|
About the [PA-DSS] 5. Develop secure payment applications category
|
|
0
|
65
|
January 23, 2023
|
|
[PA-DSS] 5.2.4 Insecure direct object references (do not expose internal object references to users)
|
|
1
|
2979
|
June 30, 2010
|
|
[PA-DSS] 5.2.9 Insecure communications (properly encrypt all authenticated and sensitive communicat
|
|
0
|
1593
|
March 18, 2007
|
|
[PA-DSS] 5.3.3 Testing of operational functionality
|
|
0
|
1362
|
March 18, 2007
|
|
[PA-DSS] 5.3.2 Management sign-off by appropriate parties
|
|
0
|
1381
|
March 18, 2007
|
|
[PA-DSS] 5.3 Software vendor must follow change control procedures for all product software configur
|
|
0
|
1531
|
March 18, 2007
|
|
[PA-DSS] 5.4 The payment application must not use or require use of unnecessary and insecure servic
|
|
0
|
1784
|
March 18, 2007
|
|
[PA-DSS] 5.3.4 Back-out or product de-installation procedures
|
|
0
|
1510
|
March 18, 2007
|
|
[PA-DSS] 5.2.10 Failure to restrict URL access (consistently enforce access control in presentation
|
|
0
|
1588
|
March 18, 2007
|
|
[PA-DSS] 5.2.7 Broken authentication and session management (properly authenticate users and protect
|
|
0
|
2991
|
March 18, 2007
|
|
[PA-DSS] 5.3.1 Documentation of impact
|
|
0
|
1694
|
March 18, 2007
|
|
[PA-DSS] 5.2.8 Insecure cryptographic storage (prevent cryptographic flaws)
|
|
0
|
1859
|
March 18, 2007
|
|
[PA-DSS] 5.2.6 Information leakage and improper error handling (do not leak information via error me
|
|
0
|
2453
|
March 18, 2007
|
|
[PA-DSS] 5.2.5 Cross-site request forgery (CSRF) (do not rely on authorization credentials and token
|
|
0
|
1991
|
March 18, 2007
|
|
[PA-DSS] 5.2.3 Malicious file execution (validate input to verify application does not accept filena
|
|
0
|
2071
|
March 18, 2007
|
|
[PA-DSS] 5.2.2 Injection flaws, particularly SQL injection (validate input to verify user data canno
|
|
0
|
2614
|
March 18, 2007
|
|
[PA-DSS] 5.2.1 Cross-site scripting (XSS) (validate all parameters before inclusion).
|
|
0
|
2131
|
March 18, 2007
|
|
[PA-DSS] 5.2 Develop all web payment applications (internal and external, and including web administ
|
|
0
|
10613
|
March 18, 2007
|
|
[PA-DSS] 5.1.7 Review of payment application code prior to release to customers after any significan
|
|
0
|
2396
|
March 18, 2007
|
|
[PA-DSS] 5.1.6 Removal of custom payment application accounts, usernames, and passwords before payme
|
|
0
|
2297
|
March 18, 2007
|
|
[PA-DSS] 5.1.5 Removal of test data and accounts before production systems become active.
|
|
0
|
2302
|
March 18, 2007
|
|
[PA-DSS] 5.1.4 Live PANs are not used for testing or development
|
|
0
|
2585
|
March 18, 2007
|
|
[PA-DSS] 5.1.3 Separation of duties between development/test, and production environments
|
|
0
|
3075
|
March 18, 2007
|
|
[PA-DSS] 5.1.2 Separate development/test, and production environments
|
|
0
|
2666
|
March 18, 2007
|
|
[PA-DSS] 5.1.1.5 Validation of proper role-based access control (RBAC)
|
|
0
|
2383
|
March 18, 2007
|
|
[PA-DSS] 5.1.1.4 Validation of secure communications
|
|
0
|
2240
|
March 18, 2007
|
|
[PA-DSS] 5.1.1.3 Validation of secure cryptographic storage
|
|
0
|
2524
|
March 18, 2007
|
|
[PA-DSS] 5.1.1.2 Validation of proper error handling
|
|
0
|
2403
|
March 18, 2007
|
|
[PA-DSS] 5.1.1.1 Validation of all input (to prevent cross-site scripting, injection flaws, maliciou
|
|
0
|
2342
|
March 18, 2007
|
|
[PA-DSS] 5.1.1 Testing of all security patches and system and software configuration changes before
|
|
0
|
2295
|
March 18, 2007
|