PCI (Payment Card Industry Security Standard)_Test 6.5.5

PCI (Payment Card Industry Security Standard)

Develop and maintain secure systems and applications

Test 6.5.5

6.5.5 Examine software-development policies and procedures and interview responsible personnel to verify that improper error handling is addressed by coding techniques that do not leak information via error messages (for example by returning generic rather than specific error details).

Applications can unintentionally leak information about their configuration or internal workings or expose privileged information through improper error handling methods. Attackers use this weakness to steal sensitive data or compromise the system altogether. If a malicious individual can create errors that the application does not handle properly they can gain detailed system information create denial-of-service interruptions cause security to fail or crash the server. For example the message “incorrect password provided” tells an attacker the user ID provided was accurate and that they should focus their efforts only on the password. Use more generic error messages like “data could not be verified.”

 

Click here to Start your FREE trial today!

Explainer video

 

What is a Cybersecurity Compliance Framework?

You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.

With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.

The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:

Click here to Start your FREE trial today!

Explainer video