PCI DSS Secure Coding Workshop

Secure coding training from application security specialists

Overview

PCI DSS Requirement 6.5

The Payment Card Industry Data Security Standard (PCI DSS) requires that organisations developing applications that handle card data secure their software against common vulnerabilities. As part of this, PCI DSS compliant organisations need to train their software developers in secure coding techniques.

Our PCI DSS Secure Coding Workshop

This is where we come in. 4ARMED’s consultants have been helping organisations implement PCI DSS since 2006, we’ve also been writing code and hacking web applications all that time too so we put all that together into an intensive half-day workshop that we can deliver on site at your office, our office or another location of your choosing.

Our PCI DSS Secure Coding training aims to provide developers with an understanding of the issues highlighted in PCI DSS requirement 6.5, how they manifest themselves, how hackers find them and what the impact can be and then, most importantly, we explain how to code defensively to prevent these weaknesses. We explain what works and what doesn’t and some common issues we encounter during our penetrating testing engagements.

Benefits

Reduce Security Bugs

Get your developers up to speed on common application security issues and start to reduce the number of bugs in your software.

Reduce Security Testing Costs

Remove common issues earlier in the Software Development Lifecycle and save time and money on costly fixes once the pentesters have reviewed your application

Compliance

Our OWASP Top Ten Secure Development training helps you meet your compliance requirements. For example, this workshop addresses PCI DSS requirement 6.5.

Raise Awareness

Your development team is focused on functional delivery. By raising awareness of malicious attack techniques through demonstration your developers can factor this knowledge into software design decisions. Result = more secure software.

What To Expect

Overview

The workshop runs for half a day, typically 3 to 4 hours, though it can be extended by incorporating more practical examples if desired. The course can be delivered online via Google Meet or Zoom, on site at your preferred location internationally or in a hybrid manner with some delegates attending online and some in-person. This is very common now with the widespread change to working arrangements since the pandemic.

Workshop Outline

Our workshop walks attendees through the issues defined in PCI DSS requirement 6.5, as they relate to web applications. Each issue is introduced, practical examples are given using 4ARMED’s custom built application security lab environment to show the potential impact, then defensive approaches are discussed.

The workshop covers the following issues:

  • 6.5.1 – Injection flaws
  • 6.5.2 – Buffer overflows
  • 6.5.3 – Insecure cryptographic storage
  • 6.5.4 – Insecure communications
  • 6.5.5 – Improper error handling
  • 6.5.7 – Cross-site scripting (XSS)
  • 6.5.8 – Improper access control
  • 6.5.9 – Cross-Site Request Forgery
  • 6.5.10 – Broken authentication and session management

Requirements

There are only three requirements we have for delivering the workshop at your office:

  • Projector with VGA or HDMI connector
  • Power
  • Internet access for our trainer

Resources

PCI DSS Secure Coding Overview

Download the information about this PCI DSS Secure Coding training as a PDF.

Next Steps

Want to discuss your requirements further? Wondering whether PCI DSS Secure Coding Workshop is right for your business? There's an easy way to find out, give us a call or complete this handy contact form to tell us where you're at and we will work with you to find the best solution for you.
+44 (0)203 475 2443 sales@4armed.com
4ARMED Limited
3 Warren Yard, Warren Park, Stratford Road, MILTON KEYNES MK12 5NW, England