COD 722: PCI Bootcamp for Software Development Teams

Live Training English
Course is offered in English

Course Overview

This course introduces the PCI-DSS to those responsible for compliance in software development. The goals of software security, the impact of security on a business, and the difficulties in achieving perfect security are presented. The software requirements of the PCI-DSS and PA-DSS are broken out from the standards and presented clearly. Integration of security into the software development lifecycle and the form, methods, and remediation of the most common software vulnerabilities are shown.

Upon completion of the course, participants will be able to:

  • Understand the software security landscape
  • Realize the contribution of security to the total cost of ownership for software
  • Understand why secure software can be difficult to achieve
  • Know the fundamental requirements for the PCI-DSS and PA-DSS
  • Integrate security into the software development lifecycle
  • Conduct common attacks and think like an attacker
  • Identify and remediate common vulnerabilities

Modules Covered

Introduction to Software Security

  • The fundamental tenets of software security and its importance in the business environment
  • Compliance issues and the rise of compliance as a motivation for improving software security
  • Why software security is challenging and the approaches needed to create secure software

Introduction to the PCI-DSS

  • The structure of the Payment Card Industry Data Security Standards
  • Detailed discussion of the requirements for both the Payment Application DSS and the PCI-DSS with requisite design and development suggestions

Fundamentals of Security in the SDLC

  • The software development lifecycle and the need to integrate security from beginning to end
  • Creating secure requirements and design, secure coding, secure deployment, and post-deployment activities

Common Weaknesses and Vulnerabilities

  • Attacks that carry the highest risk for a PCI compliant application and detailed information about the underlying causes and methods of exploit
  • Methods for identifying and remediating vulnerabilities