Skip to main content


Compliance with PCI DSS 6.5 requires automated testing solutions.

Complying with Payment Card Industry Data Security Standard 6.5 (PCI DSS 6.5) is critically important, both to avoid the fines and penalties of noncompliance and to protect the financial data and personal information of thousands or millions of customers.

PCI 6.5 requires that organizations adhere to secure guidelines when developing web applications, and that custom application code is reviewed for potential vulnerabilities. Managing PCI DSS 6.5 compliance requires a robust and ongoing program of application security and testing that can consistently check for flaws in applications during development, in preproduction and production. Complying with PCI DSS 6.5 also requires enterprises and development teams to effectively test third-party software and open source components for vulnerabilities.

Managing a PCI DSS 6.5 compliance program is no easy task – scanning applications in development as well as thousands or tens of thousands of web applications in production can be expensive and time-consuming, putting the ability to innovate and bring products to market at risk.

Veracode can help by providing automated testing tools that simplify the PCI DSS 6.5 compliance process, while also ensuring HIPAA compliance, FISMA compliance and SOX compliance.

Everything You Need to Know About Maturing an AppSec Program

Learn best practices from the pros at Veracode.

Get the Handbook

Veracode’s PCI DSS 6.5 compliance services.

Veracode’s application security products and services help to protect organizations and the software they require to compete and innovate. Built on a highly scalable cloud platform, Veracode’s comprehensive collection of testing technologies includes static analysis, dynamic analysis, software composition analysis, penetration testing and vendor application security testing. These offerings enable development teams and IT administrators to embed testing into the entire software development lifecycle and the software procurement process, preventing XSS, SQL injection and other dangerous threats.

Veracode’s automated solutions help to avoid costly, time-consuming manual code analysis. Veracode’s technology let developers automatically test applications and receive results within 24 to 72 hours. Development teams can simplify compliance efforts by relying on Veracode’s cloud-based services instead of on-premise hardware and software. And organizations can improve secure development training with help from Veracode’s highly experienced security specialists.

How Veracode’s technology ensures compliance with PCI DSS 6.5.

When implementing Veracode’s technology for PCI DSS 6.5 compliance, IT administrators need simply to assign Veracode’s predefined policy for PCI compliance to each application and authorize automated application scans. The Veracode platform will then:

  • Automatically test applications and analyze results.
  • Provide detailed findings, with issues prioritized by severity.
  • Provide remediation recommendations that help to fix flaws faster.
  • Retest applications to provide data on the success of actual remediation against planned timelines.
  • Demonstrate compliance with PCI DSS 6.5, providing proof that applications of been tested and remediations have been implemented.

Learn more about complying with PCI DSS 6.5, and about Veracode’s grey box testing technology.