PCI DSS Requirement 6.6 is intended to address common threats to cardholder data and ensure that input to web applications from untrusted environments is inspected top to bottom.
The goal of Web Application Security Testing is to provide a thorough review of web-based software applications or web services for any security defects that may exist within the software and could lead to a breach or compromise. PSC will utilize both automated and manual tests that are customized for the specific application. The test will examine communications between the client (browser) and the server to first understand how the application was designed. With this information, PSC will analyze the design for components of the application that will be targeted during the testing. Targets will be tested for their resilience to unexpected or malicious input, boundary cases, and the ability to recover when the application has reached an unexpected state.Internet-facing applications can be tested remotely from PSC’s Security Lab. Applications that are not available to the general public are tested onsite. Testing is based on the Open Web Application Security Project (OWASP), CWE Top 25, and supplemented by information from various industry sources such as whitepaper and conference presentations. Our assessors stay abreast of new developments in the web application security field in order to ensure that the tests meet the highest standards.
Once the results of the testing have been presented to the Client, PSC will be available to offer assistance to your development and security teams in order to find appropriate solutions for any security defects that may have been discovered during the testing. PSC understands that solutions need to be practical and compatible with the Client's business needs while still maintaining a high level of security.
PSC will also be available to test the solutions that have been implemented in order to ensure that they effectively remediate any security issues and do not expose the application to any additional risk.