|
[PA-DSS] 5.2.8 Insecure cryptographic storage (prevent cryptographic flaws)
|
|
0
|
1832
|
March 18, 2007
|
|
[PA-DSS] 5.3.2 Management sign-off by appropriate parties
|
|
0
|
1359
|
March 18, 2007
|
|
[PA-DSS] 9.1 The payment application must be developed such that the database server and web server
|
|
0
|
10297
|
March 18, 2007
|
|
[PA-DSS] 5.2.6 Information leakage and improper error handling (do not leak information via error me
|
|
0
|
2419
|
March 18, 2007
|
|
[PA-DSS] 5.2.5 Cross-site request forgery (CSRF) (do not rely on authorization credentials and token
|
|
0
|
1959
|
March 18, 2007
|
|
[PA-DSS] 5.2.3 Malicious file execution (validate input to verify application does not accept filena
|
|
0
|
2045
|
March 18, 2007
|
|
[PA-DSS] 5.2.2 Injection flaws, particularly SQL injection (validate input to verify user data canno
|
|
0
|
2590
|
March 18, 2007
|
|
[PA-DSS] 5.2.1 Cross-site scripting (XSS) (validate all parameters before inclusion).
|
|
0
|
2105
|
March 18, 2007
|
|
[PA-DSS] 5.2 Develop all web payment applications (internal and external, and including web administ
|
|
0
|
10586
|
March 18, 2007
|
|
[PA-DSS] 5.1.7 Review of payment application code prior to release to customers after any significan
|
|
0
|
2368
|
March 18, 2007
|
|
[PA-DSS] 5.1.6 Removal of custom payment application accounts, usernames, and passwords before payme
|
|
0
|
2272
|
March 18, 2007
|
|
[PA-DSS] 5.1.5 Removal of test data and accounts before production systems become active.
|
|
0
|
2273
|
March 18, 2007
|
|
[PA-DSS] 5.1.4 Live PANs are not used for testing or development
|
|
0
|
2561
|
March 18, 2007
|
|
[PA-DSS] 5.1.3 Separation of duties between development/test, and production environments
|
|
0
|
3051
|
March 18, 2007
|
|
[PA-DSS] 5.1.2 Separate development/test, and production environments
|
|
0
|
2645
|
March 18, 2007
|
|
[PA-DSS] 5.1.1.5 Validation of proper role-based access control (RBAC)
|
|
0
|
2361
|
March 18, 2007
|
|
[PA-DSS] 5.1.1.4 Validation of secure communications
|
|
0
|
2220
|
March 18, 2007
|
|
[PA-DSS] 5.1.1.3 Validation of secure cryptographic storage
|
|
0
|
2501
|
March 18, 2007
|
|
[PA-DSS] 5.1.1.2 Validation of proper error handling
|
|
0
|
2382
|
March 18, 2007
|
|
[PA-DSS] 5.1.1.1 Validation of all input (to prevent cross-site scripting, injection flaws, maliciou
|
|
0
|
2324
|
March 18, 2007
|
|
[PA-DSS] 5.1.1 Testing of all security patches and system and software configuration changes before
|
|
0
|
2278
|
March 18, 2007
|
|
[PA-DSS] 5.1 Develop all payment applications based on industry best practices and incorporate infor
|
|
0
|
2304
|
March 18, 2007
|
|
[PA-DSS] 4.2 Payment application must implement an automated audit trail to track and monitor access
|
|
0
|
10091
|
March 18, 2007
|
|
[PA-DSS] 4.1 At the completion of the installation process, the "out of the box" default installatio
|
|
0
|
1888
|
March 18, 2007
|
|
[PA-DSS] 3.2 Access to PCs, servers, and databases with payment applications must require a unique u
|
|
0
|
2812
|
March 18, 2007
|
|
[PA-DSS] 3.1 The "out of the box" installation of the payment application in place at the completio
|
|
0
|
2633
|
March 18, 2007
|
|
[PA-DSS] 2.7 Securely delete any cryptographic key material or cryptogram stored by previous version
|
|
0
|
4018
|
March 18, 2007
|
|
[PA-DSS] 2.6 Payment application must implement key management processes and procedures for keys us
|
|
0
|
2605
|
March 18, 2007
|
|
[PA-DSS] 2.3 Render PAN, at a minimum, unreadable anywhere it is stored, (including data on portabl
|
|
0
|
3425
|
March 18, 2007
|
|
[PA-DSS] 2.2 Mask PAN when displayed (the first six and last four digits are the maximum number of
|
|
0
|
2996
|
March 18, 2007
|