AN EYE ON REGULATORY LANDSCAPE

  1. Public Class Schedule

Secure Web Application Development Awareness (SWADA) Course

“Because building secure web application software is the responsibility of all

stakeholders involved in the Software Development Lifecycle (SDLC)”

Satisfy PCI-DSS Requirement 6.5 and PA-DSS Requirement 5.2 annual training requirements -online and under budget! SWADA also supports the Office of the Comptroller (OCC) 2008-16 Bulletin.

SCIPP International is pleased to announce our NEW Secure Web Application Development Awareness (SWADA) course. This is the most current and valuable awareness course you can take to review critical web application vulnerabilities to assist you in your responsibilities to develop secure web applications.  Using the Open Web Application Security Project (OWASP) Top Ten most critical web application security flaws as the foundation for discussion, the SWADA course is a high-level overview addressing the business impact of threats and vulnerabilities via insecure web applications.  Bottom line - failure to follow proper coding guidelines can expose an organization, its employees, and its customers to malicious attacks.

            




          WHO SHOULD ATTEND?


  1. Application / Applet Developers

  2. Designers

  3. Architects and Maintainers

  4. Anyone who is involved with the Application Development Lifecycle

  5. PCI / PA DSS Auditors

  6. Security Architects

  7. Application Development Executives

  8. Security Professionals,

  9. PCI Compliance Consultants and Researchers

  10. Project Managers

  11. IT Security Consultants

  12. Application Security Professionals

Organizations can satisfy annual training requirements such as those outlined in Chapter 6.5 of the Payment Card Industry Data Security Standard (PCI-DSS) and Section 5.2 of the Payment Card Industry Payment Application Data Security Standard

(PCI-PADSS) which provides strong guidance to national banks and their technology service providers on the importance of application security as a component of all information security programs.  As global information security remains in the headlines, updated requirements, mandates and guidelines will continue to come forth. With an eye on this regulatory landscape, SCIPP International will strive to keep all training mapped to all known industry compliance sources and will maintain an up-to-date listing of such articles within this site for your reference.


  1. PCI-DSS Requirement 6.5: “Develop all web applications based on secure coding guidelines such as the Open Web Application Security Project Guidelines (OWASP). Review custom application code to identify

coding vulnerabilities. Cover prevention of common coding vulnerabilities in software development

processes.” Read More...


  1. PA-DSS Requirement 5.2: “Develop all web payment applications (internal and external, and including web administrative access to product) based on secure coding guidelines such as the Open Web Application Security Project Guide. Cover prevention of common coding vulnerabilities in software development processes, to include:

PCI Data Security Standard Requirement 6.5” Read More...


  1. Office of the Comptroller OCC 2008-16: “This bulletin reminds national banks and their technology service providers that application security1 is an important component of their information security program. All applications, whether internally developed, vendor-acquired,2 or contracted for,3 should be subject to appropriate security risk assessment and mitigation processes. Vulnerabilities in applications (see Appendix A) increase operational and reputation risk as unplanned or unknown weaknesses may compromise the confidentiality, availability, and integrity of data.” Read More...

FULL COURSE LINE-UP OFFERS A SOLUTION FOR  YOUR INDIVIDUAL AND ORGANIZATIONAL TRAINING NEEDS

Web application code is part of an organization’s security perimeter. As the number, size and complexity of Web applications increase, so does your perimeter exposure.

  1. Live Instructor Led Classes delivered via Webinar Format! 

  2. Corporate Closed sessions are classes produced for firms who wish to only have their employees or contractors participate in the sessions in a secure web environment.  Think that you might want to hold a class for your team? Contact Us


  1. Corporate Open sessions are classes being held for a specific corporation while still allowing outside professionals to register and participate. Contact Us


  1. Public Courses - SCIPP International has scheduled Public courses on the 3rd Wednesday of every month. View our Public Class Schedule (to the right) or go to our events page, select your date, and click the “Register Now” link . Class sizes are limited and  are filling up! Please check back often to see any updates made to the class schedule. Contact Us


  1. Pre-Recorded Public Courses – Similar to Computer Based training (CBT), these self-study courses will be available 24 x 7 and can be accessed from any computer with internet connectivity thus allowing for greater flexibility to schedule attendance on an at-will basis.

COURSE OVERVIEW


  1. 1.Application Software Threats

  2. 2.Overview of OWASP

  3. 3.Secure Coding Principles

  4. 4.OWASP Top Ten Vulnerabilities

  5. Cross Site Scripting (XSS)

  6. Injection Flaws

  7. Malicious File Execution

  8. Insecure Direct Object Reference

  9. Cross Site Request Forgery (CSRF)

  10. Information Leakage and Improper Error Handling

  11. Broken Authentication and Session Management

  12. Insecure Cryptographic Storage

  13. Insecure Communications

  14. Failure to Restrict URL Access

  15. 5.Input Validation Best Practices

  16. 6.Web Application Software Testing Best Practices

  17. 7.Industry Initiatives for Web Software Security

“Secure web application development has become imperative due to the new PCI-DSS mandate as well as the directive issued by the Office of the Comptroller of the Currency (OCC 2008-16). Organizations who choose to adopt the form of training offered by SCIPP will benefit from a trustworthy yet cost-effective security awareness program.”


- HOWARD A. SCHMIDT, NATIONAL CYBERSECURITY COORDINATOR, SCIPP ADVISORY BOARD MEMBER

HomeSCIPP_International_HOME-TheSecurityAwarenessCertificationCompany.html
Security AwarenessSCIPP_International_Security_Awareness.html
Secure Web Application Training
Why Awareness Training?SCIPP_International_-_Why_Security_Awareness_Training.html
Why SCIPP?Why_SCIPP_International.html
CertificationSCIPP_International_Security_Awareness_Certification.html
e-Learning (LMS)SCIPP_International_E-learning_%28LMS%29.html
SCIPP GAPSCIPP_International_-_SCIPP_GAP.html
AdvisorsSCIPP_International_-_Advisors.html
About UsSCIPP_International-About_Us.html
PressSCIPP_International_-_Press.html
Contact UsSCIPP_International-Contact_Us.html
EventsSCIPP_International-Events.html
Webcasts/ResourcesSCIPP_International-Security_Awareness_Webcasts%26resources.html
BlogsSCIPP_International-Blogs.html
The SCIPP International’s EUSA & SWADA courses are the first security awareness certificate programs in the world to achieve ANSI accreditation against the new American National Standard (ASTM E-2659, “Standard Practice for Certificate Programs”).
 
 

© Copyright 2006-2010. SCIPP International, Inc. All Rights Reserved.


All Contents of this site constitute the property of SCIPP International, Inc.,

and may not be copied, reproduced, or distributed without prior written permission.

 

contact your scipp representative for additional course details

Go!contactus_form.html

Security Awareness  •  PCI-DSS   •  OWASP • Why Awareness Training?   •  Why SCIPP?  •   Certification • e-Learning(LMS)   •  SCIPP GAP   •  Advisors  •  Endorsed by   •  About Us  •  Events •  Press   •  Contact Us •Security Awareness Training •PCI-DSS Security Awareness Training •FERC Security Awareness Training •NERC Security Awareness Training •HIPAA Privacy Rule Security Awareness Training •FERPA Security Awareness Training •FISMA Security Awareness Training •Banking Security Awareness Training •Financial Services Security Awareness Training •Information Assurance Security Awareness Training •Cyber Security Awareness Training •End User Security Awareness Training •eLearning Security Awareness Training •eLearning Information Assurance Training •eLearning Cyber Security Awareness Training •Security Awareness Program •HIPAA Security Rule Security Awareness Training •PCI-DSS 6.5 Secure Web Application Development Awareness •PA-DSS 5.2 Secure Web Application Development Awareness •OWASP Top 10 Training •PCI-DSS 6.5 Compliance •PA-DSS 5.2 Compliance



HOME            SECURITY AWARENESS             SECURE WEB APP TRAINING           LEGAL INFO & POLICIES            CONTACT US

“All of our all certificate and certification programs are deeply rooted in our most fundamental passion for timeliness, accuracy, and relevance of the best business practices we provide.”