PCI Archives

PCI Requirement 6.5.3 – Insecure Cryptographic Storage

by Randy Bartels / February 7, 2023

What is Insecure Cryptographic Storage? PCI Requirement 6.5 requires that your organization address common coding vulnerabilities in software development processes to ensure that applications are securely developed. One of the common coding vulnerabilities associated with secure application development is insecure cryptographic storage, which is outlined in PCI Requirement 6.5.3. PCI Requirement 6.5.3 requires that your organization does not have insecure cryptographic storage. Everything that we learned in PCI Requirement 3…

PCI Requirement 6.5.1 – Injection Flaws

by Randy Bartels / December 19, 2022

What are Injection Flaws? PCI Requirement 6.5 requires that your organization addresses common coding vulnerabilities in software-development processes to ensure that applications are securely developed. One of the common coding vulnerabilities associated with secure application development is injection flaws, which is outlined in PCI Requirement 6.5.1. PCI Requirement 6.5.1 requires that your organization’s applications are immune from injection flaws, especially SQL injection. Injection flaws are commonly used by malicious individuals…

PCI Requirement 6.5.2 – Buffer Overflow

by Randy Bartels / February 7, 2023

What is Buffer Overflow? PCI Requirement 6.5 requires that your organization address common coding vulnerabilities in software development processes to ensure that applications are securely developed. One of the common coding vulnerabilities associated with secure application development is buffer overflow attacks, which is outlined in PCI Requirement 6.5.2. Although it's a common coding vulnerability and widely understood, organizations still seem to struggle with how to protect themselves from buffer overflow…

PCI Requirement 6.5 – Address Common Coding Vulnerabilities in Software-Development Processes

by Randy Bartels / February 7, 2023

Addressing Common Coding Vulnerabilities PCI Requirement 6.5 is focused specifically on making sure that code is developed securely. PCI Requirement 6.5 requires that you address common coding vulnerabilities in software development processes by training developers on up-to-date secure coding techniques and developing applications based on secure coding guidelines. The application layer is high-risk and may be targeted by both internal and external threats. We discuss training over and over again…

PCI Requirement 6.4 – Follow Change Control Processes and Procedures for all Changes to System Components

by Randy Bartels / February 7, 2023

Follow Your Change Control Program Most, if not all, security programs require that you have some type of Change Control Program. At the start of our PCI Demystified journey, we discussed Change Control Programs. In PCI Requirement 6.4, this point is reiterated. PCI Requirement 6.4 states, “Follow change control processes and procedures for all changes to system components.” Your organization should have the appropriate methods to control any changes in…

Blog

PCI

PCI Requirement 6.5.3 – Insecure Cryptographic Storage

PCI Requirement 6.5.1 – Injection Flaws

PCI Requirement 6.5.2 – Buffer Overflow

PCI Requirement 6.5 – Address Common Coding Vulnerabilities in Software-Development Processes

PCI Requirement 6.4 – Follow Change Control Processes and Procedures for all Changes to System Components

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.