MINNEAPOLIS — July 29, 2024— Fortra today announced a significant update to its managed web application firewall (WAF) solution that aims to reduce client-side risk and protect users from data-stealing attacks in the browser, as outlined in new requirements in PCI DSS 4.0.
Fortra Managed WAF now includes enhanced client-side protection controls to eliminate reflected and inline cross-site scripting (XSS) attacks. This additional security helps Fortra customers meet and exceed PCI DSS 4.0 XSS controls in requirements 6.4.3 and 11.6.1, protecting users’ payment information from in-browser data-stealing attacks like Magecart.
A WAF is an essential element of a security strategy for any organization with a web presence and APIs. Fortra solves the most significant challenge of optimizing the protection provided by a WAF through its managed services for SMEs to Fortune 500 customers.
Fortra Managed WAF is the only WAF solution that enforces the execution of active items in the browser, regardless of whether they are delivered via inline, first, or third-party scripts. With this release, it closes a gap that still is prevalent in competitors’ WAFs where they are unable to comprehensively address inline script integrity enforcement, a delivery mechanism used by most websites.
“Most WAFs offer client-side protection inventory running scripts and only alert when a significant change to script behavior is detected,” said Rob Pollard, Managing Director, Fortra’s Alert Logic. “Fortra Managed WAF leverages modern browser security features to either alert or automatically block unauthorized or modified scripts from executing. This results in a higher level of security and data protection, giving organizations comprehensive control of their web supply chain attack surface.”
Learn more about the enhancements to Fortra Managed WAF by scheduling a demo.
Additional Resouces on Fortra Managed WAF:
Client-Side Risks Under PCI DSS 4.0: What You Need to Know
PCI DSS 4.0: Understanding the Expanded Role of Web Application Firewalls
Why Protect APIs? Best Practices to Secure API Endpoints
Understanding PCI ASV: A Crucial Component in Securing Payment Card Data