Any application that processes or stores credit card data needs to comply with the Payment Card Industry Data Security Standard (PCI DSS). Developers should be aware of PCI DSS and understand how to design for and maintain continuous compliance. This path equips participants with a foundational understanding of the PCI DSS framework, as well as providing a deep dive into the applicable PCI DSS requirements that apply to software design, development and testing; some known security vulnerabilities; and code review techniques to assess the adequacy of security controls.
Assessment - 26 questions
Setting the scene for PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) is an established information security standard which applies to any organization involved in the processing, transmission and storage of credit card information. As an introduction, we debunk some common myths surrounding PCI DSS and provide an overview of the evolution of PCI DSS since 2004. We close out with an overview of related industry frameworks and legislation which also impact data protection.
PCI DSS unpacked and applied to the software development life cycleApplications can be used as easy gateways for hacking sensitive data like credit card numbers and customer details. Any application that will be processing credit card data will need to comply with specific PCI DSS regulations. In this course, we unpack Requirement 6 of PCI DSS, which speaks to deploying secure systems and applications.
Data privacy & security by designIn this course, we bring the disciplines of data privacy and information Security together. We show how GDPR and comparable global legislation define privacy requirements, and also outline technical and organizational policies and measures to protect private information.
Solving for common coding vulnerabilities to ensure PCI DSS complianceAs secure coding practices accepted by the industry evolve, our coding practices and training programs should also pivot to address those new threats. Up-to-date secure code development methods should align with leading industry practices such as the OWASP Guidelines, SANS CWE Top 25 and CERT Secure Coding.
PCI DSS-relevant code review tips and techniquesSecure code review allows organizations to provide assurance that their application developers are following secure development techniques. The intention behind secure code reviews is to verify that the proper security and logical controls are present, that they work as intended and that they have been called up in the right places. We unpack the what, the why (benefits) and the how (common methods) of code assurance, also known as code reviews.
Bringing it home - Course wrap up and PCI-DSS projectOur case study is about Deeyes EsMart, a California-based online retailer which (by virtue of their size and number of transactions processed) triggers the PCI DSS requirements. We devise and walk through a six-point game plan which weaves together a lot of the concepts covered throughout this course. We've also included reference material for delegates to refer to at their leisure.