Organizations that must achieve and maintain PCI DSS compliance often have difficulty implementing or redesigning web applications to align with the OWASP Top 10. Raul Siles, an OWASP contributor and SANS ISC Handler, has recently posted a OWASP “cheat sheet” for web application session handling that may be useful when designing and/or reviewing web application sessions.
Raul also links another cheat sheet that is equally useful on SQL injection prevention.
Viviana Dragu, PCI QSA
Senior Consultant, PCI Compliance Services