|
About the Maintain a Vulnerability Management Program (Requi category
|
|
0
|
92
|
January 23, 2023
|
|
[PCI DSS 3.0] 6.7 Ensure that security policies and operational procedures for developing and maintaining secure s
|
|
0
|
2793
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.6 For public-facing web applications, address new threats and vulnerabilities on an ongoing basis
|
|
0
|
2060
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.10 Broken authentication and session management
|
|
0
|
4631
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.9 Cross-site request forgery (CSRF)
|
|
0
|
2388
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.8 Improper access control (such as insecure direct object references, failure to restrict URL ac
|
|
0
|
3512
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.7 Cross-site scripting (XSS)
|
|
0
|
2690
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.7 through 6.5.10, below, apply to web applications and application interfaces (internal or exter
|
|
0
|
1682
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.6 All “high risk” vulnerabilities identified in the vulnerability identification process (as def
|
|
0
|
2599
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.5 Improper error handling
|
|
0
|
3342
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.4 Insecure communications
|
|
0
|
3387
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.3 Insecure cryptographic storage
|
|
0
|
2534
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.2 Buffer overflows
|
|
0
|
2359
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5.1 Injection flaws, particularly SQL injection. Also consider OS Command Injection, LDAP and XPat
|
|
0
|
4058
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.5 Address common coding vulnerabilities in software-development processes as follows:
|
|
0
|
2539
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4.5.4 Back-out procedures.
|
|
0
|
2608
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4.5.3 Functionality testing to verify that the change does not adversely impact the security of th
|
|
0
|
2286
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4.5.2 Documented change approval by authorized parties.
|
|
0
|
1884
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4.5.1 Documentation of impact.
|
|
0
|
2558
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4.5 Change control procedures for the implementation of security patches and software modification
|
|
0
|
3719
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4.4 Removal of test data and accounts before production systems become active
|
|
0
|
2279
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4.3 Production data (live PANs) are not used for testing or development
|
|
0
|
3339
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4.2 Separation of duties between development/test and production environments
|
|
0
|
5024
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4.1 Separate development/test environments from production environments, and enforce the separatio
|
|
0
|
3245
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.4 Follow change control processes and procedures for all changes to system components. The process
|
|
0
|
1597
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.3.2 Review custom code prior to release to production or customers in order to identify any potent
|
|
0
|
2824
|
September 23, 2014
|
|
[PCI DSS 3.0] 6.3.1 Remove development, test and/or custom application accounts, user IDs, and passwords before ap
|
|
0
|
2096
|
September 22, 2014
|
|
[PCI DSS 3.0] 6.3 Develop internal and external software applications (including web-based administrative access t
|
|
0
|
1930
|
September 22, 2014
|
|
[PCI DSS 3.0] 6.2 Ensure that all system components and software are protected from known vulnerabilities by insta
|
|
0
|
3271
|
September 22, 2014
|
|
[PCI DSS 3.0] 6.1 Establish a process to identify security vulnerabilities, using reputable outside sources for se
|
|
0
|
2509
|
September 22, 2014
|