Jump to content WorldWide-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
HP.com Home

Payment Card Industry (PCI) Data Security Standard

» 

Large Enterprise Business
» Products
» Business & IT Services
» Solutions
» Technologies
» Partners
» Support & Drivers
» Business Technology
» Media & Library
» Support & Troubleshooting
» Software & Drivers
Content starts here

   

The following briefly describes a law, regulation or best practice and highlights aspects that apply to application security. This page also describes how HP Application Security Center software can help you comply. Given the changing nature of laws, rules and regulations, please check the latest information from the sponsoring organization.

Get started

»  Contact HP

Legislative summary
The Payment Card Industry (PCI) Data Security Standard (DSS) is a collaborative effort by Visa, MasterCard, American Express and Discover to ensure the protection of customers' personal information. The standard establishes 12 security requirements that all members, merchants and service providers must adhere to.

HP Application Security Center solutions help you comply with sections 6, 11 and 12 of the PCI Data Security Standard.

The Payment Card Industry (PCI) Data Security Policy requires that all Payment Card Industry (PCI) Data Security members, merchants and service providers that store, process or transmit cardholder data verify all purchased and custom web applications, including internal and external web applications.

Requirement 6.5, for developing and maintaining secure systems and applications, requires that all web applications must be developed according to secure coding guidelines, such as the Open Web Application Security Project (OWASP). You should regularly assess your web applications in accordance with requirement 11 (regularly test security systems and processes).

In September 2006, Section 6 of the PCI Standard was modified to include Section 6.6. HP Application Security Center solutions meet the web application requirements in this section to review all custom application code for common vulnerabilities. All trained users of HP Application Security Center products fully meet the requirements of Section 6.6.

HP Application Security Center capabilities
The PCI Data Security Standard relieves the burden of compliance through comprehensive application security assessment, customizable security policies and detailed regulatory compliance reporting.

  • Assess your web applications for vulnerabilities that may result in the disclosure of sensitive or private information
  • Review all custom application code for common vulnerabilities
  • Verify that web application access to sensitive information is controlled by authentication and authorization
  • Identify web application command injection vulnerabilities that may execute malicious code or programs
  • Validate that web application inputs are properly validated and not vulnerable to command injection or cross-site scripting attacks
  • Check that data communication is encrypted
  • Check for vulnerability to denial of service attacks
  • Check for improper application error handling
  • Get detailed security assessment reports categorized by PCI sections

Learn more

»  BTO software
»  HP Application Security Center
»  HP Application Security resources
PLEASE NOTE: This information is provided for informational purposes only. You should not rely on, take or fail to take any action based upon the enclosed information. The information on this Site is provided with the understanding that the authors and publishers are not herein engaged in rendering legal, accounting, tax, or other professional advice and services. As such, it should not be used as a substitute for consultation with professional accounting, tax, legal or other competent advisers. Future legislative amendments and/or your company's special circumstances may necessitate significant revisions to this information. Given the changing nature of laws, rules and regulations, and the inherent hazards of electronic communication, there may be delays, omissions or inaccuracies in information contained in this site and in HP software.
Printable version
Privacy statement Using this site means you accept its terms
© 2009 Hewlett-Packard Development Company, L.P.