Web applications and the elements surrounding them have not only become a key part of every company’s core business infrastructure but also provide a high profile target for malicious activity. This malicious activity ranges from simple defacement attacks, denial of service attacks to more damaging data harvesting resulting in damage to customer confidence and loyalty, brand reputation and corporate credibility. In response to major security breaches, information, identity and data theft and for the need for an environment in which consumers can engage in secure e-commerce the major five credit card companies (Visa, MasterCard, American Express, Discover and JCB) aligned their individual policies and released the Payment Card Industry Data Security Standard (PCI DSS). The standard’s intention is to create an additional level of protection for card issuers by ensuring that merchants meet minimum levels of security when they store, process and transmit cardholder data.