2ndphase

Content on this page requires a newer version of Adobe Flash Player.

Get Adobe Flash player
HomeProduct InformationLatest NewsWhite PapersContact UsAbout UsPrice

Content on this page requires a newer version of Adobe Flash Player.

Get Adobe Flash player
 
 

PCI and 2nd Phase


2nd Phase helps organisations solve the Application level issues of the PCI standard. The major issue we tackle is contained in

Requirement 6: Develop and maintain secure systems and applications.

When it comes to the following issue, we've got the answers:

6.5 Develop all web applications based on secure coding guidelines such as the Open Web Application Security Project guidelines. Review custom application code to identify coding vulnerabilities. Cover prevention of common coding vulnerabilities in software development processes, to include the following:

    6.5.1 Unvalidated input
    6.5.2 Broken access control (for example, malicious use of user IDs)
    6.5.3 Broken authentication and session management (use of account credentials and session cookies)
    6.5.4 Cross-site scripting (XSS) attacks
    6.5.5 Buffer overflows
    6.5.6 Injection flaws (for example, structured query language (SQL) injection)
    6.5.7 Improper error handling
    6.5.8 Insecure storage
    6.5.9 Denial of service
    6.5.10 Insecure configuration management

6.6 Ensure that all web-facing applications are protected against known attacks by applying either of the following methods:

  • Having all custom application code reviewed for common vulnerabilities by an organization that specializes in application security
  • Installing an application layer firewall in front of web-facing applications.

 Additionally our products will help with other requirements including:

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Requirement 3: Protect stored cardholder data

Requirement 4: Encrypt transmission of cardholder data across open, public networks

Requirement 10: Track and monitor all access to network resources and cardholder data

Requirement 11: Regularly test security systems and processes

Requirement 12: Maintain a policy that addresses information security

 

We offer a range of Solutions to meet your  PCI needs.

 

Whitepapers relating to PCI 

"PCI Compliance - Web Application Security Made Simple."
How the Webdefend Application Firewall addresses various aspects of PCI Requirements. Breach Security

"The PCI 6.6 Deadline is Approaching: What You Need to Know" Ryan Barnett. Director of Application Security
Breach Security.

"Guide to PCI Application Security Compliance for Merchants and Service Providers." Veracode

"Guide to PABP and PCI PA-DSS Compliance for Payment Software Vendors." Veracode


Payment Card Industry Data Security Standard V1.1 Specifications

 

For more information please Contact Us.
 
[ Back ]
 
 
 
Latest News

SecurAccess is now here.

Tokenless 2 Factor - Preferred by Users and IT Best Practice

The world's Easiest strong authentication. Installed and configured in a day, and deploying to 20,000 users in an hour. Re-Use existing AD Passwords as the PIN.

Ease of Use + Security + Lowest Cost = The ultimate Strong Authentication solution.

Click here for more

Client Case Studies

The John Lewis Partnership is currently in the process of rolling out SecurAccess to 15,000 employees: “SecurAccess has been really well received within the organisation, it has been working effectively and we have had no problems with the roll out. ”

View all case studies here

 
 
Logo Tel: +61 2 8231 6580
Email: info@2ndphase.com.au