Appsec Knowledge Base

PCI SECURITY

CA Veracode testing tools enable PCI security compliance.

For software development organizations, complying with Payment Card Industry Data Security Standard 3.0 (PCI 3.0) requires an investment in application testing for PCI security.

PCI 3 directs software organizations to comply with secure guidelines for developing applications and requires that custom application code can be adequately scanned for potential vulnerabilities. To meet these PCI security dictates, organizations need a consistent approach to application security and powerful software development tools for application testing.

Because PCI security requirements apply both to software in development and software in production, enterprises may need solutions to test thousands or tens of thousands of public-facing web applications that are already running. They’ll also need Dev Ops tools that can integrate testing throughout the development process, from inception through preproduction. And tools to quickly scan and evaluate third-party code are a must.

CA Veracode enables organizations to easily comply with PCI security requirements by providing a comprehensive suite of solutions that make testing easier, faster and less costly.

PCI security solutions from CA Veracode.

CA Veracode solutions help to seamlessly integrate security and testing into development processes to ensure that secure code is synonymous with quality code. By combining automation, process and speed, CA Veracode technology enables organizations to eliminate software flaws at the most cost-efficient point in the development/deployment chain.

To promote PCI security, CA Veracode enables developers to automatically test applications and receive results, often within four hours. Rather than relying on on-premise hardware and software, developers can use CA Veracode’s cloud-based services to test applications without needing to open a new environment. CA Veracode’s suite of solutions provides a comprehensive approach to testing, with tools for static analysis, black box testing techniques, software composition analysis, vendor application security testing and more.

How CA Veracode simplifies PCI security.

  • To comply with PCI security mandates, IT administrators can use CA Veracode’s predefined policies to authorize automated scans for a variety of applications. Once configured, the CA Veracode platform can:
  • Automatically test software in development, pre-production and production.
  • Provide analysis of the results, prioritized by severity, along with detailed remediation instructions that enable developers to re-create and fix flaws faster.
  • Retest software as needed to demonstrate successful remediation and to document progress against planned timelines.
  • Provide detail of compliance with PCI security guidelines, including proof that applications have been tested and that remediation has been accomplished.

 

Learn more about PCI security and CA Veracode, and about CA Veracode solutions for mitigating Shellshock vulnerabilities.

 

 

contact menu