|
About the [PA-DSS] 5. Develop secure payment applications category
|
|
0
|
29
|
January 23, 2023
|
|
[PA-DSS] 5.2.4 Insecure direct object references (do not expose internal object references to users)
|
|
1
|
2910
|
June 30, 2010
|
|
[PA-DSS] 5.2.8 Insecure cryptographic storage (prevent cryptographic flaws)
|
|
0
|
1814
|
March 18, 2007
|
|
[PA-DSS] 5.3.2 Management sign-off by appropriate parties
|
|
0
|
1331
|
March 18, 2007
|
|
[PA-DSS] 5.3 Software vendor must follow change control procedures for all product software configur
|
|
0
|
1480
|
March 18, 2007
|
|
[PA-DSS] 5.2.10 Failure to restrict URL access (consistently enforce access control in presentation
|
|
0
|
1543
|
March 18, 2007
|
|
[PA-DSS] 5.2.9 Insecure communications (properly encrypt all authenticated and sensitive communicat
|
|
0
|
1555
|
March 18, 2007
|
|
[PA-DSS] 5.2.7 Broken authentication and session management (properly authenticate users and protect
|
|
0
|
2939
|
March 18, 2007
|
|
[PA-DSS] 5.3.3 Testing of operational functionality
|
|
0
|
1317
|
March 18, 2007
|
|
[PA-DSS] 5.4 The payment application must not use or require use of unnecessary and insecure servic
|
|
0
|
1733
|
March 18, 2007
|
|
[PA-DSS] 5.3.4 Back-out or product de-installation procedures
|
|
0
|
1468
|
March 18, 2007
|
|
[PA-DSS] 5.3.1 Documentation of impact
|
|
0
|
1654
|
March 18, 2007
|
|
[PA-DSS] 5.2.6 Information leakage and improper error handling (do not leak information via error me
|
|
0
|
2397
|
March 18, 2007
|
|
[PA-DSS] 5.2.5 Cross-site request forgery (CSRF) (do not rely on authorization credentials and token
|
|
0
|
1927
|
March 18, 2007
|
|
[PA-DSS] 5.2.3 Malicious file execution (validate input to verify application does not accept filena
|
|
0
|
2027
|
March 18, 2007
|
|
[PA-DSS] 5.2.2 Injection flaws, particularly SQL injection (validate input to verify user data canno
|
|
0
|
2575
|
March 18, 2007
|
|
[PA-DSS] 5.2.1 Cross-site scripting (XSS) (validate all parameters before inclusion).
|
|
0
|
2071
|
March 18, 2007
|
|
[PA-DSS] 5.2 Develop all web payment applications (internal and external, and including web administ
|
|
0
|
10565
|
March 18, 2007
|
|
[PA-DSS] 5.1.7 Review of payment application code prior to release to customers after any significan
|
|
0
|
2349
|
March 18, 2007
|
|
[PA-DSS] 5.1.6 Removal of custom payment application accounts, usernames, and passwords before payme
|
|
0
|
2249
|
March 18, 2007
|
|
[PA-DSS] 5.1.5 Removal of test data and accounts before production systems become active.
|
|
0
|
2245
|
March 18, 2007
|
|
[PA-DSS] 5.1.4 Live PANs are not used for testing or development
|
|
0
|
2536
|
March 18, 2007
|
|
[PA-DSS] 5.1.3 Separation of duties between development/test, and production environments
|
|
0
|
3030
|
March 18, 2007
|
|
[PA-DSS] 5.1.2 Separate development/test, and production environments
|
|
0
|
2626
|
March 18, 2007
|
|
[PA-DSS] 5.1.1.5 Validation of proper role-based access control (RBAC)
|
|
0
|
2338
|
March 18, 2007
|
|
[PA-DSS] 5.1.1.4 Validation of secure communications
|
|
0
|
2200
|
March 18, 2007
|
|
[PA-DSS] 5.1.1.3 Validation of secure cryptographic storage
|
|
0
|
2472
|
March 18, 2007
|
|
[PA-DSS] 5.1.1.2 Validation of proper error handling
|
|
0
|
2359
|
March 18, 2007
|
|
[PA-DSS] 5.1.1.1 Validation of all input (to prevent cross-site scripting, injection flaws, maliciou
|
|
0
|
2301
|
March 18, 2007
|
|
[PA-DSS] 5.1.1 Testing of all security patches and system and software configuration changes before
|
|
0
|
2256
|
March 18, 2007
|