Куда я попал?
Payment Card Industry 3-D Secure (PCI 3DS)
Стандарт
Security Objective 4.3
Для проведения оценки соответствия по документу войдите в систему.
Список требований
-
Requirements:
4.3 Software Security TestingSoftware security testing is an integral part of the 3DS SDK’s life cycle and is performed throughout the software life cycle to confirm that risks and attack scenarios are addressed, defensive mechanisms are implemented properly, and the propagation of design flaws or vulnerabilities into production code is prevented.
Assessment Procedures:
T.4.3.1 The tester shall examine vendor materials and other evidence to confirm that the vendor has written policy and procedures requiring internal security review and testing that accounts for the entire 3DS SDK code base, including detecting vulnerabilities in code developed by the vendor, as well as vulnerabilities in third-party, open source, or shared components or libraries.T.4.3.2 The tester shall confirm that the process for testing of internal code involves both manual and automated means.T.4.3.3 The tester shall confirm that the process clearly outlines the individuals or teams responsible for this testing. It is acceptable if a group or job title is referenced, but the tester must ensure that there is a clear line of responsibility for this item.
T.4.3.4 The tester shall confirm that the process includes ensuring that the processes for identification and mitigation of threats are correctly performed prior to the release of any production code.T.4.3.5 The tester shall confirm that the process includes ensuring that any test, debug, or other code that is intended only for internal use is removed prior to release to production.T.4.3.6 Referencing threats sampled in the tests for Requirement 4.1, “Threat and Vulnerability Analysis,” the tester shall examine vendor materials and other evidence, interview personnel, and test the 3DS SDK to confirm that threats identified and noted as required to be mitigated were addressed before the 3DS SDK was released.
Guidance:
Software security testing is a fundamental practice to ensure that software cannot be exploited through known vulnerabilities or common attacker techniques. Performing security testing throughout the development process and during development of future updates using a variety of testing techniques mitigates the risk that vulnerabilities may be introduced during updates. Testing tools and techniques may include manual code reviews, static code analysis, dynamic code analysis, software composition analysis, fuzz testing, penetration testing, etc., where appropriate. Organizations are responsible for understanding common vulnerabilities associated with the technologies they are using and for implementing testing practices specific to addressing those vulnerabilities.
| Название | Severity | IP | Integral | |
|---|---|---|---|---|
| 1111111 111 11 1111 11111111111111111 1111111 1 11111111111111111 |
-
|
1 |
-
|
|
| 11 111111111 111 1111111111111111111111111 1111 1 11111 1111111 |
-
|
1 |
-
|
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.