💼 6.2.4 Software engineering techniques or other methods are defined and in use by software development personnel to prevent or mitigate common software attacks and related vulnerabilities in bespoke and custom software.

• Contextual name: 💼 6.2.4 Software engineering techniques or other methods are defined and in use by software development personnel to prevent or mitigate common software attacks and related vulnerabilities in bespoke and custom software.

• ID: /frameworks/pci-dss-v4.0.1/06/02/04

• Located in: 💼 6.2 Bespoke and custom software are developed securely.

Description

Including but not limited to the following:

• Injection attacks, including SQL, LDAP, XPath, or other command, parameter, object, fault, or injection-type flaws.
• Attacks on data and data structures, including attempts to manipulate buffers, pointers, input data, or shared data.
• Attacks on cryptography usage, including attempts to exploit weak, insecure, or inappropriate cryptographic implementations, algorithms, cipher suites, or modes of operation.
• Attacks on business logic, including attempts to abuse or bypass application features and functionalities through the manipulation of APIs, communication protocols and channels, client-side functionality, or other system/application functions and resources. This includes cross-site scripting (XSS) and cross-site request forgery (CSRF).
• Attacks on access control mechanisms, including attempts to bypass or abuse identification, authentication, or authorization mechanisms, or attempts to exploit weaknesses in the implementation of such mechanisms.
• Attacks via any “high-risk” vulnerabilities identified in the vulnerability identification process, as defined in Requirement 6.3.1.

Similar

• Sections
  • /frameworks/pci-dss-v4.0/06/02/04
  • /frameworks/aws-fsbp-v1.0.0/ecr/01
  • /frameworks/aws-fsbp-v1.0.0/elb/04
  • /frameworks/aws-fsbp-v1.0.0/elb/12
  • /frameworks/aws-fsbp-v1.0.0/elb/14
  • /frameworks/aws-fsbp-v1.0.0/inspector/03
  • /frameworks/aws-fsbp-v1.0.0/inspector/04

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ECR.1] ECR private repositories should have image scanning configured
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.4] Application Load Balancer should be configured to drop invalid http headers
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.12] Application Load Balancer should be configured with defensive or strictest desync mitigation mode
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.14] Classic Load Balancer should be configured with defensive or strictest desync mitigation mode
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Inspector.3] Amazon Inspector Lambda code scanning should be enabled
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Inspector.4] Amazon Inspector Lambda standard scanning should be enabled
💼 PCI DSS v4.0 → 💼 6.2.4 Software engineering techniques or other methods are defined and in use by software development personnel to prevent or mitigate common software attacks and related vulnerabilities in bespoke and custom software.

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 PCI DSS v4.0 → 💼 6.2.4 Software engineering techniques or other methods are defined and in use by software development personnel to prevent or mitigate common software attacks and related vulnerabilities in bespoke and custom software.

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags