The Synopsys Software Integrity Group is now Black Duck®. Learn More

close search bar

Sorry, not available in this language yet

close language selection

PCI DSS Security

Course Description

This course provides security training for developers who work on PCI DSS-relevant applications. It covers the annual PCI DSS training requirements for developers, with a focus on the standard itself and how it impacts developers across all requirements. The course uses real-world examples to highlight lessons learned and includes a detailed look at recent and upcoming changes in the PCI DSS standard.

Learning Objectives

  • Gain a high-level understanding of the PCI DSS as a whole and its relevance to developers
  • Understand annual development training requirements mandated by the PCI DSS and the need to take this course and OWASP Top 10 in parallel
  • Understand the changes in the recent PCI DSS version 4.0 update and their impact on developers
  • Apply knowledge from a real-world example of a payment industry security event
  • Understand the PCI DSS assessment process and how to be prepared as a developer
  • Understand upcoming changes to the PCI DSS and other PCI SSC programs
  • Evolve their own training program to continue to adapt to the ever-changing security landscape of the payment industry

Details

Delivery Format: eLearning

Duration: 1 hour

Level: Beginner

Intended Audience:

  • Architects
  • Back-End Developers
  • Enterprise Developers
  • Front-End Developers
  • Mobile Developers
  • QA Engineers

Prerequisites: OWASP Top 10

Course Outline

Introduction to PCI DSS Developer Training

  • PCI DSS Training Agenda
  • The Payment Card Industry and the SSC
  • An Overview of the PCI DSS
  • Why Are We Here?

PCI DSS v4.0 Requirements 1-4

  • Understanding PCI DSS
  • PCI DSS Control Group 1: Build and Maintain a Secure Network and Systems
  • Control Group 2: Protect Account Data
  • Focus on Requirements 3.3 and 3.4
  • Focus on Requirement 3.5 and Key Management
  • Focus on Requirement 4

PCI DSS v4.0 Requirements 5-12

  • Control Group 3: Maintain a Vulnerability Management Program
  • Focus on Requirement 6
  • Control Group 4: Implement Strong Access Control Measures
  • Control Group 5: Regularly Monitor and Test Networks
  • Control Group 6: Maintain an Information Security Policy

Real-World Example

  • Pipeline Issues
  • More Than One Way to Do It

Preparing for a PCI DSS Assessment

  • First Things First
  • Six Months Before Starting
  • Documentation to Review
  • People to Interview
  • Processes to Validate

Training

Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster