[PCI-DSS] Requirement 6: Develop and maintain secure systems and applications - PCI DSS FAQ - Payment Card Industry (PCI) Data Security Standard Discussion Forum

		PCI DSS FAQ - Payment Card Industry (PCI) Data Security Standard Discussion Forum > Payment Card Industry Data Security Standard Frequently Asked Questions (PCI DSS FAQ) > Maintain a Vulnerability Management Program
[PCI-DSS] Requirement 6: Develop and maintain secure systems and applications

[PCI-DSS] Requirement 6: Develop and maintain secure systems and applications Unscrupulous individuals use security vulnerabilities to gain privileged access to systems. Many of these vulnerabilities are fixed by vendor-provided security patches. All systems must have the most recently released, appropriate software patches to protect against exploitation by employees, external hackers, and viruses. Note: Appropriate software patches are those patches that have been evaluated and tested sufficiently to determine that the patches do not conflict with existing security configurations. For in-house developed applications, numerous vulnerabilities can be avoided by using standard system development processes and secure coding techniques.

Page 1 of 2

Threads in Forum : [PCI-DSS] Requirement 6: Develop and maintain secure systems and applications

Forum Tools

Search this Forum

Rating Thread / Thread Starter	Last Post	Replies	Views
6.3.6 Removal of custom application accounts, usernames, and passwords before applications become active or are released to customers admin	03-18-2007 03:04 AM by admin	0	707
6.3.7 Review of custom code prior to release to production or customers in order to identify any potential coding vulnerability. admin	03-18-2007 03:04 AM by admin	0	630
6.4 Follow change control procedures for all system and software configuration changes. The procedures must include the following: admin	03-18-2007 03:04 AM by admin	0	782
6.4.1 Documentation of impact admin	03-18-2007 03:05 AM by admin	0	647
6.4.2 Management sign-off by appropriate parties admin	03-18-2007 03:05 AM by admin	0	561
6.4.3 Testing of operational functionality admin	03-18-2007 03:05 AM by admin	0	569
6.4.4 Back-out procedures admin	03-18-2007 03:06 AM by admin	0	609
6.5 Develop all web applications based on secure coding guidelines. such as the Open Web Application Security Project Guidelines. Review custom application code to identify coding vulnerabilities. Cover prevention of common coding vulnerabilities in software development processes, to include the following: admin	03-18-2007 03:06 AM by admin	0	849
6.5.1 Unvalidated input admin	03-18-2007 03:06 AM by admin	0	543
6.5.10 Insecure configuration management admin	03-18-2007 03:09 AM by admin	0	658
6.5.2 Broken access control (for example, malicious use of user IDs) admin	03-18-2007 03:07 AM by admin	0	746
6.5.3 Broken authentication and session management (use of account credentials and session cookies) admin	03-18-2007 03:07 AM by admin	0	791
6.5.4 Cross-site scripting (XSS) attacks admin	03-18-2007 03:07 AM by admin	0	570
6.5.5 Buffer overflows admin	03-18-2007 03:08 AM by admin	0	480
6.5.6 Injection flaws (for example, structured query language (SQL) injection) admin	03-18-2007 03:08 AM by admin	0	488
6.5.7 Improper error handling admin	06-14-2009 01:25 AM by LJKSoftware	2	698
6.5.8 Insecure storage admin	03-18-2007 03:09 AM by admin	0	503
6.5.9 Denial of service admin	03-18-2007 03:09 AM by admin	0	466
6.6 Ensure that all web-facing applications are protected against known attacks by either of the following methods: * Having all custom application code reviewed for common vulnerabilities by an organization that specializes in application security * Installing an application-layer firewall in front of web-facing applications Note: This method is considered a best practice until June 30, 2008, after which it becomes a requirement. admin	09-04-2008 10:56 AM by FKCISSP	3	1,664
[PCI-DSS] 6.1 Ensure that all system components and software have the latest vendor-supplied security patches installed. Install critical security patches within one month of release. admin	07-09-2010 12:03 PM by Roger Nebel	5	1,071

Page 1 of 2

Forum Tools	Search this Forum
Mark This Forum Read View Parent Forum	Search this Forum : Advanced Search

	New posts		Hot thread with new posts
	No new posts		Hot thread with no new posts
	Thread is closed

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is On HTML code is Off Forum Rules

All times are GMT -4. The time now is 06:59 PM.