This self-paced online course provides developers with practical guidance on implementing secure coding practices in line with PCI DSS v4.0. Participants will gain a clear understanding of the standard’s requirements, common application vulnerabilities, and proven techniques to protect cardholder data. The training combines essential theory with actionable steps developers can apply immediately in their own codebases.
Fees
COURSE OUTLINES
Agenda
-
Introduction to PCI DSS & Secure Coding
- Overview of PCI DSS v4.0 and its relevance to developers
- Importance of secure coding in protecting cardholder data
- Key requirements: 6.2.2, 6.2.3, 6.2.4, and 6.5
-
Common Vulnerabilities & Threats
- OWASP Top 10 and CWE/SANS Top 25
- Broken Access Control
- Cryptographic Failures
- Injection
- Insecure Design
- Security Misconfiguration
- Vulnerable and Outdated Components
- Identification and Authentication Failures
- Software and Data Integrity Failures
- Security Logging and Monitoring Failures
- Server-Side Request Forgery
- Real-world breach examples and consequences
-
Secure Coding Best Practices
- Input validation and output encoding
- Authentication and authorisation
- Secure session management
- Error handling and logging
- Secure use of cryptography (TLS 1.2/1.3, hashing, key management)
-
Secure Software Development Lifecycle (SDLC)
- Integrating security into each phase of SDLC
- Secure design principles (e.g., least privilege, defence in depth)
- Use of secure frameworks and libraries
- Dependency management and software inventory
-
Code Review & Peer Validation
- Code must be reviewed by someone other than the author
- What to look for in secure code reviews
- Tools and techniques for effective reviews
- Management approval and documentation
-
Preventing Exploitable Code
- Bespoke/custom software must resist common attacks
- Secure coding against:
- Injection attacks
- Cryptographic misuse
- Business logic flaws
- Access control bypasses
- Hands-on labs or simulations (optional)
-
Knowledge Check & Acknowledgment
- Short quiz or secure coding challenge
- Developer acknowledgment of training completion
COURSE DETAILS
Course Details
- Course Duration: approximately 90–120 minutes
- Delivery: Course is delivered via our LMS platform
- Access Period: Upon registration, participants have two weeks to complete the course
- Target Audience: Developers involved in writing or maintaining code
PREREQUISITES
- Developers actively writing or maintaining code;
- Basic programming knowledge