Tuesday, 26 November 2019

Developer Training for PCI Compliance

In my current role, I have been tasked with providing 'Developer Training' as part of our PCI Compliance Audit. The challenge with this task is finding a solution that is acceptable to the Auditor, but not cost prohibitive. Using an external training company is an easy way but its very expensive and does not help when new starters come on board. Another option is to provide internal training (did someone say WebGoat?), but that can be a challenge with logistics and timing.

The solution we eventually deceided on was creating a Quiz using Office 365 Forms, which was based on the OWASP Top 10 and OWASP Secure Coding Practices. Access is restricted to users within the organisation and the results cannot be tampered with.

Its a simple, cost effective, extendable solution to an otherwise complicate problem. The next step is to create a suitable quiz to challenge a developers knowledge ........