|
About the [PA-DSS] 5. Develop secure payment applications category
|
|
0
|
45
|
January 23, 2023
|
|
[PA-DSS] 5.2.4 Insecure direct object references (do not expose internal object references to users)
|
|
1
|
2955
|
June 30, 2010
|
|
[PA-DSS] 5.3.2 Management sign-off by appropriate parties
|
|
0
|
1359
|
March 18, 2007
|
|
[PA-DSS] 5.2.8 Insecure cryptographic storage (prevent cryptographic flaws)
|
|
0
|
1832
|
March 18, 2007
|
|
[PA-DSS] 5.3 Software vendor must follow change control procedures for all product software configur
|
|
0
|
1502
|
March 18, 2007
|
|
[PA-DSS] 5.2.10 Failure to restrict URL access (consistently enforce access control in presentation
|
|
0
|
1566
|
March 18, 2007
|
|
[PA-DSS] 5.2.9 Insecure communications (properly encrypt all authenticated and sensitive communicat
|
|
0
|
1573
|
March 18, 2007
|
|
[PA-DSS] 5.2.7 Broken authentication and session management (properly authenticate users and protect
|
|
0
|
2963
|
March 18, 2007
|
|
[PA-DSS] 5.3.3 Testing of operational functionality
|
|
0
|
1337
|
March 18, 2007
|
|
[PA-DSS] 5.4 The payment application must not use or require use of unnecessary and insecure servic
|
|
0
|
1754
|
March 18, 2007
|
|
[PA-DSS] 5.3.4 Back-out or product de-installation procedures
|
|
0
|
1492
|
March 18, 2007
|
|
[PA-DSS] 5.3.1 Documentation of impact
|
|
0
|
1673
|
March 18, 2007
|
|
[PA-DSS] 5.2.6 Information leakage and improper error handling (do not leak information via error me
|
|
0
|
2419
|
March 18, 2007
|
|
[PA-DSS] 5.2.5 Cross-site request forgery (CSRF) (do not rely on authorization credentials and token
|
|
0
|
1959
|
March 18, 2007
|
|
[PA-DSS] 5.2.3 Malicious file execution (validate input to verify application does not accept filena
|
|
0
|
2045
|
March 18, 2007
|
|
[PA-DSS] 5.2.2 Injection flaws, particularly SQL injection (validate input to verify user data canno
|
|
0
|
2590
|
March 18, 2007
|
|
[PA-DSS] 5.2.1 Cross-site scripting (XSS) (validate all parameters before inclusion).
|
|
0
|
2105
|
March 18, 2007
|
|
[PA-DSS] 5.2 Develop all web payment applications (internal and external, and including web administ
|
|
0
|
10586
|
March 18, 2007
|
|
[PA-DSS] 5.1.7 Review of payment application code prior to release to customers after any significan
|
|
0
|
2368
|
March 18, 2007
|
|
[PA-DSS] 5.1.6 Removal of custom payment application accounts, usernames, and passwords before payme
|
|
0
|
2272
|
March 18, 2007
|
|
[PA-DSS] 5.1.5 Removal of test data and accounts before production systems become active.
|
|
0
|
2273
|
March 18, 2007
|
|
[PA-DSS] 5.1.4 Live PANs are not used for testing or development
|
|
0
|
2561
|
March 18, 2007
|
|
[PA-DSS] 5.1.3 Separation of duties between development/test, and production environments
|
|
0
|
3051
|
March 18, 2007
|
|
[PA-DSS] 5.1.2 Separate development/test, and production environments
|
|
0
|
2645
|
March 18, 2007
|
|
[PA-DSS] 5.1.1.5 Validation of proper role-based access control (RBAC)
|
|
0
|
2361
|
March 18, 2007
|
|
[PA-DSS] 5.1.1.4 Validation of secure communications
|
|
0
|
2220
|
March 18, 2007
|
|
[PA-DSS] 5.1.1.3 Validation of secure cryptographic storage
|
|
0
|
2501
|
March 18, 2007
|
|
[PA-DSS] 5.1.1.2 Validation of proper error handling
|
|
0
|
2382
|
March 18, 2007
|
|
[PA-DSS] 5.1.1.1 Validation of all input (to prevent cross-site scripting, injection flaws, maliciou
|
|
0
|
2324
|
March 18, 2007
|
|
[PA-DSS] 5.1.1 Testing of all security patches and system and software configuration changes before
|
|
0
|
2278
|
March 18, 2007
|