|
|
|
|
SANS Institute's Secure Coding for PCI Compliance WorkshopMerit Network hosted an interactive video presentation of the
SANS Institute's Security 536 course, "Secure Coding for PCI Compliance."
The workshop was held Monday, May 19, 2008 at the MITC Conference Center
in Ann Arbor.
In this innovative presentation, this SANS course was delivered via interactive teleconference to several participating sites across the U.S., presented by a SANS instructor. A full course description appears below. Please note that this was a one-day version of SANS's typical 2-day classroom presentation on this subject. In this workshop the accompanying exercises were not conducted during the class, but students received an exercise CD and instructions to complete the exercises after class.
For more information, please contact
Details about the courseSANS SECURITY 536, Secure Coding for PCI Compliance
The audit procedure documents for PCI 1.1 tell the auditor that they should look for evidence that web application programmers in a PCI environment have had "training for secure coding techniques." The problem that many organizations are facing, however, is, "What is that and where can I get it?" This course provides a thorough explanation and examination of the OWASP top ten issues, which are the foundation of the PCI requirement.
In this course we will look at examples of the types of flaws that secure coding protects against, examine how the flaw might be exploited and then focus on how to correct that code.
Coupled with the lectures are more than ten hands-on exercises that will give students the opportunity to test out their new skills identifying flaws in code, fixing code and writing secure code. All of the exercises are available in Perl, PHP, C/C++, Ruby and Java. This will allow the student to try their hand at any of the major web application coding languages that they work with in addition to some of the supporting languages that might be at work behind the scenes. Students are not required to be familiar with all of these languages but should be proficient in at least one of them. Lectures are presented using a more or less code-neutral format. Please note that this one-day presentation of Security 536 will be lecture-only and will not include class time for the exercises. Students will receive an exercise CD and instructions to complete the exercises after class.
About the instructor: David HoelzerSince 1985, David has held many positions in the information technology field, ranging from programmer analyst to chief information security officer. He has been teaching for SANS since 1999, managing and authoring the majority of the audit related materials for SANS in addition to some of the secure coding courses from SANS-SSI. David currently serves as chief information officer for Enclave Forensics and director of consulting for Cyber-Defense, a subsidiary of Enclave Forensics. He is a research fellow with the Internet Forensics Lab and an adjunct research associate with the UNLV Center for Cybersecurity Research.
About SANSThe SANS Institute is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center. SANS also sponsored the creation of GIAC a leading industry security certification. The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world. A range of individuals from auditors and network administrators, to chief information security officers are sharing the lessons they learn and are jointly finding solutions to the challenges they face. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community.
More Merit Events.
|
|
|
