"Today, June 30, marks the start of new revisions on the PCI DSS specs. Section 6.6 is now required, specifically companies
who deal with credit or debit cards online must use an application layer firewall or have a complete website audit code review
to remain PCI compliant.
With all the stolen and lost data in the news recently, the beef up of section 6.6 addresses one of the growing causes for PCI
compliance failure. “PCI DSS Requirement 6.6 provides two options that are intended to address common threats to cardholder
data and ensure that input to web applications from untrusted environments is inspected “top to bottom.” The details of
how to meet this requirement will vary depending on the specific implementation supporting a particular application. Forensic
analyses of cardholder data compromises have shown that web applications are frequently the initial point of attack upon
cardholder data, through SQL injection in particular,” The PCI Security Standards Council stated." – TheTechHerald
Article Link: http://www.thetechherald.com/article.php/200827/1354/Today-s-the-day-PCI-DSS-section-6-6-is-required
