PCI DSS Training Course - Secure Software Development

Get to grips with the Payment Card Industry Secure Software Lifecycle

Standard duration: 3 Days
Email course link

Customise this course for your team

We can tailor your syllabus to take into account your group's current skills, technology stack, and specific learning goals - as part of a wider training programme or as a standalone workshop.

Enquire now to find out about our cost-effective options:

"We particularly enjoyed Stuart's anecdotes and stories which gave context to the topics discussed."

PCI DSS Training Course - Secure Software Development
RT, Developer
JATO

"I felt I learned a lot in short period. Real-world experience from the instructor was a major plus. Many thanks!"

PCI DSS Training Course - Secure Software Development
DV, Developer
JATO

About the course:

Our instructor-led PCI DSS Training Course aims to address a significant requirement of the updated PCI DSS 3.2.1, which is to ensure that relevant training is given to any software developers involved in developing and maintaining such financial applications and services.

If your web applications or systems have any involvement with processing or storing credit card data in any form, then the PCI DSS will almost certainly affect you. This still applies even if your web services / code is not financial by nature, but still resides on a shared resource which also stores or processes credit card data.

Security breaches and failures can lead to harsh penalties from member organisations (such as Visa and MasterCard), and the nature of the penalty depends on various factors such as the extent of non compliance with PCI data security standards found during a forensic investigation, and number of affected accounts / records breached.

The PCI Data Security Standards draw heavily on the current OWASP Top Ten Web Application Security Risks.

These largely affect cross-platform web technologies, and as such our course can be suitable for anyone involved in web development; our hands-on exercises and code demonstrations are delivered with examples in ASP.NET (with VB.NET or C#) or Java, but we can tailor the course for on-site delivery and focus on your development language / platform of choice (PHP, HTML5, Python et al).

This course isn’t just about ticking boxes and jumping through hoops – we aim to instil a good understanding of the importance of designing, developing and deploying secure web applications, and this course will be useful for any web developers who want to improve the robustness of their code. But if you have a particular need to top-up existing skills and don't need to cover the full syllabus, let us know and we can explore customisation options for you.

Trusted by:

In a nutshell Who should attend On-site Course Syllabus

Learning outcomes

Payment Card Industry Data Security Standards for Software Development
Secure Development Lifecycle
OWASP Top 10 Threats with code examples
Crypto techniques
Fuzz testing

Who should attend

Web Developers, Testers, Software Architects, Development Managers, Technical QA Managers

Prerequisites

Experience of data-driven web development in a language such as Java, C#, VB.NET, PHP. Knowledge of JavaScript would also be useful.

On-site PCI DSS Training

If you would like to discuss custom / on-site PCI DSS / Secure Web App Development training for any size of team, please get in touch – we would be glad to help build a course that meets your learning requirements.

We can take into account your existing technical skills, project requirements and timeframes, and specific topics of interest to tailor the most relevant and focussed course for you.

This can be particularly useful if you need to learn just the new features and Web App security Best Practices, or need to include extra topics to help with pre-requisite skills.

A number of clients have also asked for discussion about the security of SCADA and other Industrial Control Systems in relation to PCI DSS 3.2 which we’re more than happy to cover. Please let us know your requirements and we will do everything we can to accommodate them.

Full PCI DSS course syllabus

Introduction to Security

What is Application Security and why does it matter?

Payment Card Industry Data Security Standards - PCI-DSS

Who / what is the PCI made up of?
What PCI DSSmeans to Software Developers
Ensuring compliance through design and coding Best Practises

SDL in depth

Analysing security and privacy risk
Attack surface analysis
Threat Modeling
Identifying the right tools
Enforcing banned functions
Static analysis
Dynamic / Fuzz Testing
Response Plan
Final Security Review

Hands-on with the OWASP Top 10 2017 Web Application Security Risks

We keep up to date with the latest OWASP Top Ten vulnerabilities.

A1:2017-Injection
A2:2017-Broken Authentication
A3:2017-Sensitive Data Exposure
A4:2017-XML External Entities (XXE)
A5:2017-Broken Access Control
A6:2017-Security Misconfiguration
A7:2017-Cross-Site Scripting (XSS)
A8:2017-Insecure Deserialization
A9:2017-Using Components with Known Vulnerabilities
A10:2017-Insufficient Logging & Monitoring

Beyond OWASP

Data Protection Mechanisms (crypto and more)
Fuzz testing and other tools
Click jacking
Response Splitting
CWE/SANS Top 25 Most Dangerous Software Errors
Exploiting authentication
Language issues
Data devaluation
Tokenisation solutions
Auditing and Logging Solutions

Summary

Applying what you’ve learnt in the real world.
Understanding the business impact of insecure software.

Public Courses Dates and Rates

Standard duration: 3 Days

Please get in touch for pricing and availability.

Interested in this course?

If you want to explore how you can tailor this course for your organisation, want to sign up for our newsletter, or have any other questions then please speak to us on 020 3137 3920 or get in touch using this form.

This form requires javaScript to work, please email us at webenquiries@frameworktraining.co.uk if you do not have it enabled.

Get in touch

We use cookies on our website to provide you with the best user experience. If you're happy with this please continue to use the site as normal.
For more information please see our Privacy Policy.

I understand

Ready to take your skills to the next level?