The Payment Card Industry Data Security Standard (PCI DSS) checklist is a great place to start, but it probably...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
won't cover all the application security concerns of a modern enterprise. Project managers working on security will want to consult PCI DSS guidelines as well as some associated security standards that delve deeper into application security specifically. Keep in mind that PCI DSS is focused only on credit cards and may not be the right flavor of information security for every organization.
The PCI DSS is a prescriptive framework for information security that's not very specific to application security. The essence of the 12 main standards of PCI DSS is to have a secure environment that protects sensitive cardholder data. These standards are enforced by security policies and supported by ongoing vulnerability management and security testing. In a way, this is exactly what's needed for an organization's application security program. However, application security requires more detail than general recommendations for managing information risks.
One of the best ways to go about improving your application security program is to review and follow the PCI Security Standards Council's Payment Application Data Security Standard (PA-DSS). PA-DSS is more application security centric than PCI DSS. It gets more in-depth into application security architecture and, in particular, one PA-DSS requirement outlines the specific security controls for creating and maintaining secure applications.
Overall, PCI DSS provides great guidance for managing information security. PA-DSS aligns with certain PCI DSS requirements to create an overall security program. If you're looking for another commonly used application security framework, I recommend OWASP Top 10 and its associated projects.
Sufficient application security has different meanings to different people and businesses. In the end, you have to look at application security as a subset of information security and ensure the proper processes and people are continually involved.
Five application security threats and how to counter them
The latest information on PCI DSS
Dig Deeper on Software Security Test Best Practices
Related Q&A from Kevin Beaver
The WannaCry TCP port 445 exploit returned the spotlight to Microsoft's long-abused networking port. Network security expert Kevin Beaver explains ...continue reading
Enterprise network security expert Kevin Beaver compares and contrasts the roles of an inbound firewall and an outbound firewall. Find out what the ...continue reading
Knowing how to test for security flaws is vital, but it's a complicated and changing field. Expert Kevin Beaver offers security testing basics.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.