PCI DSS FAQ - Payment Card Industry (PCI) Data Security Standard Discussion Forum
>
PA-DSS - Payment Application Data Security Standards
[PA-DSS] 5. Develop secure payment applications
User Name
Remember Me?
Password
Register
FAQ
Calendar
Search
Today's Posts
Mark Forums Read
[PA-DSS] 5. Develop secure payment applications
Develop secure payment applications
Page 1 of 2
1
2
>
Threads in Forum
: [PA-DSS] 5. Develop secure payment applications
Forum Tools
Search this Forum
Rating
Thread
/
Thread Starter
Last Post
Replies
Views
[PA-DSS] 5.1 Develop all payment applications based on industry best practices and incorporate information security throughout the software development life cycle
admin
03-18-2007
02:46 AM
by
admin
0
423
[PA-DSS] 5.1.1 Testing of all security patches and system and software configuration changes before deployment, including but not limited to testing for the following.
admin
03-18-2007
02:46 AM
by
admin
0
421
[PA-DSS] 5.1.1.1 Validation of all input (to prevent cross-site scripting, injection flaws, malicious file execution, etc.)
admin
03-18-2007
02:47 AM
by
admin
0
436
[PA-DSS] 5.1.1.2 Validation of proper error handling
admin
03-18-2007
02:47 AM
by
admin
0
485
[PA-DSS] 5.1.1.3 Validation of secure cryptographic storage
admin
03-18-2007
02:47 AM
by
admin
0
562
[PA-DSS] 5.1.1.4 Validation of secure communications
admin
03-18-2007
02:48 AM
by
admin
0
436
[PA-DSS] 5.1.1.5 Validation of proper role-based access control (RBAC)
admin
03-18-2007
02:48 AM
by
admin
0
475
[PA-DSS] 5.1.2 Separate development/test, and production environments
admin
03-18-2007
02:48 AM
by
admin
0
480
[PA-DSS] 5.1.3 Separation of duties between development/test, and production environments
admin
03-18-2007
02:49 AM
by
admin
0
557
[PA-DSS] 5.1.4 Live PANs are not used for testing or development
admin
03-18-2007
02:49 AM
by
admin
0
472
[PA-DSS] 5.1.5 Removal of test data and accounts before production systems become active.
admin
03-18-2007
02:49 AM
by
admin
0
396
[PA-DSS] 5.1.6 Removal of custom payment application accounts, usernames, and passwords before payment applications are released to customers.
admin
03-18-2007
02:50 AM
by
admin
0
408
[PA-DSS] 5.1.7 Review of payment application code prior to release to customers after any significant change, to identify any potential coding vulnerability.
admin
03-18-2007
02:50 AM
by
admin
0
398
[PA-DSS] 5.2 Develop all web payment applications (internal and external, and including web administrative access to product) based on secure coding guidelines such as the Open Web Application Security Project Guide. Cover prevention of common coding vulnerabilities in software development processes, to include
admin
03-18-2007
02:50 AM
by
admin
0
465
[PA-DSS] 5.2.1 Cross-site scripting (XSS) (validate all parameters before inclusion).
admin
03-18-2007
02:51 AM
by
admin
0
397
[PA-DSS] 5.2.2 Injection flaws, particularly SQL injection (validate input to verify user data cannot modify meaning of commands and queries). Also consider LDAP and Xpath injection flaws, as well as other injection flaws.
admin
03-18-2007
02:51 AM
by
admin
0
411
[PA-DSS] 5.2.3 Malicious file execution (validate input to verify application does not accept filenames or files from users)
admin
03-18-2007
02:51 AM
by
admin
0
409
[PA-DSS] 5.2.4 Insecure direct object references (do not expose internal object references to users).
admin
06-30-2010
03:49 PM
by
alencooper
1
533
[PA-DSS] 5.2.5 Cross-site request forgery (CSRF) (do not rely on authorization credentials and tokens automatically submitted by browsers).
admin
03-18-2007
02:52 AM
by
admin
0
375
[PA-DSS] 5.2.6 Information leakage and improper error handling (do not leak information via error messages or other means)
admin
03-18-2007
02:52 AM
by
admin
0
430
Page 1 of 2
1
2
>
Display Options
Showing threads 1 to 20 of 30
Sorted By
Thread Title
Last Post Time
Thread Start Time
Number of Replies
Number of Views
Thread Starter
Thread Rating
Sort Order
Ascending
Descending
From The
Last Day
Last 2 Days
Last Week
Last 10 Days
Last 2 Weeks
Last Month
Last 45 Days
Last 2 Months
Last 75 Days
Last 100 Days
Last Year
Beginning
Forum Tools
Search this Forum
Mark This Forum Read
View Parent Forum
Search this Forum
:
Advanced Search
New posts
Hot thread with new posts
No new posts
Hot thread with no new posts
Thread is closed
Posting Rules
You
may not
post new threads
You
may not
post replies
You
may not
post attachments
You
may not
edit your posts
BB code
is
On
Smilies
are
On
[IMG]
code is
On
HTML code is
Off
Forum Rules
All times are GMT -4. The time now is
04:11 AM
.
Contact Us
-
PCI DSS FAQ - Payment Card Industry (PCI) Data Security Standard Discussion Forum
-
Archive
-
Top
All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest ©1997 - 2010 by PCIDSSFAQ.ORG, except where noted otherwise.
Powered by vBulletin, Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
PCI-DSS Forum
|
PA-DSS Forum
