Requirement 6: Develop and maintain secure systems and applications

Requirement 6: Develop and maintain secure systems and applications

As your business needs change, you or your business partners might customize the WebSphere Commerce site. As you do so, ensure that the customizations do not compromise the site security. Ensure that your developers understand the requirement to develop secure systems by referring to the PA-DSS and PCI-DSS.
Note:
WebSphere Commerce starter store error pages can be configured to contain exception details that can be viewed (for development debugging purposes) when you view the source. The error pages that can print out stack traces are:

GenericSystemError.jsp
GenericApplicationError.jsp
GenericError.jsp
Ensure that your production store error pages do not show the exception details – only generic error information.

The GenericSystemError.jsp and GenericApplicationError.jsp pages do not show exception details by default. You do not need to update the production store pages to hide the exception details.
The GenericError.jsp page does not show exception details by default. You do not need to update the production store pages to hide the exception details.

Refer directly to the PCI DSS for details on this requirement.
Previous topic: Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs
Next topic: Requirement 7: Restrict access to cardholder data by business need to know

Related concepts
WebSphere Commerce and the PCI Data Security Standard