Meet your Application Security & Crypto Requirements
Security Awareness Training
PCI-DSS Requirement 12.6 - Implement a formal security awareness program
PA-DSS Requirement 13.2 - Develop and implement training and communication programs
Security Innovation offers eLearning courses to help you attain compliance:
- Fundamentals of Information Security
- Software Security Awareness
- PCI for Development Teams
- Fundamentals of PCI-DSS
- all courses>>
Secure SDLC & Compliance (SSDLC)
Our SSDLC service results in an action plan to remediate gaps between current and best practices. We'll provide recommendations for training, tools, and process changes needed to meet your PA-DSS and PCI-DSS requirements for developing maintaining secure systems and applications.
Application Security Solutions
Security Innovation offers eLearning and assessment solutions for the application security requirements of PCI-DSS and PA-DSS. We also can equip you with IBM Rational AppScan, and help you implement this solution for source code review and web vulnerability scanning.
6.3
Develop software applications in accordance with PCI-DSS and incorporate security throughout the software development life cycle.
Solution:
TeamMentor Secure Development Knowledgebase
More than 3,000 searchable assets (how-to’s, code snippets, checklists, etc) for secure software design, defensive coding, and security testing
6.5
Develop applications based on secure coding practices and prevent common coding vulnerabilities such as OWASP Top 10.
Solutions:
TeamMentor OWASP Edition
Secure development knowledgebase with more than 250 articles on finding and preventing OWASP Top Ten vulnerabilities
- OWASP Top Ten: Threats & Mitigations >>
- How to Test for the OWASP Top Ten >>
- Fundamentals of Application Security (covers OWASP Top Ten) >>
IBM Rational AppScan
Both the Source and Enterprise Edition of this product offer reports on OWASP Top Ten vulnerabilities found in your code and web applications
6.6
For public-facing web applications, regularly conduct either a code review via manual or automated vulnerability security assessment tools at least annually and after any changes, or install a web application firewall.
Solutions
- Expert code review and application assessment
- How to Conduct a Code Review eLearning course
- IBM Rational AppScan Source, Standard, or Enterprise Edition
- Web Application Firewall recommendation and implementation
11.3
Perform external and internal penetration testing at least once a year or after any substantial system or application changes
Solutions:
- Security Innovation application penetration test
- Fundamentals of Security Testing eLearning to build internal competency
- IBM Rational AppScan Source, Standard, or Enterprise Edition
Crypto
3.4
Render Primary Account Number (PAN), at minimum, unreadable anywhere it is stored (including on portable digital media, backup media, in logs) by using one-way hashes based on strong cryptography.
3.5
Protect any keys used to secure cardholder data against disclosure and misuse
Solution:
- High-performance software encryption
Up to 200x faster than RSA, an X9 & IEEE standard, and resistant to quantum computing attacks