For earlier 9 points kindly refer to my earlier blog at Considerations for PA-DSS Compliant Solution Development – Part 1
Develop applications based on secure coding guidelines. Prevent common coding vulnerabilities in software development processes, to include the following:
a. Documentation of impact: document the impact of change in code or customization of software.
b. Documented change approval by authorized parties.
c. Functionality testing to verify that the change does not adversely impact the security of the system.
d. Back out Procedures
Testing should be done to avoid any flaws like SQL injection. Also consider OS Command Injection, LDAP and […]