Top check list for PCI compliance

The top check list to make a web application PCI compliance.

  1. Patch the software: Up to date security patches for the OS, application servers, DB and all used technology stacks
  2. Encrypt information: Encrypt sensitive information including credit card information and password
  3. XSS attack: Scan for possible cross-site scripting attacks
  4. SQL injection: Scan for possible SQL injection
  5. Use SSL: Configure the SSL to use more robust ciphers
  6. Ciphher strength: Use a long key length for the ciphers
  7. Software Installation: Do not install un-necessary software packages
  8. Technology stack: Do not disclose the technology stack and version to the user browser
  9. Firewall: Maintain a firewall limiting network connectivity to the public network
  10. Password: Change the default password when installing software
  11. User: Remove users without password or weak password in OS, DB and all used technology stack
  12. Annoymous user: Remove anonymous user access to OS and all software
  13. Limit access: Restrict access to storage and server containing sensitive information
  14. SSL software: Make sure your SSL libraries are up to date
  15. Field completion: Disable automatic field completion for password and sensitive information
  16. Use HTTPS: Use HTTPS in posting sensitive information from the browser
  17. Secure Server: Secure the server and limit and log physical access to authorize user only
  18. Testing: Conduct security testing and auditing constantly and with third party auditing firm
  19. Virus: Maintain up to date virus protection software
  20. Environment: Maintain a secure and more isolated environment hosting and processing the sensitive data
  21. Unique user: Assign a unique user in accessing the system and enforce tough password policy
  22. Intrusion: Install intrusion detect software
  23. Monitor: Monitor, track and log users in accessing sensitive data and system
  24. Access policy: Implement a policy on who can access to sensitive information
  25. Documentation: Maintain a written policy on information security
Your rating: None Average: 5 (1 vote)