πΌ 6.2.4 Software engineering techniques or other methods are defined and in use by software development personnel to prevent or mitigate common software attacks and related vulnerabilities in bespoke and custom software.
- ID:
/frameworks/pci-dss-v4.0/06/02/04
Descriptionβ
including but not limited to the following:
- Injection attacks, including SQL, LDAP, XPath, or other command, parameter,
object, fault, or injection-type flaws.
- Attacks on data and data structures, including attempts to manipulate buffers,
pointers, input data, or shared data.
- Attacks on cryptography usage, including attempts to exploit weak, insecure,
or inappropriate cryptographic implementations, algorithms, cipher suites, or
modes of operation.
- Attacks on business logic, including attempts to abuse or bypass application
features and functionalities through the manipulation of APIs, communication
protocols and channels, client-side functionality, or other system/application
functions and resources. This includes cross-site scripting (XSS) and
cross-site request forgery (CSRF).
- Attacks on access control mechanisms, including attempts to bypass or abuse
identification, authentication, or authorization mechanisms, or attempts to
exploit weaknesses in the implementation of such mechanisms.
- Attacks via any βhigh-riskβ vulnerabilities identified in the vulnerability
identification process, as defined in Requirement 6.3.1.
Similarβ
- Sections
/frameworks/pci-dss-v4.0.1/06/02/04/frameworks/pci-dss-v3.2.1/06/05/01/frameworks/pci-dss-v3.2.1/06/05/02/frameworks/pci-dss-v3.2.1/06/05/03/frameworks/pci-dss-v3.2.1/06/05/04/frameworks/pci-dss-v3.2.1/06/05/05/frameworks/pci-dss-v3.2.1/06/05/06/frameworks/pci-dss-v3.2.1/06/05/07/frameworks/pci-dss-v3.2.1/06/05/08/frameworks/pci-dss-v3.2.1/06/05/09/frameworks/pci-dss-v3.2.1/06/05/10
- Internal
Similar Sections (Take Policies From)β
Similar Sections (Give Policies To)β
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
Policies (5)β