Has anyone worked with PCI DSS v4.0 and WAF solutions?

Hello community,

I work for a small professional services company.

PCI DSS version 4.0 requirement 6.4 calls out security controls for customer-facing apps. This would be a WAF to cover OWASP Top10 + Bots + API Security + automated attacks, etc. The top cloud WAFs are Imperva, Akamai, Cloudflare, and Fastly. I am curious to find out if anyone's gone through this from a PCI DSS perspective. Thank you.

Resumes ZenithSGP

consult at Zenith Strategic Global Partners

Buyer's Guide

Web Application Firewall (WAF)

February 2025

Get the category report

Helped 838,713 peers since 2012

There are no answers yet

Buyer's Guide

Web Application Firewall (WAF)

February 2025

Download Free Report

Find out what your peers are saying about Amazon Web Services (AWS), F5, Microsoft and others in Web Application Firewall (WAF). Updated: February 2025.

DOWNLOAD NOW

838,713 professionals have used our research since 2012.

Discover and compare trending products

Web Application Firewall (WAF)

WAFs safeguard web applications by filtering and monitoring HTTP traffic between a web application and the internet. A primary defense mechanism, they protect against attacks such as cross-site forgery, cross-site-scripting (XSS), and SQL injection.Designed to protect web applications from a wide range of threats, a WAF acts as a barrier, preventing unauthorized access and malicious traffic. Users find that effective WAF solutions offer a balance between security and performance without...

Download Web Application Firewall (WAF) Report Read more