Secure Coding for PCI DSS
About this course
Secure Coding for PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) enhances cardholder data security. It defines a common set of rules and controls to ensure greater consistency of data security measures. Applications that process card data must be secure. Developers need to understand PCI DSS requirement 6.5, how to identify vulnerabilities and how a hacker may try to take advantage of a weakness. Specific knowledge and skills helps developers to code defensively and meet the secure coding and application security standards required by PCI DSS.
Why Secure Coding for PCI DSS?
- The Payment Card Industry Data Security Standard (PCI DSS) requires that organisations developing applications that handle card data secure their software against common vulnerabilities. As part of this, PCI DSS compliant organisations that process card payments and/or cardholder data need to train their software developers in secure coding techniques.
- Our PCI Secure Development training aims to provide developers with an understanding of the issues highlighted in PCI DSS requirement 6.5. They will then get an in-depth review of the various types of threats against systems, and learn the skills required to recognize software vulnerabilities and implement the processes and measures associated with the security development lifecycle (SDL)
Group discount available – Contact Us for more information
About this course
Objectives
This course aims to provide the knowledge and resources required to improve the security of applications following a secure development lifecycle (SDL) process.
For additional security training please see the “Further Training” tab.
Overview
The topics covered include:
- General Application Security Concepts
- Identify security vulnerabilities in code (OWASP Top 10)
- Injection
- Broken Authentication
- Sensitive Data Exposure
- XML External Entities (XXE)
- Broken Access Control
- Security Misconfiguration
- Cross-Site Scripting (XSS)
- Insecure Deserialization
- Using Components with Known Vulnerabilities
- Insufficient Logging & Monitoring
- Implement Security Controls
- Implement the processes and measures associated with the security development lifecycle (SDL).
Duration: 1 day (8 hours)
Attendee Profile
The course is intended for Developers and Software Architects (any level).
Materials
- Soft copy of tools & presentation slides
- Certificate of Participation (CPE Points)
Related Training
- The (ISC)² Certified Secure Software Lifecycle Professional (CSSLP) course is designed for professionals who demonstrate a globally recognised level of competence, as defined in a common body of knowledge, by assuring security throughout the software lifecycle. They incorporate security when planning, designing, developing, acquiring, testing, deploying, maintaining, and/or managing software to increase its trustworthiness. Learn more about CSSLP training
- The Web Application Security Essentials course is a comprehensive and strategic overview of web application security and does not focus on a specific programming language, although some knowledge of JavaScript, basic SQL and the HTTP protocol is recommended. Learn more about our Web Application Security Training
- The Java Secure Coding Training and Web Application Secure Coding in Net courses are designed to instruct participants on best practice in secure coding using specific programming languages.
- The Threat Modeling course provides attendees with the knowledge to identify applicable threats, quantify them, and address the risk with effective countermeasures to mitigate any attack – at the design stage of the SDL. Learn more about our Threat Modeling training
Course Curriculum