PCI Security Training & Standards

Developing Securely for PCI DSS

Course Description

Vulnerabilities to payment card security are a threat to everyone with a credit or debit card in their wallet. Every day, we effectively transmit highly personal and sensitive data about ourselves to strangers. If all goes well, only the intended recipients ever see our information. If not, the results can be disastrous. Thus the criticality of the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS provides guidance to organizations that collect, process, transmit, or store cardholder data. In this course, you will learn about PCI DSS: the data it is intended to secure, its requirements, how to incorporate those requirements into code, and how to avoid common mistakes that can make your software vulnerable to attack.

Course Themes

  • Introduce the data protection requirements of the PCI DSS
  • Put PCI DSS requirements into the context of a secure SDLC
  • Explain the secure development guidance outlined in the PCI DSS
  • Examine why sensitive data in memory is of particular concern and present techniques to force its release from memory

Learning Objectives

  • Recognize which software security defects are addressed by PCI
  • Strategize and utilize discovery methods for protecting sensitive cardholder data based on PCI guidance
  • Recognize the role memory plays in the security of cardholder’s personal information
  • Utilize PCI-guided best practices to avoid common mistakes and ultimately develop more secure software

Course Outline

Secure Coding Guidelines

  • Introduction to the PCI DSS
  • Injection Flaws
  • Buffer Overflows
  • Insecure Cryptographic Storage
  • Insecure Communications
  • Improper Error Handling
  • All “High Risk” Vulnerabilities
  • Cross-Site Scripting
  • Improper Access Control
  • Cross-Site Request Forgery
  • Broken Authentication and Session Management

Protecting Data in Memory

  • Sensitive Account Data
  • Sensitive Data in Memory
  • Managing Volatile Memory
  • Forced Release of Sensitive Data

Details

Delivery Format: eLearning

Duration: 1 hour

Level: Introductory

Intended Audience:

  • Developers
  • QA Engineers
  • Architects
  • Application Security Specialists

Competencies: Familiarity with web programming environments and technologies

Prerequisites: 

Get more course information