6.5.a Obtain and review software development processes for any web-based applications. Verify that processes require training in secure coding techniques for developers, and are based on guidance such as the OWASP Guidelines (http://www.owasp.org)
6.5.b For any web-based applications, verify that processes are in place to confirm that web applications are not vulnerable to the following