I am working on an Iphone application and I have a credit card payment process. I also save the credit card for quick use later.
I want to make sure I follow all the security standarts presented by PCI-DSS
https://www.pcisecuritystandards.org/documents/pci_dss_v2.pdf (link to the pdf)
There is a point that say:
6.2 Establish a process to identify and assign a risk ranking to newly discovered security vulnerabilities
How can I identify security vulnerability in my Iphone app? is there a tool that I can use or a process to follow in order to detect them?
I am a little lost on what that means and what process should I follow to detect security vulnerability.
Thanks for any help, links or clarifications on this.
That part of the PCI guidelines is to ensure you are proactive with monitoring new security vulnerabilities. Ideally you would sign up to/actively monitor a discussion group that reports security vulnerabilities that are found.
As a new vulnerability is listed you need to make a judgement call on how seriously that might impact the security of you app, and where necessary, assign a priority for remediating that vulnerability.
You may be able to run a tool to find historical vulnerabilities, but to pass this point of the PCI guidelines you need to be proactive with new security issues. Monitoring a list is ideal.