 |
www.jbinternational.co.uk sales@jbinternational.co.uk Call Free 0800 028 6400 |
JB International +44 (0) 20 8446 7555 |
PCI DSS / OWASP Compliance Training Course UK
PCI DSS / OWASP Compliance Training Course Overview
| Course Code: | PCI0010 |
| Price: | £1395 |
| Duration: | 3 Days - custom / on-site options available - please call. |
| DATE: | |
| Who should attend: | IT Staff who need to develop and deploy systems in accordance with the guidance in the Payment Card Industry Data Security Standard (PCI DSS) |
| Prerequisite Skills: | Experience of developing data-driven web applications in either ASP.NET or Java is ideal (as the course will involve hands-on workshops throughout) - the course is useful though for anyone who needs to understand the Secure Development Lifecycle (SDL). |
This course will provide delegates with a sound understanding of current Payment Card Industry Secure Data Security Standards for building secure web applications. These standards derive from Best Practices set out (and continually monitored and improved) by the Open Web Application Security Project (OWASP).
Delegates on our course will gain a solid understanding of the issues and threats facing web application developers. Some aspects covered are generic to all web developers – but specific examples in both ASP.NET and Java will be used. Please contact us if you need to focus on PHP or any other language / platform.
Course Content
This course has been developed (and is delivered) by one of our highly experienced Security specialists, and draws upon significant commercial implementation experience. If have any questions about course content or availability, please email
What you will learn
1. Security Principles
2. An understanding of OWASP and PCI DSS
3. Writing compliant code in ASP.NET (C# and / or VB.NET) and Java / JEE
4. How to test security
5. How to build privacy into you application
6. How to secure installations
7. How to write secure documentation and error messages.
PCI DSS / OWASP for Web Developers - Web Application Security Training Course
Secure Development Overview
Case Studies
The Need for Secure Systems
Trustworthy Computing
Proactive Security Development
Security Principles
Threat Modelling
PCI DSS v1.2
What’s new?
PCI DSS and OWASP
Common misconceptions
OWASP
What is OWASP?
Current OWASP Top Ten
PCI DSS 6.5
6.5.1 Cross-site scripting (XSS)
- Understanding XSS
- Validate Requests in ASP.NET / Java EE
- Validating all parameters before use
6.5.2 Injection flaws
- Understanding SQL injection.
- Understanding LDAP and XPath injection flaws as well as other injection flaws.
- Database Access & SQL Injection
- Validating input to verify user data cannot modify meaning of commands and queries
6.5.3 Malicious file execution
- Validating input to verify application does not accept filenames or files from users.
- Using the File upload control
6.5.4 Insecure direct object references
- Avoiding exposing internal object references to users.
- Using Code Access Security in ASP.NET & Java EE
- Understanding Trust levels in ASP.NET & Java EE
6.5.5 Cross-site request forgery
- Understanding Cross-site request forgery (CSRF)
- Dealing with authorization credentials and tokens automatically submitted by browsers
- Cross site service security policies for Silverlight and Flash
6.5.6 Information leakage and improper error handling
- Avoiding leaking information via error messages or other means.
- ASP.NET & Java EE exception handling
- Exception handling patterns
6.5.7 Broken authentication and session management
- Authenticating users and protect account credentials and session tokens.
- Authentication, Authorisation & membership models in ASP.NET & Java EE
- Understanding & configuring Session state in ASP.NET & Java EE
6.5.8 Insecure cryptographic storage
- Preventing cryptographic flaws.
- Using cryptography in ASP.NET & Java EE
- Using cryptography in .NET Enterprise library v4.1
6.5.9 Insecure communications
- Properly encrypting all authenticated and sensitive communications.
- Understanding secure communications in Web Servers
6.5.10 Failure to restrict URL access
- Consistently enforcing access control in presentation layer and business logic for all URLs.
- Enforcing Access Policy using Authentication & Ahuthorisation
Associated Courses
ASP.NET 3.5 PCI DSS / OWASP / Web Application Compliance Training Course
Java EE PCI DSS / OWASP / Web Application Compliance Training Course
Writing Secure ASP.NET Applications
Secure coding with .NET
Writing Secure Java EE / J2EE Applications
Writing Secure PHP Applications
UK training course Listing
.NET Training Course UK | ASP.NET Training Course UK | Business Intelligence Training Course UK SOA Training Course UK| SOA for Developers and Designers Training Course UK | Oracle BPEL SOA Training Course UK | SOA & BPM Training Course UK | Agile Training Course UK | Agile Seminar UK | Web Services Training Course | PCI DSS / OWASP / Web Application Compliance Training Course | ASP.NET 3.5 PCI DSS / OWASP / Web Application Security Training Course | .NET Security Training Course UK | AJAX Training Course UK | ASP.NET AJAX Training Course UK Training Course UK) | .NET Compact Framework Training Course UK | advanced ASP.NET Training Course UK | .NET Technologies and architecture Overview Seminar | .NET Web Services Training Course UK | SharePoint Training Course | BizTalk Server Training Course | BizTalk Server Training Course | Internet Technologies Overview Seminar| XML Training Course UK | XSLT Training Course UK | OO Analysis & Design with UML Training Course UK | SQL Server Training Course UK (Programming) | SQL Server Training Course UK (DBA / Database Administration) | SQL Training Course UK | SQL Server Performance tuning Training Course UK | SQL Server Upgrade Training Course | JavaScript Training Course UK | DHTML Training Course UK | Oracle SQL Training Course UK | Oracle DBA Training Course UK | Oracle Forms Training Course UK | Oracle Reports Training Course UK | HTML Training Course UK | UNIX Linux Solaris Training Course UK | UNIX Fundamentals Training Course UK | UNIX Systems Administration Training Course UK | Advanced C++ Programming Training Course UK | C++ Training Course UK || Visual C++ & MFC Programming Training Course UK | Eclipse Training Course UK| Spring Training Course UK | Hibernate Training Course UK | Struts Training Course UK | JBoss Training Course UK | Oracle ADF Faces with JDeveloper Training Course| Java Training Course UK | Java EE PCI DSS / OWASP / Web Application Security Training Course | Java EE (JEE) Training Course UK | Advanced Java Programming Techniques Workshop | Java for C++ Programmers Training Course UK | Java Web Applications (JSP) Training Course UK | Java 2 Micro Edition (Java ME / J2ME) Training Course UK | Java Web Services Training Course UK | Java with Rational Application Developer (RAD) and WebSphere Training Course UK | J2EE with WebSphere - RAD Training Course UK | Java FX Training Course | Weblogic Training Course UK | PHP Training Course UK | Zend Framework Training Course | Python Training Course UK Adobe Flex Training Course | ActionScript Training Course | Adobe Integrated Runtime - AIR Training Course | iPhone Application Development Training Course UK | Delphi Training Course UK | Web 2.0 Training Course UK | Ruby on Rails Training Course UK | Flash Training Course UK | Flash Lite Training Course UK | Cloud Computing and Virtualisation Training Course UK | Business Process Analysis BPMN UML Training Course UK | Enterprise Architect Training Course UK | DB2 Training Course UK | zOS MVS JCL Training Course UK | TSO ISPF PDF Training Course UK | Microsoft Project: Enterprise Project Management (EPM) Training Course UK
