PCI Compliance Application Security Support
The Payment Card Industry Data Security Standard (PCI DSS) developed by the Payment Card Industry Security Standards Council mandates that organizations handling credit card information must build and maintain secure web applications. Now organizations must focus on web application security in addition to network security and administrative controls.
The Data Security Standard (DSS) is very specific. Organizations subject to PCI audits should have their applications reviewed by organizations that specialize in application security. Denim Group can help you prepare for a PCI audit by performing source code assessments of your applications that handle sensitive credit card data.
Denim Group provides the following services to assist with PCI auditing and compliance:
- Training
- Process Mentoring
- Assessments and Source Code Review
Is your Organization subject to PCI Audits?
Denim Group helps address the business risks associated with PCI compliance.
Training
Denim Group also helps companies maintain their PCI compliance and prepare for external audits by delivering application security training for development teams. This training helps address PCI requirements in section 6.5 of the audit standards and can also serve as the launching point of an organization-wide application security initiative.
Denim Group provides application security training in Java and .NET for:
- Developers
- Business Analysts
- Security Staff
Process Mentoring
Where training programs focus on individual internal developers, the mentorship program assists with developing best practice processes across an entire organization. Denim Group works alongside various stakeholders, including: developers, product managers, project managers, and quality assurance staff to ensure that the organization has proper communication channels in place. This allows organizations to repeatably produce secure software, address any security defects that arise and respond to any incidences that occur.
Pre-Audit Readiness
Denim Group helps companies identify existing vulnerabilities before a PCI audit through assessments and source code analysis.
Are you a Qualified Security Assessor (QSA) providing PCI Audits?
Denim Group provides subcontract support to certified PCI auditors conducting assessments to test the security of client applications.
Many certified PCI auditors have a tremendous breadth and depth of experience in network security and evaluating general controls. With the PCI standard expanded to include application and source level concerns, Denim Group provides the required application security expertise to supplement auditors' existing competencies, bridging the gap between network security and application security.
Denim Group's consultants are Java and .NET developers with a deep understanding of how to build and secure complex software systems. They can support a PCI auditor to address the compliance audit objectives on section 6.4.7.
In addition to using industry-leading black box web application vulnerability scanners, Denim Group can manually test applications to identify trust and logic flaws sometimes missed by scanners. Source code review is also an option.
For more information on how Denim Group can help you prepare for your PCI Compliance Audit, contact us.