Blog

PCI Requirement 6.5.4 – Insecure Communications

by Randy Bartels / February 7, 2023

What are Insecure Communications? PCI Requirement 6.5.4 requires that you protect your applications from insecure communications. To understand PCI Requirement 6.5.4, let’s look back at PCI Requirement 4. PCI Requirement 4 and its sub-requirements outline how to use strong cryptography and security protocols to protect cardholder data, which is what PCI Requirement 6.5.4 calls for. The PCI DSS states, “Applications that fail to adequately encrypt network traffic using strong cryptography…

PCI Requirement 6.5.3 – Insecure Cryptographic Storage

by Randy Bartels / February 7, 2023

What is Insecure Cryptographic Storage? PCI Requirement 6.5 requires that your organization address common coding vulnerabilities in software development processes to ensure that applications are securely developed. One of the common coding vulnerabilities associated with secure application development is insecure cryptographic storage, which is outlined in PCI Requirement 6.5.3. PCI Requirement 6.5.3 requires that your organization does not have insecure cryptographic storage. Everything that we learned in PCI Requirement 3…

PCI Requirement 6.5.1 – Injection Flaws

by Randy Bartels / December 19, 2022

What are Injection Flaws? PCI Requirement 6.5 requires that your organization addresses common coding vulnerabilities in software-development processes to ensure that applications are securely developed. One of the common coding vulnerabilities associated with secure application development is injection flaws, which is outlined in PCI Requirement 6.5.1. PCI Requirement 6.5.1 requires that your organization’s applications are immune from injection flaws, especially SQL injection. Injection flaws are commonly used by malicious individuals…

PCI Requirement 6.5.2 – Buffer Overflow

by Randy Bartels / February 7, 2023

What is Buffer Overflow? PCI Requirement 6.5 requires that your organization address common coding vulnerabilities in software development processes to ensure that applications are securely developed. One of the common coding vulnerabilities associated with secure application development is buffer overflow attacks, which is outlined in PCI Requirement 6.5.2. Although it's a common coding vulnerability and widely understood, organizations still seem to struggle with how to protect themselves from buffer overflow…

PCI Requirement 6.5 – Address Common Coding Vulnerabilities in Software-Development Processes

by Randy Bartels / February 7, 2023

Addressing Common Coding Vulnerabilities PCI Requirement 6.5 is focused specifically on making sure that code is developed securely. PCI Requirement 6.5 requires that you address common coding vulnerabilities in software development processes by training developers on up-to-date secure coding techniques and developing applications based on secure coding guidelines. The application layer is high-risk and may be targeted by both internal and external threats. We discuss training over and over again…

PCI Requirement 6.5.4 – Insecure Communications

PCI Requirement 6.5.3 – Insecure Cryptographic Storage

PCI Requirement 6.5.1 – Injection Flaws

PCI Requirement 6.5.2 – Buffer Overflow

PCI Requirement 6.5 – Address Common Coding Vulnerabilities in Software-Development Processes

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.