πΌ 6.2.4 Software engineering techniques or other methods are defined and in use by software development personnel to prevent or mitigate common software attacks and related vulnerabilities in bespoke and custom software.
- ID:
/frameworks/pci-dss-v4.0.1/06/02/04
Descriptionβ
Including but not limited to the following:
- Injection attacks, including SQL, LDAP, XPath, or other command, parameter,
object, fault, or injection-type flaws.
- Attacks on data and data structures, including attempts to manipulate buffers,
pointers, input data, or shared data.
- Attacks on cryptography usage, including attempts to exploit weak, insecure,
or inappropriate cryptographic implementations, algorithms, cipher suites, or
modes of operation.
- Attacks on business logic, including attempts to abuse or bypass application
features and functionalities through the manipulation of APIs, communication
protocols and channels, client-side functionality, or other system/application
functions and resources. This includes cross-site scripting (XSS) and
cross-site request forgery (CSRF).
- Attacks on access control mechanisms, including attempts to bypass or abuse
identification, authentication, or authorization mechanisms, or attempts to
exploit weaknesses in the implementation of such mechanisms.
- Attacks via any βhigh-riskβ vulnerabilities identified in the vulnerability
identification process, as defined in Requirement 6.3.1.
Similarβ
- Sections
/frameworks/pci-dss-v4.0/06/02/04/frameworks/aws-fsbp-v1.0.0/ecr/01/frameworks/aws-fsbp-v1.0.0/elb/04/frameworks/aws-fsbp-v1.0.0/elb/12/frameworks/aws-fsbp-v1.0.0/elb/14/frameworks/aws-fsbp-v1.0.0/inspector/03/frameworks/aws-fsbp-v1.0.0/inspector/04
Similar Sections (Take Policies From)β
Similar Sections (Give Policies To)β
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
Policies (5)β