Skip to content

PCI-DSS

What Escape tests against the Payment Card Industry Data Security Standard, and how to use the PCI-DSS block in reporting.

What We Cover

Escape maps findings to the PCI-DSS 4.0 requirements that touch application security directly:

  • Requirement 6 (secure software and systems): injection classes (SQLi, command injection, SSRF), OWASP Top 10 coverage, and API-specific issues.
  • Requirement 3 (protected account data): sensitive-data exposure checks tuned to PAN, track data, and CVV patterns.
  • Requirement 8 (identity and access): authentication hardening, BOLA, and session-management findings.
  • Requirement 11 (regular testing): the scan history itself is the evidence for the continuous-testing obligation.

The full control-to-test mapping is rendered inside the app under Frameworks -> PCI-DSS.

How to Enable

  1. In the Escape app, turn on the PCI-DSS framework under Organization Settings -> Compliance.
  2. Add the PCI-DSS block to any Report scoped to the PCI-relevant assets.
  3. Tag the PCI-in-scope assets with the pci-dss compliance tag so the Compliance Matrix tracks them separately.

What the Report Contains

Per enabled asset: one row per PCI-DSS requirement, the mapped security tests, the findings in scope, and a pass / fail summary. Auditors can download the PDF or the CSV evidence export.