Application Name:Test App
Programming Language:.NET

Card Holder Data - requirements regarding PCI-DSS
In order to verify the veracity of your answers regarding these questions, we strongly recoomend the following steps
The application should be properly tested against Security vulnerabilities as described in the OWASP top ten
It is recommended by the Security Council to use ASV(Approved Scanning Vendors) scanning tools
The most difficult part of the test is to verify that the application is indeed storing, trasmitting or process CHD

The Web Application falls into the main PCI-DSS Scope
We strongly recommend to read the OWASP Top 10 guidelines
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#tab=OWASP_Top_10_for_2013
The following checks are obligatory in order to become PCI-DSS complaint
Requirement 3 is about Protection of Card Holder Data
3.1 Keep cardholder data storage to a  minimum by implementing data retention
and disposal policies, procedures and processes that include at least the following :
-For all cardholder data (CHD) storage: Limiting data storage amount and  retention time to that which is 
required for legal, regulatory, and business requirements 
-Processes for secure deletion of data when no longer needed
-Specific retention requirements for cardholder data 
-A quarterly process for identifying and securely deleting stored cardholder data that exceeds defined retention.

Credit Card numbers, PAN's must be masked if displayed to web users for example : XXXX-XXXX-XXXX-3440
Only the last 4 digits can be displayed back to the user

