|
About the Maintain a Vulnerability Management Program (Requi category
|
|
0
|
17
|
January 23, 2023
|
|
[PCI DSS 3.0] 6.7 Ensure that security policies and operational procedures for developing and maintaining secure s
|
|
0
|
2743
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.6 For public-facing web applications, address new threats and vulnerabilities on an ongoing basis
|
|
0
|
2003
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.10 Broken authentication and session management
|
|
0
|
4589
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.9 Cross-site request forgery (CSRF)
|
|
0
|
2345
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.8 Improper access control (such as insecure direct object references, failure to restrict URL ac
|
|
0
|
3457
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.7 Cross-site scripting (XSS)
|
|
0
|
2605
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.7 through 6.5.10, below, apply to web applications and application interfaces (internal or exter
|
|
0
|
1638
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.6 All “high risk” vulnerabilities identified in the vulnerability identification process (as def
|
|
0
|
2533
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.5 Improper error handling
|
|
0
|
3279
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.4 Insecure communications
|
|
0
|
3342
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.3 Insecure cryptographic storage
|
|
0
|
2472
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.2 Buffer overflows
|
|
0
|
2310
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.1 Injection flaws, particularly SQL injection. Also consider OS Command Injection, LDAP and XPat
|
|
0
|
4002
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5 Address common coding vulnerabilities in software-development processes as follows:
|
|
0
|
2488
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4.5.4 Back-out procedures.
|
|
0
|
2553
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4.5.3 Functionality testing to verify that the change does not adversely impact the security of th
|
|
0
|
2234
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4.5.2 Documented change approval by authorized parties.
|
|
0
|
1838
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4.5.1 Documentation of impact.
|
|
0
|
2511
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4.5 Change control procedures for the implementation of security patches and software modification
|
|
0
|
3654
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4.4 Removal of test data and accounts before production systems become active
|
|
0
|
2230
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4.3 Production data (live PANs) are not used for testing or development
|
|
0
|
3266
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4.2 Separation of duties between development/test and production environments
|
|
0
|
4986
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4.1 Separate development/test environments from production environments, and enforce the separatio
|
|
0
|
3191
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4 Follow change control processes and procedures for all changes to system components. The process
|
|
0
|
1563
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.3.2 Review custom code prior to release to production or customers in order to identify any potent
|
|
0
|
2774
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.3.1 Remove development, test and/or custom application accounts, user IDs, and passwords before ap
|
|
0
|
1985
|
September 22, 2014
|
|
[PCI DSS 3.0] 6.3 Develop internal and external software applications (including web-based administrative access t
|
|
0
|
1878
|
September 22, 2014
|
|
[PCI DSS 3.0] 6.2 Ensure that all system components and software are protected from known vulnerabilities by insta
|
|
0
|
3213
|
September 22, 2014
|
|
[PCI DSS 3.0] 6.1 Establish a process to identify security vulnerabilities, using reputable outside sources for se
|
|
0
|
2445
|
September 22, 2014
|