The Synopsys Software Integrity Group is now Black Duck®. Learn More

PCI DSS Security

Course Description

This course provides security training for developers who work on PCI DSS-relevant applications. It covers the annual PCI DSS training requirements for developers, with a focus on the standard itself and how it impacts developers across all requirements. The course uses real-world examples to highlight lessons learned and includes a detailed look at recent and upcoming changes in the PCI DSS standard.

Learning Objectives

  • Gain a high-level understanding of the PCI DSS as a whole and its relevance to developers
  • Understand annual development training requirements mandated by the PCI DSS and the need to take this course and OWASP Top 10 in parallel
  • Understand the changes in the recent PCI DSS version 4.0 update and their impact on developers
  • Apply knowledge from a real-world example of a payment industry security event
  • Understand the PCI DSS assessment process and how to be prepared as a developer
  • Understand upcoming changes to the PCI DSS and other PCI SSC programs
  • Evolve their own training program to continue to adapt to the ever-changing security landscape of the payment industry

Details

Delivery Format: eLearning

Duration: 1 hour

Level: Beginner

Intended Audience:

  • Architects
  • Back-End Developers
  • Enterprise Developers
  • Front-End Developers
  • Mobile Developers
  • QA Engineers

Prerequisites: OWASP Top 10

Course Outline

Introduction to PCI DSS Developer Training

  • PCI DSS Training Agenda
  • The Payment Card Industry and the SSC
  • An Overview of the PCI DSS
  • Why Are We Here?

PCI DSS v4.0 Requirements 1-4

  • Understanding PCI DSS
  • PCI DSS Control Group 1: Build and Maintain a Secure Network and Systems
  • Control Group 2: Protect Account Data
  • Focus on Requirements 3.3 and 3.4
  • Focus on Requirement 3.5 and Key Management
  • Focus on Requirement 4

PCI DSS v4.0 Requirements 5-12

  • Control Group 3: Maintain a Vulnerability Management Program
  • Focus on Requirement 6
  • Control Group 4: Implement Strong Access Control Measures
  • Control Group 5: Regularly Monitor and Test Networks
  • Control Group 6: Maintain an Information Security Policy

Real-World Example

  • Pipeline Issues
  • More Than One Way to Do It

Preparing for a PCI DSS Assessment

  • First Things First
  • Six Months Before Starting
  • Documentation to Review
  • People to Interview
  • Processes to Validate

Training

Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster