HomeAbout UsSolutionsLatest NewsResourcesAffiliates:Contact Us
 
 

PCI and 2nd Phase

 

PCI DSS is upon us. It's time to stop putting it in the too hard basket and get compliant.

2nd Phase helps organisations solve the Application level issues of the PCI standard. The major issue we tackle is contained in

Requirement 6: Develop and maintain secure systems and applications.

When it comes to the following issue, we've got the answers:

6.5 Develop all web applications based on secure coding guidelines such as the Open Web Application Security Project guidelines. Review custom application code to identify coding vulnerabilities. Cover prevention of common coding vulnerabilities in software development processes, to include the following:

    6.5.1 Unvalidated input
    6.5.2 Broken access control (for example, malicious use of user IDs)
    6.5.3 Broken authentication and session management (use of account credentials and session cookies)
    6.5.4 Cross-site scripting (XSS) attacks
    6.5.5 Buffer overflows
    6.5.6 Injection flaws (for example, structured query language (SQL) injection)
    6.5.7 Improper error handling
    6.5.8 Insecure storage
    6.5.9 Denial of service
    6.5.10 Insecure configuration management

6.6 Ensure that all web-facing applications are protected against known attacks by applying either of the following methods:

  • Having all custom application code reviewed for common vulnerabilities by an organization that specializes in application security
  • Installing an application layer firewall in front of web-facing applications.

 Additionally our products will help with other requirements including:

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Requirement 3: Protect stored cardholder data

Requirement 4: Encrypt transmission of cardholder data across open, public networks

Requirement 10: Track and monitor all access to network resources and cardholder data

Requirement 11: Regularly test security systems and processes

Requirement 12: Maintain a policy that addresses information security

 

We offer a range of Solutions to meet your  PCI needs.

 

Whitepapers relating to PCI 

"PCI Compliance - Web Application Security Made Simple."
How the Webdefend Application Firewall addresses various aspects of PCI Requirements. Breach Security

"The PCI 6.6 Deadline is Approaching: What You Need to Know" Ryan Barnett. Director of Application Security
Breach Security.

 

This e-mail address is being protected from spam bots, you need JavaScript enabled to view it Ounce Labs. 

"Meeting the PCI Application Security Requirements: Building Compliance In." Ounce Labs.

 

"Guide to PCI Application Security Compliance for Merchants and Service Providers." Veracode

"Guide to PABP and PCI PA-DSS Compliance for Payment Software Vendors." Veracode


Payment Card Industry Data Security Standard V1.1 Specifications

 

For more information please Contact Us.
 
[ Back ]
 
 
 
 
 
 
 
spacer Logo  
Tel: +61 2 9416 0411
Email: info@2ndphase.com.au