Java Reference
In-Depth Information
◾
Section 7.3.1 delves into the Web application access control requirements of the PCI
Standards in great depth. he section details speciic requirements of the PCI Standards
with reference to access control and details the implementations for these requirements.
Section 8.2.6 deals with the protection of cardholder data stored by an organization through
◾
a Web application. Section 8.2.6.1 details the requirements of the PCI Standards with refer-
ence to encryption and other data protection techniques like truncation and hashing for the
protection of cardholder information at rest. he section discusses Requirement 3 of the PCI
Standards and some implementation practices for the same. he section also explores certain
sections of Requirement 4 that necessitate the use of encrypted transmission of sensitive
information like cardholder information.
Section 9.3 details the logging and log management implementation for Web applications
◾
with reference to the PCI Standards. he various logging requirements as speciied by
Requirement 10 of the PCI Standards have been explored in depth and implementation
practices for the same have been highlighted.
Chapter 11 deals with testing Web applications for security, and Section 11.2.4 exten-
◾
sively deals with the vulnerability assessment and penetration testing requirements of the
standard. Requirement 11 of the PCI Standards deals almost exclusively with testing the
organization's IT infrastructure for vulnerabilities and performing penetration tests on a
periodic basis. he section details the relevant portions of the standard that describe these
requirements and also delves into the implementation practices highlighted in other sec-
tions of the chapter.