ControlCase Announces Cloud-Based Training Catering to PCI DSS Requirements

Share Article

All entities, including merchants, service providers and financial institutions, must comply with PCI DSS Requirement 6 – “Develop and Maintain Secure Systems and Applications.”

ControlCase, a leading global provider of Compliance as a Service (CaaS), Certifications, and IT Governance, Risk and Compliance (GRC) software announced the release of their On-Demand Online Web Application Security Project (OWASP) Training, developed to cater to Requirement 6 of the Payment Card Industry – Data Security Standards (PCI DSS).

Due to the alarming rise in data breach incidents across industries, especially credit card processing, application security is becoming an increasingly critical part of any organization’s overall IT security strategy. PCI DSS Requirement 6 is a mandate for web and application security and specifically calls for merchants and credit card issuers to "develop and maintain secure systems and applications either by conducting a code review or installing an application firewall.” Application-based vulnerabilities jeopardize the confidentiality, integrity and availability of critical and/or sensitive services and data that organizations rely on to support business operations. To date, many companies have had difficulty passing this security control during their initial audit.

The ControlCase OWASP Training educates developers, designers, architects and organizations about the consequences of the most common web application security vulnerabilities and the methodologies to protect against such vulnerabilities. The course simulates either an external Internet attacker or an internal person with normal security privileges to identify, verify and remediate application-related vulnerabilities that could impact and impair critical business functions and operations.

The ControlCase OWASP Training covers the following:

  • Vulnerability Scanning to detect the presence of known vulnerabilities and conditions with an application or supporting technology
  • Penetration Testing, which includes a combination of automated and manual testing procedures to detect what an unauthorized user can do through the system and the effectiveness of application controls to restrict unauthorized activities
  • Data Discovery, which includes the scanning of the application within the client’s environment to collect all available information regarding the target application

“This Training draws upon various published research and best practices in information security and web application security scenarios,” says Ashwani Kaul, President of ControlCase Technologies.

“The Training is performed by a dedicated team of Information Security Professionals who have helped numerous clients to identify application security vulnerabilities and test the effectiveness of their overall security and compliance programs. The comprehensive OWASP Training course includes a thorough breakdown of the network and covers common attacks from the Web, Application and Database. Participants are also given hands-on simulations of common web application attack scenarios,” says Kaul.

Many companies offer PCI compliance tools that check for data protection and leakage but few address the application security requirements of PCI DSS Requirement 6. OWASP Training may be used to support an organization’s overall information security management program and/or to improve overall security management.

About ControlCase
ControlCase is a global provider of Compliance as a Service (CaaS), Enterprise Software and Services. Our offerings enable clients to effectively manage their IT Governance, Risk Management and Compliance Management (IT GRCM or GRC) efforts.

Headquartered in the United States, with locations in North America, Europe, Asia Pacific and the Middle East, ControlCase provides companies of all sizes and government agencies across the globe with compliance and risk management solutions. ControlCase is also a Qualified Security Assessor (QSA) as certified by the PCI Security Standards Council and an Approved Scanning Vendor (ASV).

Contact - Kimberly Simon
Email: ksimon(at)controlcase(dot)com

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Kimberly Simon
ControlCase LLC
+44 7462323576
Email >
Visit website