Process to detect security vulnerability in my Iphone app

Question

I am working on an Iphone application and I have a credit card payment process. I also save the credit card for quick use later.

I want to make sure I follow all the security standarts presented by PCI-DSS

https://www.pcisecuritystandards.org/documents/pci_dss_v2.pdf (link to the pdf)

There is a point that say:

6.2 Establish a process to identify and assign a risk ranking to newly discovered security vulnerabilities

How can I identify security vulnerability in my Iphone app? is there a tool that I can use or a process to follow in order to detect them?

I am a little lost on what that means and what process should I follow to detect security vulnerability.

Thanks for any help, links or clarifications on this.

Answer 1

That part of the PCI guidelines is to ensure you are proactive with monitoring new security vulnerabilities. Ideally you would sign up to/actively monitor a discussion group that reports security vulnerabilities that are found.

As a new vulnerability is listed you need to make a judgement call on how seriously that might impact the security of you app, and where necessary, assign a priority for remediating that vulnerability.

You may be able to run a tool to find historical vulnerabilities, but to pass this point of the PCI guidelines you need to be proactive with new security issues. Monitoring a list is ideal.

Answer 2

As for establishing procedure for detecting security vulnaribilities in iOS apps , OWASP's IOS Application Security Testing Cheat Sheet is a good place to start. There is also some books regarding iOS security,I found this one quite helpful.