DATASHEET

Payment Card Industry Data Security Standard (PCI DSS) Requirement Enforcement

ENFORCEMENT FOR KW 2024.2

Enforcement is measured against Requirement 6.5 of PCI DSS v3-2-1 May 2018. 

Address common coding vulnerabilities in software-development processes as follows:

  • Train developers at least annually in up-to-date secure coding techniques, including how to avoid common coding vulnerabilities.
  • Develop applications based on secure coding guidelines.

https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf

PCI DSS ID

Requirement

Enforced C/C++

Enforced C#

Enforced Java

6.5.1

Injection flaws, particularly SQL injection. Also consider OS Command Injection, LDAP and XPath injection flaws as well as other injection flaws.

Yes

Yes

Yes

6.5.2

Buffer overflows.

Yes

No

Yes

6.5.3

Insecure cryptographic storage.

Yes

Yes

Yes

6.5.4

Insecure communications.

Yes

No

Yes

6.5.5

Improper error handling.

Yes

Yes

Yes

6.5.6

All “high risk” vulnerabilities identified in the vulnerability identification process.

NSE

NSE

NSE

6.5.7

Cross-site scripting (XSS).

Yes

No

Yes

6.5.8

Improper access control (such as insecure direct object references, failure to restrict URL access, directory traversal, and failure to restrict user access to functions).

Yes

Yes

Yes

6.5.9

Cross-site request forgery (CSRF).

No

No

Yes

6.5.10

Broken authentication and session management.

No

No

Yes