, communication protocols and channels, client-side functionality, or other system/application functions and resources. This includes cross-site scripting (XSS) and cross-site request forgery (CSRF).

• 6.3 Security vulnerabilities are identified and addressed

• Aligned: 6.3.1 Security vulnerabilities are identified and managed
• Aligned: 6.3.2 An inventory of bespoke and custom software and third-party software components incorporated into bespoke and custom software is maintained to facilitate vulnerability and patch management
• Aligned: 6.3.3 All system components are protected from known vulnerabilities by installing applicable security patches/updates

• 6.4 Public-facing web applications are protected against attacks

• Aligned: 6.4.1 For public-facing web applications, new threats and vulnerabilities are addressed on an ongoing basis, and these applications are protected against known attacks or Installing an automated technical solution(s) that continually detects and prevents web-based attacks
• Aligned: 6.4.2 For public-facing web applications, an automated technical solution is deployed that continually detects and prevents web-based attacks
• Aligned: 6.4.3 All payment page scripts that are loaded and executed in the consumer's browser are managed

In the event of a security incident, ThreatSign! facilitates a rapid and effective response. Its comprehensive incident response and forensics capabilities aid organizations in complying with PCI-DSS requirements related to incident response planning, reporting, and investigation.

Requirement 10: Log and Monitor All Access to System Components and Cardholder Data

• Aligned: 10.2 Audit logs are implemented to support the detection of anomalies and suspicious activity and the forensic analysis of events.
• Aligned: 10.3 Audit logs are protected from destruction and unauthorized modifications
• Aligned: 10.5 Audit log history is retained and available for analysis.
• Aligned: 10.7 Failures of critical security control systems are detected, reported, and responded to promptly.

ThreatSign! provides continuous monitoring capabilities, enabling organizations to stay vigilant and promptly address potential compliance gaps. This aligns with PCI-DSS requirements for maintaining a secure environment continuously. ThreatSign! supports regular testing through continuous vulnerability assessments, ensuring that security systems and processes are thoroughly evaluated for potential weaknesses.

Requirement 11: Test Security of Systems and Networks Regularly

• Aligned: 11.3 External and internal vulnerabilities are regularly identified, prioritized, and addressed.
• Aligned: 11.4 External and internal penetration testing is regularly performed, and exploitable vulnerabilities and security weaknesses are corrected.
• Aligned: 11.5 Network intrusions and unexpected file changes are detected and responded to.
• Aligned: 11.6 Unauthorized changes on payment pages are detected and responded to.