Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

12/11/2007
08:00 AM
50%
50%

MarketLive Deploys Imperva

MarketLive gets PCI certification with Imperva

FOSTER CITY, Calif. -- ImpervaR, the leader in application data security and compliance, today announced that MarketLive, the leading global e-commerce solution for retailers, has achieved the highest-level Payment Card Industry (PCI) Data Security Standard (DSS) compliance using the SecureSphereR Web Application Firewall (WAF). With the help of Imperva, MarketLive's e-commerce platform, which powers some of the world's most successful retail web sites including Frontgate, Gump's, Norm Thompson, Stride Rite, Sur La Table, and Sundance Catalog, now meets the new PCI DSS 1.1 requirement for protecting cardholder data with application-layer security.

"With the help of Imperva's Web Application Firewall, MarketLive has achieved PCI certification as a Level 2 Payment Card Industry service provider today," said Barak Engel, chief security officer for MarketLive. "As a result, our clients won't have to scramble to meet the June 2008 PCI 6.6 compliance deadline. We have taken care of this for them."

SecureSphere Eliminates Constant Code Reviews

As a provider of e-commerce platforms for retail web sites that process credit card data, MarketLive had two options with respect to PCI compliance:

  • Build PCI controls on a case by case basis, which would require performing a mini audit for each customer

    or

  • Achieve PCI DSS compliance for the MarketLive platform, which entails putting MarketLive inside the PCI reporting chain

MarketLive elected to become PCI compliant. Upon reviewing the requirements of PCI DSS v1.1, MarketLive decided to augment a code review with a Web Application Firewall to improve security and reduce its compliance burden.

"For PCI Section 6.6, we realized it made no sense to rely on code reviews alone. The idea of doing a code review both on an annual basis and a per release basis was not appealing due to the time, effort, and frequency of software version updating and enhancement involved," said Barak Engel.

Imperva Inc.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26077
PUBLISHED: 2021-05-10
Broken Authentication in Atlassian Connect Spring Boot (ACSB) in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring...
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.