Modify an existing Java Web application that violates PCI, programming homework help

User Generated

Evxv

Programming

Description

Modify an existing Java Web application that violates several Payment Card Industry guidelines and recommendations. Your task is to locate the issues, identify what is wrong and then fix the code. You will discuss each issue in terms of why the issue may cause a security vulnerability, and how you specifically fixed the issue.

The current code, uses Java JSP and Servlets to allow a user to login to their account and view credit card data stored in the database. The functionality is relatively simple but several PCI compliance rules have been violated that will prevent the application from being approved by a PCI software auditor.

You should first load up the application, populate the database and make sure the application is working in your environment as expected. The application uses the Java Derby relational database. The script used to populate the application is attached as well as the Java web project itself. You should be able to open the existing project using NetBeans. However; you may need to load the Derby drivers to the libraries for the project.


User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Hello,I have changed the code and the outputs are now different than the previous version with PCI requirement violations. I am adding the MS word and the source codes.I am waiting to hear from you if any change is needed. Please let me know for any doubt, more work and any change.I hope it helps.See you.Bye

After loading the project and running it in the browser browser the first violation of PCI DSS requirement
that is obvious is shown in the following image

So all the details of the card information is shown.
This violates the DSS requirement 7 and 9
So how can we fix it?
To fix it I attempted to hide the full credit card information.
And I got the following screen for the user hiding the details of the card information using asterisk.

To do this I had to change the java code as following:

/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
*...


Anonymous
This is great! Exactly what I wanted.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags