Cheat Sheet: Virtual Web Application Patching

IMG_0794-smallDo you operate public-facing web applications in your card data environment? Here’s a pointer to a great source of information from the Open Web Application Security Project (OWASP) on the subject of virtual patching.

What is virtual patching? Within the context of web vulnerabilities, this refers to the practice of applying a defensive layer to intercept potentially malicious traffic destined for your web applications. Of course, the very best defence against these attacks is to write secure code to begin with, however there are a number of circumstances in which this isn’t achievable.

For example, where you’re running a 3rd party web application, or if you simply don’t have the resources available to make the code changes.

Highly recommended reading for all developers and development managers.

Read it here.

Leave a Reply