Veracode for PCI Compliance
Veracode helps organizations meet the application security and code review requirements of the PCI standard. As an expert in application security, Veracode is in a unique position to provide an independent assessment, standards-based rating and secure coding training to ensure your applications comply with PCI DSS and PCI PA-DSS. Unlike costly and labor intensive manual code analysis, Veracode’s cloud-based service allows organizations to automate application reviews and receive results within 24-72 hours. This revolutionary approach means organizations can simplify their compliance efforts by using a single provider for all their PCI application security and secure development training needs.
PCI Compliance for Merchants and Service Providers
According to research by Gartner and Symantec, close to 90 percent of software attacks are aimed at the application layer. Thus, it comes as no surprise that the PCI DSS has made application security one of its cornerstones. Requirements 6.3.7, 6.5 and 6.6 identify specific steps in secure application development and deployment which organizations must meet in order to achieve PCI compliance. PCI DSS requires independent code reviews to identify software vulnerabilities and secure coding training to ensure developers know how to write secure software.
PCI Compliance for Payment Software Vendors
Visa Payment Application Best Practices (PABP) standard applies to software vendors who develop payment applications that store, process, or transmit cardholder data as part of authorization or settlement. PCI has adopted Visa’s PABP and released a new standard called the Payment Application Data Security Standard (PA-DSS). Payment Software Vendors will need to certify their products to PA-DSS and demonstrate that their application code has undergone vulnerability analysis per the requirements specified in section 5. Visa has mandated that after July 2008, only certified payment software can be used for new deployments.