Skip to main content

πŸ’Ό 6.5 Address common coding vulnerabilities in software-development processes.

  • ID: /frameworks/pci-dss-v3.2.1/06/05

Stats​

not available

Description​

As follows:

  • Train developers at least annually in up-to-date secure coding techniques, including how to avoid common coding vulnerabilities.
  • Develop applications based on secure coding guidelines.

The vulnerabilities listed at 6.5.1 through 6.5.10 were current with industry best practices when this version of PCI DSS was published. However, as industry best practices for vulnerability management are updated (for example, the OWASPGuide, SANS CWE Top 25, CERT Secure Coding, etc.), the current best practices must be used for these requirements.

Similar​

  • Sections
    • /frameworks/pci-dss-v4.0/06/02/02
  • Internal
    • ID: dec-c-61590095

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
πŸ’Ό PCI DSS v4.0 β†’ πŸ’Ό 6.2.2 Software development personnel working on bespoke and custom software are trained at least once every 12 months.no data

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
πŸ’Ό PCI DSS v4.0 β†’ πŸ’Ό 6.2.2 Software development personnel working on bespoke and custom software are trained at least once every 12 months.no data

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
πŸ’Ό 6.5.1 Injection flaws, particularly SQL injection. Also consider OS Command Injection, LDAP and XPath injection flaws as well as other injection flaws.5no data
πŸ’Ό 6.5.2 Buffer overflows.5no data
πŸ’Ό 6.5.3 Insecure cryptographic storage.5no data
πŸ’Ό 6.5.4 Insecure communications.5no data
πŸ’Ό 6.5.5 Improper error handling.5no data
πŸ’Ό 6.5.6 All β€œhigh risk” vulnerabilities identified in the vulnerability identification process.5no data
πŸ’Ό 6.5.7 Cross-site scripting (XSS).5no data
πŸ’Ό 6.5.8 Improper access control.5no data
πŸ’Ό 6.5.9 Cross-site request forgery (CSRF).5no data
πŸ’Ό 6.5.10 Broken authentication and session management.5no data