PA-DSS Compliant

Considerations for PA-DSS Compliant Solution Development – Part 2

For earlier 9 points kindly refer to my earlier blog at Considerations for PA-DSS Compliant Solution Development – Part 1

Develop applications based on secure coding guidelines. Prevent common coding vulnerabilities in software development processes, to include the following:
a. Documentation of impact: document the impact of change in code or customization of software.
b. Documented change approval by authorized parties.
c. Functionality testing to verify that the change does not adversely impact the security of the system.
d. Back out Procedures

Testing should be done to avoid any flaws like SQL injection. Also consider OS Command Injection, LDAP and […]

Considerations for PA-DSS Compliant Solution Development – Part 1

Following are the considerations for the development and Implementation of software solutions in a PCI-DSS Compliant Environment. These should be treated as functional and/or quality requirements while developing PCI DSS Compliant solution.

Ensure that all system components and software are protected from known vulnerabilities by having the latest vendor supplied security patches installed. Install critical security patches within one month of release. This applies to all frameworks as well as operating systems and other software installed in production environment.

The PCI-DSS requires that access to all systems in the payment processing environment be protected through use […]