|
About the Maintain a Vulnerability Management Program (Requi category
|
|
0
|
134
|
January 23, 2023
|
|
[PCI DSS 3.0] 6.7 Ensure that security policies and operational procedures for developing and maintaining secure s
|
|
0
|
2831
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.6 For public-facing web applications, address new threats and vulnerabilities on an ongoing basis
|
|
0
|
2082
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.10 Broken authentication and session management
|
|
0
|
4669
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.9 Cross-site request forgery (CSRF)
|
|
0
|
2416
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.8 Improper access control (such as insecure direct object references, failure to restrict URL ac
|
|
0
|
3554
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.7 Cross-site scripting (XSS)
|
|
0
|
2731
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.7 through 6.5.10, below, apply to web applications and application interfaces (internal or exter
|
|
0
|
1726
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.6 All “high risk” vulnerabilities identified in the vulnerability identification process (as def
|
|
0
|
2632
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.5 Improper error handling
|
|
0
|
3383
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.4 Insecure communications
|
|
0
|
3423
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.3 Insecure cryptographic storage
|
|
0
|
2562
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.2 Buffer overflows
|
|
0
|
2393
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.1 Injection flaws, particularly SQL injection. Also consider OS Command Injection, LDAP and XPat
|
|
0
|
4098
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5 Address common coding vulnerabilities in software-development processes as follows:
|
|
0
|
2568
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4.5.4 Back-out procedures.
|
|
0
|
2638
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4.5.3 Functionality testing to verify that the change does not adversely impact the security of th
|
|
0
|
2325
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4.5.2 Documented change approval by authorized parties.
|
|
0
|
1915
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4.5.1 Documentation of impact.
|
|
0
|
2584
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4.5 Change control procedures for the implementation of security patches and software modification
|
|
0
|
3767
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4.4 Removal of test data and accounts before production systems become active
|
|
0
|
2358
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4.3 Production data (live PANs) are not used for testing or development
|
|
0
|
3440
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4.2 Separation of duties between development/test and production environments
|
|
0
|
5056
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4.1 Separate development/test environments from production environments, and enforce the separatio
|
|
0
|
3304
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4 Follow change control processes and procedures for all changes to system components. The process
|
|
0
|
1623
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.3.2 Review custom code prior to release to production or customers in order to identify any potent
|
|
0
|
2881
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.3.1 Remove development, test and/or custom application accounts, user IDs, and passwords before ap
|
|
0
|
2134
|
September 22, 2014
|
|
[PCI DSS 3.0] 6.3 Develop internal and external software applications (including web-based administrative access t
|
|
0
|
1967
|
September 22, 2014
|
|
[PCI DSS 3.0] 6.2 Ensure that all system components and software are protected from known vulnerabilities by insta
|
|
0
|
3316
|
September 22, 2014
|
|
[PCI DSS 3.0] 6.1 Establish a process to identify security vulnerabilities, using reputable outside sources for se
|
|
0
|
2546
|
September 22, 2014
|