Frequently Asked Question

PCI Requirement 6 - Develop and Maintain Secure Systems and Software

6.3.1 - Security vulnerabilities are identified and managed.

Security vulnerabilities that could have any impact on your website, systems, infrastructure etc; should be identified at the earliest opportunity and addressed by following expert guidance for the systems and software in use, such as;

Sign up for newsletters, for example;

> Wordfence - https://www.wordfence.com/vulnerability-advisories/ (Wordpress, Woocommerce etc)

> National Cyber Security Centre - https://www.ncsc.gov.uk/section/keep-up-to-date/reports-advisories

> Microsoft - https://msrc.microsoft.com/update-guide/

Secure Coding and Development Practices

> Always validate and sanitize user input to prevent injection attacks like SQL injection and Cross site scripting.

> Parameterised Queries

> Avoid Hardcoding passwords, connection strings etc;

> Utilize the OWASP Top 10 - https://owasp.org/www-project-top-ten/

6.3.3 - All system components are protected from known vulnerabilities by installing applicable security patches/updates

Regularly patch your systems and software

It is recommended to ensure software, systems and technologies are kept up to date regularly on devices and websites to reduce the risk of your websites being exposed to vulnerabilities, including Zero Day vulnerabilities.

In addition we advise you to make sure you are using the latest Nochex integration.