|
About the [PA-DSS] 5. Develop secure payment applications category
|
|
0
|
10
|
January 23, 2023
|
|
[PA-DSS] 5.2.4 Insecure direct object references (do not expose internal object references to users)
|
|
1
|
2886
|
June 30, 2010
|
|
[PA-DSS] 5.3.2 Management sign-off by appropriate parties
|
|
0
|
1307
|
March 18, 2007
|
|
[PA-DSS] 5.3 Software vendor must follow change control procedures for all product software configur
|
|
0
|
1459
|
March 18, 2007
|
|
[PA-DSS] 5.2.10 Failure to restrict URL access (consistently enforce access control in presentation
|
|
0
|
1503
|
March 18, 2007
|
|
[PA-DSS] 5.2.9 Insecure communications (properly encrypt all authenticated and sensitive communicat
|
|
0
|
1533
|
March 18, 2007
|
|
[PA-DSS] 5.2.8 Insecure cryptographic storage (prevent cryptographic flaws)
|
|
0
|
1792
|
March 18, 2007
|
|
[PA-DSS] 5.2.7 Broken authentication and session management (properly authenticate users and protect
|
|
0
|
2909
|
March 18, 2007
|
|
[PA-DSS] 5.3.3 Testing of operational functionality
|
|
0
|
1293
|
March 18, 2007
|
|
[PA-DSS] 5.4 The payment application must not use or require use of unnecessary and insecure servic
|
|
0
|
1704
|
March 18, 2007
|
|
[PA-DSS] 5.3.4 Back-out or product de-installation procedures
|
|
0
|
1448
|
March 18, 2007
|
|
[PA-DSS] 5.3.1 Documentation of impact
|
|
0
|
1630
|
March 18, 2007
|
|
[PA-DSS] 5.2.6 Information leakage and improper error handling (do not leak information via error me
|
|
0
|
2370
|
March 18, 2007
|
|
[PA-DSS] 5.2.5 Cross-site request forgery (CSRF) (do not rely on authorization credentials and token
|
|
0
|
1895
|
March 18, 2007
|
|
[PA-DSS] 5.2.3 Malicious file execution (validate input to verify application does not accept filena
|
|
0
|
1999
|
March 18, 2007
|
|
[PA-DSS] 5.2.2 Injection flaws, particularly SQL injection (validate input to verify user data canno
|
|
0
|
2557
|
March 18, 2007
|
|
[PA-DSS] 5.2.1 Cross-site scripting (XSS) (validate all parameters before inclusion).
|
|
0
|
2039
|
March 18, 2007
|
|
[PA-DSS] 5.2 Develop all web payment applications (internal and external, and including web administ
|
|
0
|
10539
|
March 18, 2007
|
|
[PA-DSS] 5.1.7 Review of payment application code prior to release to customers after any significan
|
|
0
|
2308
|
March 18, 2007
|
|
[PA-DSS] 5.1.6 Removal of custom payment application accounts, usernames, and passwords before payme
|
|
0
|
2224
|
March 18, 2007
|
|
[PA-DSS] 5.1.5 Removal of test data and accounts before production systems become active.
|
|
0
|
2210
|
March 18, 2007
|
|
[PA-DSS] 5.1.4 Live PANs are not used for testing or development
|
|
0
|
2513
|
March 18, 2007
|
|
[PA-DSS] 5.1.3 Separation of duties between development/test, and production environments
|
|
0
|
3003
|
March 18, 2007
|
|
[PA-DSS] 5.1.2 Separate development/test, and production environments
|
|
0
|
2604
|
March 18, 2007
|
|
[PA-DSS] 5.1.1.5 Validation of proper role-based access control (RBAC)
|
|
0
|
2317
|
March 18, 2007
|
|
[PA-DSS] 5.1.1.4 Validation of secure communications
|
|
0
|
2182
|
March 18, 2007
|
|
[PA-DSS] 5.1.1.3 Validation of secure cryptographic storage
|
|
0
|
2439
|
March 18, 2007
|
|
[PA-DSS] 5.1.1.2 Validation of proper error handling
|
|
0
|
2336
|
March 18, 2007
|
|
[PA-DSS] 5.1.1.1 Validation of all input (to prevent cross-site scripting, injection flaws, maliciou
|
|
0
|
2275
|
March 18, 2007
|
|
[PA-DSS] 5.1.1 Testing of all security patches and system and software configuration changes before
|
|
0
|
2231
|
March 18, 2007
|