CPISI-D – Secure Application Development Training
With the increase in the demand for digital transactions, application developers are innovating payment features continually. In today’s digital evolution, a simple error in software code can create a vulnerability that can result in a data breach. This brings up the need to incorporate resilient secure application development practices right from the first line of the application.
Secure Application Development Training can ensure that security controls are established at every stage of the Software Development Life Cycle and helps to secure payment applications from possible vulnerabilities and remove any redundant codes and functionality.
CPISI-D is a Secure Application Development Training workshop aimed at developers and architects to build secure applications. The workshop revolves around the two best application security practices, PA DSS, and OWASP to train participants on an in-depth security implementation during design, development, testing, and deployment.
The intended audience for this workshop is application developers, architects, application testing teams, and the payment application security enthusiasts with the zeal of learning payment security concepts.
- Introduction to PCI-DSS and payment eco-system
- Basic Concepts, Background and Recent Events
- Overview of Payment Card Industry and PA-DSS standard
- How to do risk assessment and threat profiling for the application
- Security By Design
- How to process and protect sensitive data, includes detail on encryption, key management, hashing, truncation and tokenization
- Application authorization and access control feature
- What to log and how the audit trails needs to be captured
- Designing the application for covering common application vulnerabilities
- Securing applications from Code Level Vulnerabilities
- Security During Development
- Overview OWASP Top 10 Vulnerability (Web+Mobile)
- Overview of the PA DSS Requirements
- PA DSS Applications
- PA DSS Requirements (1-12)
- OWASP Top 10 Vulnerability Demo
- Impact and Mitigation Approach
- Mobile Application Security Overview
- Secure deployment, maintaining the application security including production support
SISA’s CPISI-D Authorized Trainer:
- Understand the in-depth concepts of payments ecosystems and payment transaction flow
- Gain knowledge on PA DSS requirements and respective security control implementations
- Learn from use cases of recent payment application breaches
- Learn about secure coding and some of the common coding vulnerabilities
Who can participate?
- Payment application Developers
- Code reviewers
- Application head
- Application architects
- Software Developers
- Website Developers
- Mobile App Developers
- CPISI-D is a comprehensive course covering holistic approaches to build a secure payment application
- Provided by trainers with expertise in source code review and experience in handling PA DSS compliance
- The 2-day session covers a broad scope of major risks and vulnerabilities that the developer needs to be vigilant while building secure payment applications