The Synopsys Software Integrity Group is now Black Duck®. Learn More

Secure Development for Financial Services

Course Description

This course presents the current compliance landscape for building applications for the financial services sector. The regulatory landscape for financial services is extremely complex, with a lot of overlapping requirements. The goal of this course is to analyze this complex environment and outline the consolidated requirements posed by various legal and compliance frameworks. The course focuses on requirements for authentication, authorization, and access control. It also presents requirements for privacy and personal data protection brought about by recent legislation such as GDPR and CCPA. The course concludes with operational security requirements as well as what is mandated for breach detection and notification.

Learning Objectives

  • Understand the main legal and compliance frameworks for financial services and what requirements they bring to developing applications
  • Implement compliant policies for authentication, authorization, and access control
  • Identify personal data and be able to protect that data based on the privacy requirements imposed by the corresponding legal frameworks
  • Apply necessary encryption and integrity protection mechanisms for sensitive data
  • Outline the controls required to secure applications and monitor for potential security breaches

Details

Delivery Format: eLearning

Duration: 1 Hour

Level: Beginner

Intended Audience:

  • Architects
  • Back-End Developers
  • Development Managers
  • Enterprise Developers
  • Front-End Developers
  • Mobile Developers
  • QA Engineers

Prerequisites: None

Course Outline

Introduction - Challenges of the Modern Regulatory Environment

  • Current State of Compliance for Financial Services
  • Challenges and Concerns
  • Key Concerns for Software Development

Analysis of the Regulatory Landscape for Financial Services

  • Introduction to Compliance for Financial Services
  • Comparison of Regulatory Frameworks
  • Areas of Focus
  • Requirements for the Software Development Lifecycle

Authentication, Authorization, and Access Control

  • Requirements for Authentication
  • Password Policies
  • Authorization, Access Control, and Monitoring
  • Session Management

Data Privacy

  • Personal Data Protection: A (not so) New Requirement
  • Categories and Definitions of Personal Data
  • Compliance Requirements for Privacy: GDPR
  • CCPA: What It Is and Definitions
  • CCPA: Business and Technical Requirements
  • GLBA Privacy Rule

Data Encryption and Integrity

  • Encrypting Data at Rest
  • Transport Layer Security and Encryption of Data in Motion
  • Protecting Data Integrity

Operational Security and Monitoring

  • Securing the Infrastructure
  • Testing Requirements
  • Keeping Logs and Auditing

Breach Detection and Notification

 

Training

Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster