Fortra Managed WAF update helps with PCI DSS 4.0 compliance

Fortra has confirmed an update to its managed application firewall (WAF) solution.

The new update aims to reduce client-side risk and protect users from data-stealing attacks in the browser, as outlined in new requirements in PCI DSS 4.0.

Fortra Managed WAF

According to the company, Fortra Managed WAF now includes enhanced protection controls to eliminate reflected and inline cross-site scripting (XSS) attacks.

This security helps Fortra customers meet and exceed PCI DSS 4.0 XSS controls in requirements 6.4.3 and 11.6.1, protecting payment information from in-browser data-stealing attacks.

Fortra Managed WAF is said to be the only WAF solution that enforces the execution of active items in the browser – regardless of whether they are delivered via inline, first or third party scripts.

“A higher level of security”

“Most WAFs offer client-side protection inventory running scripts and only alert when a significant change to script behaviour is detected,” remarked Rob Pollard, Managing Director, Fortra’s Alert Logic.

“Fortra Managed WAF leverages modern browser security features to either alert or automatically block unauthorised or modified scripts from executing.

“This results in a higher level of security and data protection, giving organisations comprehensive control of their web supply chain attack surface.”