PCI Requirement 6.5.8 – Improper Access Control
What is Improper Access Control? PCI Requirement 6.5.8 states that your organization’s applications are protected from improper access control, such as insecure direct object references, failure to restrict URL access, directory traversal, and failure to restrict user access to functions. PCI Requirement 6.5.8 applies to all of your organization’s web applications, internal application interfaces, and external application interfaces. Web applications, the PCI DSS states, have unique security risks as well…