business people walking

PCI Requirement 6.5.1 – 6.5.6 Recap

by Randy Bartels / February 7, 2023

Where Do PCI Requirements 6.5.1 - 6.5.6 Apply? We’ve looked at PCI Requirement 6.5.1 through 6.5.6 together and learned about protection from injection flaws, buffer overflows, insecure cryptographic storage, insecure communications, improper error handling, and “high risk” vulnerabilities. But, where does PCI Requirement 6.5.1 through 6.5.6 apply? It’s important to know that PCI Requirements 6.5.1 through 6.5.6 apply to all internal and external applications. PCI Requirements 6.5.1 - 6.5.6 Recap…

PCI Requirement 6.5.5 – Improper Error Handling

by Randy Bartels / February 7, 2023

What is Improper Error Handling? Improper error handling is one of the common coding vulnerabilities outlined in PCI Requirement 6.5. PCI Requirement 6.5.5 states that improper error handling must be addressed in your coding techniques. PCI Requirement 6.5.5 alerts organizations that improper error handling introduces many security issues to your website because it can unintentionally leak information to an end-user or malicious individual. For example, a 500 Internal Sever Error…

PCI Requirement 6.5.6 – All “High Risk” Vulnerabilities

by Randy Bartels / February 7, 2023

What are “High Risk” Vulnerabilities? PCI Requirement 6.1 taught us how to establish a process for identifying security vulnerabilities. The PCI DSS explained that risk ranking allows organizations to identify, prioritize, and address the highest risk items and reduce the likelihood that vulnerabilities will be exploited. Risk ranking is a vital element of PCI Requirement 6.5.6, which states that organizations must have a process in place to determine how to…

PCI Requirement 6.5.4 – Insecure Communications

by Randy Bartels / February 7, 2023

What are Insecure Communications? PCI Requirement 6.5.4 requires that you protect your applications from insecure communications. To understand PCI Requirement 6.5.4, let’s look back at PCI Requirement 4. PCI Requirement 4 and its sub-requirements outline how to use strong cryptography and security protocols to protect cardholder data, which is what PCI Requirement 6.5.4 calls for. The PCI DSS states, “Applications that fail to adequately encrypt network traffic using strong cryptography…

PCI Requirement 6.5.3 – Insecure Cryptographic Storage

by Randy Bartels / February 7, 2023

What is Insecure Cryptographic Storage? PCI Requirement 6.5 requires that your organization address common coding vulnerabilities in software development processes to ensure that applications are securely developed. One of the common coding vulnerabilities associated with secure application development is insecure cryptographic storage, which is outlined in PCI Requirement 6.5.3. PCI Requirement 6.5.3 requires that your organization does not have insecure cryptographic storage. Everything that we learned in PCI Requirement 3…