OWASP Education Computer based training. PCI DSS and PA-DSS. Nishi Kumar IT Architect Specialist, FIS Chair, Software Security Forum at FIS OWASP CBT Project Lead OWASP Global Industry Committee
“The PCI Data Security Standard represents a
common set of industry tools and measurements
to help ensure the safe handling of sensitive
information…the standard provides an actionable
framework for developing a robust account data
security process - including preventing, detecting
and reacting to security incidents.”
– PCI Standards Council
Everyone must be compliant with the standard
There are two sets of standards developed based on the type of payment application
PCI DSS – PCI Data Security Standard
PA-DSS – Payment Application Data Security Standard
Payment applications that are sold, distributed or licensed to third parties are subject to the PA-DSS requirements
PCI DSS only applies if PANs are stored, processed and/or transmitted.
The MITRE Corporation is a not-for-profit organization that manages several Federally Funded Research and Development Centers. Mitre currently runs various IT security projects including the Common Weakness Enumeration (CWE) and it is the official source for the CWE/SANS Top 25 Most Dangerous Software Errors.
CWE Database - http://cwe.mitre.org/
The SysAdmin, Audit, Network, Security (SANS) Institute operates as a commercial research and education company. SANS is well known for its Internet Storm Center, its comprehensive list computing security training programs and its work with Mitre on the CWE/SANS Top 25 Most Dangerous Software Errors.
The Open Web Application Security Project (OWASP) Foundation is a not-for-profit organization whose goal is to improve the safety and security of the world’s software. OWASP is probably best known for its key projects, like the Top 10 Web Application Security Risks, and for its application security conferences.
The CERT® Program is part of the Software Engineering Institute (SEI). CERT's primary objectives include analyzing and communicating the state of internet security through its US-CERT Vulnerability Notes Database and improving software security with its secure coding practices publications.
US-CERT Vulnerability Notes Database - http://www.kb.cert.org/vuls/ CERT Secure Coding Practices - http://www.cert.org/secure-coding/