DATASHEET
Payment Card Industry Data Security Standard (PCI DSS) Requirement Enforcement
ENFORCEMENT FOR KW 2023.4
Enforcement is measured against Requirement 6.5 of PCI DSS v3-2-1 May 2018.
Address common coding vulnerabilities in software-development processes as follows:
- Train developers at least annually in up-to-date secure coding techniques, including how to avoid common coding vulnerabilities.
- Develop applications based on secure coding guidelines.
https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf
PCI DSS ID | Requirement | Enforced C/C++ | Enforced C# | Enforced Java |
|---|---|---|---|---|
6.5.1 | Injection flaws, particularly SQL injection. Also consider OS Command Injection, LDAP and XPath injection flaws as well as other injection flaws. | Yes | Yes | Yes |
6.5.2 | Buffer overflows. | Yes | No | Yes |
6.5.3 | Insecure cryptographic storage. | Yes | Yes | Yes |
6.5.4 | Insecure communications. | Yes | No | Yes |
6.5.5 | Improper error handling. | Yes | Yes | Yes |
6.5.6 | All “high risk” vulnerabilities identified in the vulnerability identification process. | NSE | NSE | NSE |
6.5.7 | Cross-site scripting (XSS). | Yes | No | Yes |
6.5.8 | Improper access control (such as insecure direct object references, failure to restrict URL access, directory traversal, and failure to restrict user access to functions). | Yes | Yes | Yes |
6.5.9 | Cross-site request forgery (CSRF). | No | No | Yes |
6.5.10 | Broken authentication and session management. | No | No | Yes |