The PCI toolkit is based on a decision tree assessment methodology, which helps you identify if your web applications are part of the PCI-DSS scope and how to apply the PCI-DSS requirements. By decomposing , one by one , you will be able to create an assessment and a final report of your scope delimitation and which OWASP guidelines must be used