Visa, MasterCard, American Express, and other payment card companies currently require all U.S. merchants accepting
credit card payments to comply with the Payment Card Industry Data Security Standard (PCI DSS), which is a global
compliance initiative that outlines a set of comprehensive requirements to help organizations protect payment card
account data from fraud, hacking, and other security vulnerabilities and threats. It requires organizations to not only
perform many different tasks, but also to record who performed them and when. Parasoft Development Testing Platform
(DTP) employs the Process Intelligence Engine (PIE) to help you establish a repeatable process that ensures your team
members are conforming to your organizations prescribed PCI policy.
PCI DSS requirement 6 details how to develop and maintain secure systems and applications. It promotes a proactive,
preventative approach to building security into the application throughout the stages of software development, including
continuous testing and continuous integration processes. This is in contrast to an ad-hoc approach that seeks to test
security vulnerabilities out of the application one by one.
Parasoft is the industry leader in defect preventionin fact, we wrote the book on it (Automated Defect Prevention,
Wiley-IEEE, 2007). With over 25 years of experience helping over half of the Fortune 500 companies incorporate the PCImandated
practices throughout the development process, Parasoft knows what it takes to rapidly bring organizations into
compliance with PCI DSS.
Parasofts PCI DSS Solution significantly reduces the time and cost of achieving PCI compliance by:
- Delivering the industrys most comprehensive security vulnerability prevention and detection capabilities in
an integrated solution: Parasoft provides out-of-the-box automation of practices essential for achieving PCI DSS 6
- Static analysis pattern-based coding standards, data flow analysis, code metrics.
- Dynamic analysis unit testing, integration testing, functional testing, memory error detection.
- Penetration testing runtime security policy validation (encryption, authentication, signatures).
- Peer code review (and document review) process automation.
- Providing out-of-the-box checking for the security issues referenced in PCI DSS requirement 6: The solution
is configured to deliver an instant assessment of compliance with PCI DSS requirement 6 security guidelines across
Java, C/C++, .NET, Web language code, and other security-critical application artifacts (e.g., XML configuration
files). This enables teams to rapidly assess the level of compliancewithout spending time reading the PCI DSS
specification and determining how the requirements translate to code.
- Establishing an automated process that integrates security throughout the SDLC: Parasofts automated
infrastructure facilitates continued compliance as the application evolves by making compliance to PCI-mandated
practices an unobtrusive part of the teams existing workflow.
- Facilitating issue remediation, not just issue detection: Each issue detected is prioritized, automatically
correlated to the developer who introduced it, then distributed to his or her IDE with direct links to the problematic
code. Eventually, developers start writing compliant code as a matter of habit.
- Delivering extensive reporting for documentation and process improvement: Our centralized reporting system
provides real-time visibility into overall security status and processes
Using Parasofts integrated solution, organizations not only gain a fast track to PCI DSS 6 compliance, but also establish
a process for ensuring that all of the mandated PCI DSS tasks are performed and documented as expected.
How Parasoft DTP Capabilities Facilitate Compliance with PCI DSS Requirements
Parasoft Support for PCI DSS 6
To read more, download the PDF.