Client-Side Protection
Safeguards against client-side attacks and streamlines regulatory compliance with PCI DSS 4.0.
Imperva named a security leader in the SecureIQLab Report
Imperva was named a security leader and achieved a perfect SecureIQLab WAAP Vulnerability Assessment score, earning a “Secure-by-Design” rating.
Complete web application and API protection to cover your compliance needs
Addresses the new client-side requirements
![Addresses the new client side requirements]()
Learn more about Client-Side Protection
![Addresses the new client side requirements]()
Imperva Client-Side Protection streamlines compliance requirements 6.4.3 and 11.6.1 through a dedicated dashboard that clearly explains each requirement and identifies related action items. It validates content security policy headers, offers weekly summaries for payment page changes, and helps you stay audit-ready while monitoring compliance-affecting changes easily.
Safeguards web applications
![Safeguards web applications]()
Learn more about WAF
![Safeguards web applications]()
Imperva Web Application Firewall offers industry-leading website protection with PCI-compliant, automated security that integrates advanced analytics. It goes beyond OWASP Top 10 coverage and mitigates risks from third-party code. Imperva Web Application Firewall secures active and legacy applications, third-party applications, APIs, microservices, cloud applications, containers, VMs, and more.
Inventories, classifies, and secures APIs
![Inventories classifies and secures APIs 1]()
Learn more about API Security
![Inventories classifies and secures APIs 1]()
Imperva API Security addresses requirements 6.2.2 and 6.3.2 by providing continuous protection through deep discovery and classification of all APIs, including public, private, and shadow APIs. It eliminates data leakage, prevents API abuse, and protects against business logic attacks and OWASP API Top Ten threats, ensuring robust compliance with PCI DSS standards.
Secures applications from within
![Secures applications from within]()
Learn more about RASP
![Secures applications from within]()
Incorporating Runtime Protection is a best practice (6.4.1) for enhancing application security. While WAFs monitor the application perimeter, RASP solutions detect and block anomalous behavior within the software during execution for complete protection from within. Imperva RASP uses Language Theoretic Security (LANGSEC) to neutralize known and zero-day attacks, ensuring your applications are secure by default.
×
Made to address the latest client-side security requirements
Provides comprehensive inventorying, authorization, dynamic integrity verification, and real-time monitoring, helping streamline regulatory compliance with the new client-side security requirements introduced in PCI DSS 4.0.
Demonstrate continuous compliance
Streamline compliance with PCI DSS 4.0 through comprehensive inventorying, authorization, dynamic integrity verification, and real-time monitoring.
Protect customer data
Mitigate the risk of client-side data breaches, which could result in your customers’ most sensitive data falling into the hands of bad actors.
Empower security teams
Security teams gain complete visibility and control with continuous monitoring and discovery, actionable insights, and one-click enforcement.
Compliance made easy with Imperva web application and API protection
The Imperva Application Security Platform stops the most advanced attacks with the highest efficacy while minimizing false positives. We stay ahead of the evolving threat landscape, integrating the latest security, privacy, and compliance expertise into our solutions.
Web Application Firewall
Best-in-class, PCI-certified WAF offering stops web application attacks with near-zero false positives.
API Security
Provides continuous protection of all APIs using deep discovery and classification of sensitive data.
Runtime Protection
Detects and neutralizes known and zero-day attacks, ensuring applications are secure by default.
Imperva helps us to gain even more visibility as well as control over attacks which have been raised—yet incidents have yet to jeopardize the information of the institution or any member of the community.
Omar Mercado Manager of IT Services, Universidad La Salle Full customer story
FAQs
-
If we integrate a third-party payment processor, do we still need to comply with the new client-side protection requirements (6.4.3 & 11.6.1)?
Yes. Even if you use a third-party payment processor on your payment page, malicious actors could still compromise your website’s code, leaving you vulnerable to Magecart attacks and resulting in noncompliance. PCI DSS issued a clarification about this in version 4.0.1.
-
We embed our third-party payment processor using an iframe. Do we need to comply with the new client-side protection requirements (6.4.3 & 11.6.1)?
Yes. You are still vulnerable to Magecart attacks. Attackers can exploit vulnerabilities in the payment page infrastructure, allowing them to exfiltrate payment data with malicious scripts even if that data is entered inside an iframe. PCI DSS issued a clarification about this in version 4.0.1.
-
Will using the Imperva Application Security Platform make my organization PCI-compliant?
While Imperva and its entire infrastructure are PCI-compliant, you still need to pass an audit Our cybersecurity solutions are designed to help organizations meet the complex requirements of PCI DSS 4.0.
-
How does Imperva address client-side security requirements in PCI DSS 4.0?
Imperva’s Client-Side Protection solution offers comprehensive visibility and control over all client-side scripts and resources, helping you comply with PCI DSS 4.0 requirements 6.4.3 and 11.6.1. Our solution includes real-time monitoring, actionable insights, and automated enforcement to protect against client-side attacks like Magecart.
See how we can help you secure your applications and APIs
Additional Resources
From our blog
Imperva Offers New Features to Simplify PCI DSS Compliance
![]()
Oct 31, 2024 4 min read
