Skip to main content

PCI 6.5

Automate testing to ensure compliance with PCI 6.5.

The Payment Card Industry Data Security Standard 6.5 (PCI DSS 6.5, or PCI 6.5) stipulates that organizations should “develop web applications based on secure coding guidelines and review custom application code to identify coding vulnerabilities.” Compliance with PCI 6.5 is critical to avoid credit card data being fraudulently used or having credit card holders’ personal information exposed.

Secure compliance with PCI 6.5 requires an ongoing security program that can continually and consistently monitor applications for potential flaws that might jeopardize data and customer information. For a growing number of companies worldwide, Veracode provides the automated tools for compliance with PCI 6.5 that reduce the complexity of managing application security.


PCI 6.5 compliance solutions from Veracode.

Veracode application security solutions help protect organizations and the software they depend on. As an expert in application security, Veracode offers independent assessment, standards-based rating and secure coding training to ensure that software complies with PCI 6.5. Veracode’s SaaS-based services help to automate application reviews and eliminate the cost and resource requirements of manual code analysis, accelerating testing and returning results in a matter of hours. Veracode comprehensive suite of testing solutions include dynamic and static testing tools along with software composition analysis and vendor application security testing solutions. Veracode’s technology helps to identify and fix vulnerabilities that could be exploited by attacks like reflected XSS, SQL injection and other top threats.

How Veracode’s PCI 6.5 compliance technology works.

When implementing Veracode solutions for PCI 6.5 compliance, you can simply assign Veracode’s predefined policies to appropriate applications and authorize automated application scans. Veracode’s highly scalable platform does the rest, including:

  • Automating testing and analysis.
  • Prioritizing fixes by assigning risk severity rankings based on industry standards.
  • Updating dashboards and reports to provide compliance status at a glance.
  • Delivering detailed actionable findings for rapid remediation.
  • Providing QSA-ready proof that applications related to PCI have been tested and that flaws have been remediated.

By retesting applications to track actual remediation against timelines and plans, enterprises can evaluate the effectiveness of their PCI 6.5 compliance programs.

Because Veracode applications are continually scanning thousands of applications and millions of lines of code, continuous improvement is built into the platform. The insight gleaned from these scans and discoveries are delivered to customers through automatic updates, helping clients to become compliant with PCI 6.5 faster and to stay compliant longer.

Veracode is the only application vulnerability assessment solution that supports android, IOS, and Windows mobile applications, dramatically simplifying PCI 6.5 compliance for companies considering mobile payment applications.

Learn more about complying with PCI 6.5 with help from Veracode, and about Veracode solutions for HIPAA compliance and FISMA compliance.