01-14-2011 11:07 AM - edited 03-10-2019 05:14 AM
Is it possible to configure the IPS module to meet PCI DSS requirements for sections 6.5 and 6.6, along with the top 10 OWASP?
01-15-2011 07:35 PM
Hello Jonathan,
I am not a PCI expert. So I don't know how literal these requirements are to be taken. If they are to be taken word-for-word, the IPS cannot ensure that applications are developed based on secure coding guidelines. It cannot prevent common coding vulnerabilities. (6.5) The IPS is also not a "firewall," even though it can drop traffic. (6.6)
With the above stated, the IPS can protect against exploitation of many different vulnerabilities, should they exist in your code. You can review the signatures available for particular exploits/vulnerabilities in the IPS GUI (IDM or IME), or at http://www.cisco.com/security
Please let me know if I can help you with anything further within the context of this thread. If your question has been Answered, please mark the thread as such so that it will be helpful to other users. Also, please feel free to Rate this thread to reflect your experience.
Thank you,
Blayne Dreier
Cisco TAC Escalation Team
**Please check out our Podcasts**
TAC Security Show: http://www.cisco.com/go/tacsecuritypodcast
TAC IPS Media Series: https://supportforums.cisco.com/community/netpro/security/intrusion-prevention?view=tags&tags=tac_ips_media_series
PCI
6.5 Develop applications based on secure coding guidelines. Prevent common coding vulnerabilities in software development processes, to include the following:
6.5.1 Injection flaws, particularly SQL injection. Also consider OS Command Injection, LDAP and XPath injection flaws as well as other injection flaws.
6.5.2 Buffer overflow
6.5.3 Insecure cryptographic storage
6.5.4 Insecure communications
6.5.5 Improper error handling
6.5.6 All “High” vulnerabilities identified in the vulnerability identification process (as defined in PCI DSS Requirement 6.2).
6.5.7 Cross-site scripting (XSS)
6.5.8 Improper Access Control (such as insecure direct object references, failure to restrict URL access, and directory traversal)
6.5.9 Cross-site request forgery (CSRF)
6.6 For public-facing web applications, address new threats and vulnerabilities on an ongoing basis and ensure these applications are protected against known attacks by either of the following methods:
Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods, at least annually and after any changes
Installing a web-application firewall in front of public-facing web applications
The OWASP Top 10 Web Application Security Risks for 2010 are:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide