Category: PCI DSS Requirement 6
Develop and Maintain Secure Systems and Software
Security flaws can be exploited by attackers to gain privileged access to systems. Vendor-provided security patches, which must be installed by the entities that manage the systems, are responsible for fixing many of these vulnerabilities. To safeguard against the exploitation and compromise of cardholder data by malicious individuals and their malicious software, all relevant software patches must be installed on all system components.
Software patches that have been sufficiently evaluated and tested to ensure that they do not conflict with existing security configurations are considered appropriate. Using secure coding methods and software lifecycle (SLC) processes for custom or bespoke software, numerous vulnerabilities can be avoided and thus mitigation of potential successful attacks.
PCI DSS assessments are also applicable to code repositories that store application code, system configurations, or other configuration data that may have an effect on the security of cardholder data or the CDE.
There is a special relationship between PCI DSS Requirement 6 and the PCI SSC Software Standards and these should be reviewed in tandem.
Imperva SecureSphere Web Application Firewall analyzes all user access to your business-critical web applications and protects your applications and data…
- HeadquartersImperva Inc. 3400 Bridge Parkway, Suite 200 Redwood Shores, CA 94065 United States
WebInspect is a web application security assessment tool that helps identify known and unknown vulnerabilities within the Web application layer.…
Scanning applications can provide a key component to the vulnerability management process by helping you to understand your organization’s potential…