"Today, June 30, marks the start of new revisions on the PCI DSS specs. Section 6.6 is now required, specifically companies who deal with credit or debit cards online must use an application layer firewall or have a complete website audit code review to remain PCI compliant.
With all the stolen and lost data in the news recently, the beef up of section 6.6 addresses one of the growing causes for PCI compliance failure. “PCI DSS Requirement 6.6 provides two options that are intended to address common threats to cardholder data and ensure that input to web applications from untrusted environments is inspected “top to bottom.” The details of how to meet this requirement will vary depending on the specific implementation supporting a particular application. Forensic analyses of cardholder data compromises have shown that web applications are frequently the initial point of attack upon cardholder data, through SQL injection in particular,” The PCI Security Standards Council stated." - TheTechHerald