28 May 2013
Framework Training Ltd
Business Environment Group
Price per person
Our Secure Web Application / PCI DSS Compliancy Training Course aims to address a significant requirement of the PCI DSS which is to ensure that relevant training is given to any software developers involved in developing & maintaining such financial applications and services.
If your web applications or systems have any involvement with processing or storing credit card data in any form, then the Payment Card Industry Data Security Standards will almost certainly affect you. This still applies if the services or code merely lives on a shared resource which also stores or processes credit card data.
Security breaches and failures can lead to harsh penalties from member organisations (such as Visa and Mastercard), and the nature of the penalty depends on various factors such as the extent of non compliance with PCI data security standards found during a forensic investigation, and number of affected accounts / records breached.
The PCI Data Security Standards draw heavily on the current OWASP Top Ten Web Application Security Risks.
These largely affect cross-platform web technologies, and as such our course can be suitable for anyone involved in web development; our hands-on exercises and code demonstrations are delivered with examples in ASP.NET (with VB.NET or C#) or Java, but we can tailor the course for on-site delivery and focus on your development language / platform of choice (PHP, HTML5, Python et al).
A number of clients have also asked for discussion about the security of SCADA and other Industrial Control Systems in relation to PCI DSS which we’re more than happy to cover. Please let us know your requirements and we will do everything we can to accommodate
What you will learn
- Payment Card Industry Data Security Standards for Software Development
- Secure Development Lifecycle
- OWASP Top 10 Threats with code examples
- Crypto techniques
- Fuzz testing
Who should attend
Web Application Security / PCI DSS Training Course Syllabus
Introduction to Security
What is Application Security and why does it matter?
Payment Card Industry Data Security Standards - PCI-DSS
- Who / what is the PCI made up of?
- What PCI DSSmeans to Software Developers
- Ensuring compliance through design and coding Best Practises
SDL in depth
- Analysing security and privacy risk
- Attack surface analysis
- Threat Modeling
- Identifying the right tools
- Enforcing banned functions
- Static analysis
- Dynamic / Fuzz Testing
- Response Plan
- Final Security Review
Hands-on with the OWASP Top 10 Web Application Security Risks
- A1: Injection
- A2: Cross-Site Scripting (XSS)
- A3: Broken Authentication and Session Management
- A4: Insecure Direct Object References
- A5: Cross-Site Request Forgery (CSRF)
- A6: Security Misconfiguration
- A7: Insecure Cryptographic Storage
- A8: Failure to Restrict URL Access
- A9: Insufficient Transport Layer Protection
- A10: Unvalidated Redirects and Forwards
- Data Protection Mechanisms (crypto and more)
- Fuzz testing and other tools
- Click jacking
- Response Splitting
- CWE/SANS Top 25 Most Dangerous Software Errors
- Exploiting authentication
- Language issues
- Data devaluation
- Tokenisation solutions
- Auditing & Logging Solutions
- Applying what you've learnt in the real world.
- Understanding the business impact of insecure software (beyond just PCI compliance)