Application Security | Trainings

Application Security For PCI (TN – 203)

Course is highly useful to understand the importance of application security in PCI-DSS compliance and to know how to comply with PCI-DSS. Course provides complete understanding about OWASP top 10 attacks & defenses and helps in evaluating a good web application firewall as pointed by PCI-DSS. Course also helps the developers in understanding the code review techniques.

Target Audience

  1. Application developers, QA engineers, Architects, Technical Leads, Project managers, Information security analysts, and other professionals interested to learn application security requirements in PCI

Mandatory Pre-requisites

  1. Basic Technical Background
  2. Understanding about web applications

Helpful  Pre-requisites

  1. Knowledge of HTTP and HTML
  2. Basic understanding of web programming languages (ASP, ASP.Net, Java, PHP, RoR, CGI etc.)

Course Contents

Web Application Security

  • Web Hacking Statistics
  • Past Incidents
  • Application Security Assumptions
  • Application Security Changing Landscape
  • Application Security Challenges
  • Measurable Benefits
  • Return on Application Security Investment

PCI DSS v1.2

  • What is PCI-DSS?
  • PCI-DSS History
  • Who must comply?

PCI-DSS Compliance Requirements

  • Build and maintain a secure network
  • Protect cardholder data
  • Maintain a vulnerability management program
  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy

PCI DSS and OWASP

  • What is OWASP?
  • OWASP Top 10 Vulnerabilities and Countermeasures
  • Requirement 6.6 Option 1: Web Application Vulnerability Security Assessment-Including OWASP Top 10

Authentication

  • Weak Authentication
  • Brute-Force Attacks
  • Exploiting Authentication – Live demonstration
  • Countermeasures To Stop Authentication Attacks

Authorization

  • Broken Authorization
  • Attacking Broken Authorization – Live demonstration
  • Preventing Authorization Attacks

Session Management

  • Session Fixation Attacks
  • Cookie Poisoning/Manipulation
  • Attacking Poor Session Management – Live demonstration
  • Preventing Session Management Attacks

Data Validation

  • Buffer Overflow
  • HTML Injection – Live demonstration
  • Cross -Site Scripting (XSS) Attack – Live demonstration
  • SQL Injection – Live demonstration
  • OS Command Injection – Live demonstration
  • Countermeasures

Error Handling/ Information Leakage

  • Exploiting Poor Error Handling – Live demonstration
  • Preventing Information Leakage

Logging

  • Insecure Logging – Live demonstration
  • Logging Best Practices

Cryptography

  • Overview
  • Types of Cryptography
  • Encryption Algorithms
  • Cryptography Problems
  • Exploiting Weak Cryptography – Live demonstration
  • Channel Protection
  • Requirement 6.6 Option 2: Web Application Firewalls(WAF)

Web Application Firewalls

  • Introduction
  • Why use WAF?
  • WAF Features
  • WAF Evaluation Criteria

Code Review Techniques

  • Introduction
  • Automated Code Review – code review exercise
  • Manual Code Review – Reviewing code snippets

Q & A
For customized trainings as per your business requirements, kindly contact us at trainings@torridnetworks.com

Tags:

Comments are closed.