Filed under: Port 80 News
Tags: pci compliance, serverdefender vp
Some of you had an issue with ServerDefender VP. We listened, and now it’s fixed!
We know that a lot of our customers– okay almost all of them– are using ServerDefender VP to help keep their websites and web applications PCI Compliant. However, in the last few months, we began to receive numerous support requests due to a single “medium” risk. The risk was unsecured SessionID cookie showing up on PCI Scans.
While this is not a glaring vulnerability, it does show up on PCI scan reports. In today’s security climate that is filled with breaches and data loss, we understand any risk item can be tough to explain to the C Levelwho want to see a clean sheet. So, we put our developers to work to secure this SessionID cookie when traffic is forwarded from HTTP to HTTPS.
A fix for this issue is now publicly available in the latest version of SDVP: 2.2.7. This latest version is available for download today.
While our main focus is releasing ServerDefender 3.0 later this quarter, we wanted to show our customers that we take their concerns seriously and are always willing to work hard to protect their assets.
The Future of ServerDefender VP
Hopefully this update helps make your job of managing PCI compliance a little easier. But also hope this post piques your interest in Server Defender 3.0. There are much bigger changes ahead in that major version update. We’re excited about sharing news on those updates. Sign up now to get the latest details as they become available.No Comments »