Effective Software Development in a PCI DSS Environment presented at OWASP AppSecAsiaPac 2012

by Bruce Ashton,

Tags: Security

Summary : Compliance with the stringent Payment Card Industry Data Security Standards (PCI DSS) mandate a locked-down development environment. This is almost completely at odds with the normal working requirements of software developers. In fact, software developers typically like to be able to play and manipulate aspects of their computing environment as they develop new solutions a scenario expressly forbidden under PCI DSS. Companies providing IT services to clients with PCI DSS requirements need to be compliant themselves. Often this means their developers need to work within a PCI DSS compliant environment.
This talk will discuss the six PCI DSS requirements and how they apply to source code, development tools and software development in general. It will cover the sorts of problems that development teams face when working under PCI DSS and some of the possible solutions, as discovered through firsthand experience.