Organizations that must achieve and maintain PCI DSS compliance often have difficulty implementing or redesigning web applications to align with the OWASP Top 10. Raul Siles, an OWASP contributor and SANS ISC Handler, has recently posted a OWASP “cheat sheet” for web application session handling that may be useful when designing and/or reviewing web application sessions, located at: https://www.owasp.org/index.php/Session_Management_Cheat_Sheet
Raul also links to a couple other cheat sheets that are equally useful, such as cross site scripting prevention located at:https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet and SQL injection prevention located at:https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
Viviana Dragu, PCI QSA
Senior Consultant, PCI Compliance Services