Application Security Testing for PCI-DSS

Learn web security focusing on understanding PCI’s requirements

$499.00 $250.00 / year

Secure Ideas’ Application Security Testing for PCI-DSS class focuses on web and mobile application and API flaws such as the OWASP Top 10.  This class meets the requirements for developer training within the PCI-DSS.  The students will explore SamuraiWTF and various targets to learn the techniques of penetration and security testing. We will also focus on the various vulnerabilities that affect applications and web APIs. The class will teach these vulnerabilities, such as XSS, CSRF, SQL injection, and others, from both the perspective of how to find them within an application and how to defend against the attacks.

Throughout the class, the students will reinforce the knowledge by performing hands-on exercises. These exercises lead the student through the various security issues within applications and APIs. The capstone of the class is the capture-the-flag (CTF) event. This CTF is designed to simulate a real-world penetration test to allow the attendees to practice the techniques learned throughout the class.

Email training@secureideas.com if you have any questions.  Bulk pricing is available.

Course Curriculum

  • Introduction
    8 minutes
  • Standards and Guidelines
    22 minutes
  • AppSec: Standards
    2 questions
  • The Web
    27 minutes
  • AppSec: Prepare The Web
    3 questions
  • Tools
    22 minutes
  • Exercise: Tools
    30 minutes
  • Methodology
    24 minutes
  • Exercise: Methodology
    30 minutes
  • Authentication and Session Management
    30 minutes
  • Exercise: Authentication
    30 minutes
  • AppSec: Auth and Session Management
    5 questions
  • Access Control Flaws
    8 minutes
  • Exercise: Access Control
    30 minutes
  • AppSec: Access Control Flaws
    4 questions
  • Sensitive Data Exposure
    16 minutes
  • Components with Known Vulns
    11 minutes
  • AppSec: Components with Known Vulnerabilities
    2 questions
  • Fuzzing
    6 minutes
  • Exercise: Fuzzing
    30 minutes
  • Command Injection
    12 minutes
  • Exercise: Command Injection
    30 minutes
  • AppSec: OS Command Injection Flaws
    2 questions
  • SQL Injection
    14 minutes
  • Exercise: SQL Injection
    30 minutes
  • AppSec: SQL Injection
    3 questions
  • Buffer Overflows
    7 minutes
  • AppSec: Buffer Overflows
    2 questions
  • Web Services Testing
    30 minutes
  • AppSec: Web Services
    4 questions
  • XSS
    15 minutes
  • Exercise: XSS
    30 minutes
  • AppSec: XSS
    3 questions
  • CORS and CSP
    23 minutes
  • AppSec: CORS CSP SOP
    4 questions
  • Redirects and Forwards
    9 minutes
  • Redirects and Forwards
    2 questions
  • CSRF
    16 minutes
  • Exercise: CSRF
    30 minutes
  • AppSec: CSRF
    2 questions
  • Logic Flaws
    10 minutes
  • AppSec: Logic Flaws
    3 questions
  • Defenses
    9 minutes
  • AppSec: Defenses
    5 questions
  • Capture the Flag
    8 minutes

Get Started Now

Purchase Course