PCI Requirement 6.7 – Ensure Policies and Procedures for Developing and Maintaining Secure Systems and Applications Are Documented, in Use, and Known to all Affected Parties
by Randy Bartels / October 13th, 2017
Documentation Requirements PCI Requirement 6 pairs with PCI Requirement 5 to satisfy vulnerability management program expectations. PCI Requirement 6 states, “Develop and maintain secure…
PCI Requirement 6.6 – Address New Threats and Vulnerabilities on an Ongoing Basis for Public-Facing Web Applications
by Randy Bartels / October 13th, 2017
Address New Threats and Vulnerabilities for Web Applications PCI Requirement 6.6 states, “For public-facing web applications, address new threats and vulnerabilities on an ongoing…
PCI Requirement 6.5.9 – Cross-Site Request Forgery
by Randy Bartels / October 13th, 2017
What is Cross-Site Request Forgery? PCI Requirement 6.5.9 states that your organization’s applications are protected from cross-site request forgery (CSRF). PCI Requirement 6.5.9 applies…
PCI Requirement 6.5.8 – Improper Access Control
by Randy Bartels / October 13th, 2017
What is Improper Access Control? PCI Requirement 6.5.8 states that your organization’s applications are protected from improper access control, such as insecure direct object…
PCI Requirement 6.5.7 – Cross-Site Scripting (XSS)
by Randy Bartels / October 13th, 2017
What is Cross-Site Scripting? Cross-site scripting (XSS) is another type of common coding vulnerability associated with application development. PCI Requirement 6.5.7 requires that you…