AN EYE ON REGULATORY LANDSCAPE

“Because building secure web application software is the responsibility of all

stakeholders involved in the Software Development Lifecycle (SDLC)”

Satisfy PCI-DSS Requirement 6.5 and PA-DSS Requirement 5.2 annual training requirements -online and under budget! SWADA also supports the Office of the Comptroller (OCC) 2008-16 Bulletin.

SCIPP International’s Secure Web Application Development Awareness (SWADA) Course is the most current and valuable awareness course you can take to review critical web application vulnerabilities to assist you in your responsibilities to develop secure web applications.  Using the Open Web Application Security Project (OWASP) Top Ten most critical web application security flaws as the foundation for discussion, the SWADA course is a high-level overview addressing the business impact of threats and vulnerabilities via insecure web applications.  Bottom line - failure to follow proper coding guidelines can expose an organization, its employees, and its customers to malicious attacks.

          WHO SHOULD ATTEND?

1. •Application / Applet Developers
   

2. •Designers
   

3. •Architects and Maintainers
   

4. •Anyone who is involved with the Application Development Lifecycle
   

5. •PCI / PA DSS Auditors
   

6. •Security Architects
   

7. •Application Development Executives
   

8. •Security Professionals
   

9. •PCI Compliance Consultants and Researchers
   

10. •Project Managers
    

11. •IT Security Consultants
    

12. •Application Security Professionals

Organizations can satisfy annual training requirements such as those outlined in Chapter 6.5 of the Payment Card Industry Data Security Standard (PCI-DSS) and Section 5.2 of the Payment Card Industry Payment Application Data Security Standard

(PCI-PA DSS) which provides strong guidance to national banks and their technology service providers on the importance of application security as a component of all information security programs.  As global information security remains in the headlines, updated requirements, mandates and guidelines will continue to come forth. With an eye on this regulatory landscape, SCIPP International will strive to keep all training mapped to all known industry compliance sources and will maintain an up-to-date listing of such articles within this site for your reference.

1. ✓PCI-DSS Requirement 6.5: “Develop all web applications based on secure coding guidelines such as the Open Web Application Security Project Guidelines (OWASP). Review custom application code to identify
   

coding vulnerabilities. Cover prevention of common coding vulnerabilities in software development

processes.” Read More...

1. ✓PA-DSS Requirement 5.2: “Develop all web payment applications (internal and external, and including web administrative access to product) based on secure coding guidelines such as the Open Web Application Security Project Guide. Cover prevention of common coding vulnerabilities in software development processes, to include:
   

PCI Data Security Standard Requirement 6.5” Read More...

1. ✓Office of the Comptroller OCC 2008-16: “This bulletin reminds national banks and their technology service providers that application security is an important component of their information security program. All applications, whether internally developed, vendor-acquired,2 or contracted for,3 should be subject to appropriate security risk assessment and mitigation processes. Vulnerabilities in applications (see Appendix A) increase operational and reputation risk as unplanned or unknown weaknesses may compromise the confidentiality, availability, and integrity of data.” Read More...

Web application code is part of an organization’s security perimeter. As the number, size and complexity of Web applications increase, so does your perimeter exposure.

1. • E-learning – Similar to Computer Based training (CBT), these self-study courses will be available 24 x 7 and can be accessed from any computer with internet connectivity thus allowing for greater flexibility to schedule attendance on an at-will basis. Learners will be able to access the course anytime from anywhere - and enter and exit as often as you’d like since the system employs a bookmark feature that will remember exactly where you left off and begin from there next time upon log in.
   

1. • Live Instructor Led Classes delivered via Webinar Format - Available for Corporations
   

Live Instructor led classes are closed sessions produced for firms who wish to have their employees or contractors participate online in a secure web environment with a live instructor.  Think that you might want to hold a class for your team? Contact Us

COURSE OVERVIEW

1. 1.Application Software Threats
   

2. 2.Overview of OWASP
   

3. 3.Secure Coding Principles
   

4. 4.OWASP Top Ten Vulnerabilities
   

5. •Cross Site Scripting (XSS)
   

6. •Injection
   

7. •Insecure Direct Object References
   

8. •Cross Site Request Forgery (CSRF)
   

9. •Unvalidated Redirects and Forwards
   

10. •Broken Authentication and Session Management
    

11. •Insecure Cryptographic Storage
    

12. •Security Misconfiguration
    

13. •Insufficient Transport Layer Protection
    

14. •Failure to Restrict URL Access
    

5. 5.Input Validation Best Practices
   

6. 6.Web Application Software Testing Best Practices
   

7. 7.Industry Initiatives for Web Software Security

“Secure web application development has become imperative due to the new PCI-DSS mandate as well as the directive issued by the Office of the Comptroller of the Currency (OCC 2008-16). Organizations who choose to adopt the form of training offered by SCIPP will benefit from a trustworthy yet cost-effective security awareness program.”

- HOWARD A. SCHMIDT, NATIONAL CYBERSECURITY COORDINATOR, SCIPP ADVISORY BOARD MEMBER

DELIVERY SOLUTIONS FOR  YOUR INDIVIDUAL AND ORGANIZATIONAL TRAINING NEEDS - $250 per person

Updated 2010 version!

         EVIDENCE OF TRAINING FOR AUDITORS

THINK YOU KNOW THE FACTS?

This course has received accreditation from the American National Standards Institute (ANSI) against the new American National Standard ASTM E-2659 certificate of training standard. Each learner who passes a 25 Question Post-Assessment will receive a Certificate of Training which can be used as evidence of training to auditors, clients, and PCI / PA-DSS  examiners. Please click on the link above to download a sample of the certificate of training. A signed certificate will be available electronically for print as well as mailed to the recipient within 4 weeks of completing the Post-Assessment.

Download our Myths & Facts Brochure to find out if SCIPP’s Secure Web application Development Awareness training is right

for you and your staff!

contact your scipp representative for additional course details

HOME            SECURITY AWARENESS             SECURE WEB APP TRAINING           LEGAL INFO & POLICIES            CONTACT US

“All of our all certificate and certification programs are deeply rooted in our most fundamental passion for timeliness, accuracy, and relevance of the best business practices we provide.”