Web Application Security Testing
PCI DSS Requirement 6.6 is intended to address common threats to cardholder data and ensure that input to web applications from untrusted environments is inspected “top to bottom.”
PSC will utilize both automated and manual tests that are customized for the specific application.
Internet-facing applications can be tested remotely from PSC’s Security Lab. Applications that are not available to the general public are tested onsite. Testing is based on the Open Web Application Security Project (OWASP), CWE Top 25, and supplemented by information from various industry sources such as whitepapers and conference presentations. Our assessors stay abreast of new developments in the web application security field in order to ensure that the tests meet the highest standards.
If Client requests PSC perform Web Application Security Testing without the Application and Network layer penetration testing, PSC will perform the testing and prepare a report describing the results and findings specific to the application vulnerabilities discovered.
Please contact us for more information