Secure App Development & PCI Compliance

Secure App Development & PCI Compliance

Why application security training is important

Many high profile breaches have occurred in insecure software. The Verizon Data Breach Investigation Report (DBIR) estimates that 35% of breaches occur in public facing web applications.

Benefits of adopting secure application development

Secure application development starts with establishing a secure software development lifecycle throughout the organization's development teams. The first phase is training, which establishes application security champions within the organization and builds a culture of security instead of hiring and relying on external employees and consultants. Secure application development shifts the development team's mindset towards delivering secure software to the customer.

PCI Section 6.5 compliance

Section 6.5 of the Payment Card Industry (PCI) Data Security Standard (DSS) instructs auditors to verify that processes exist that require training in secure coding techniques for developers. While training developers is critical, it's only the first step.

Many of the most common attacks are caused by simple mistakes that occur while software is being developed and deployed.

Reduce the chances your organization will fall victim to one of today's security threats by ensuring your team can properly build defensible applications from the start. Create a culture of security by educating everyone in the software development lifecycle including developers, architects, managers, testers, business owners and partners.

How STH. Dev supports PCI compliance

Satisfies the Section 6.5 requirement to train developers annually in secure coding techniques and how to avoid common coding vulnerabilities:

Key benefits of STH. Developer training
  1. CBT modules do not require travel
  2. Employees can watch at their convenience (on demand)
  3. Integrates with existing LMS platforms
  4. Short, digestible modules explain one topic at a time
  5. Knowledge assessment test learning after each module
OWASP Top Modules
Classic Issues Modules