
PA-DSS vendors now have training options
During PA-DSS audits, NetSPI is often asked about what training options payment application vendors have for developers. These questions are in reference to PA-DSS requirement 5.2.a. This requirement states: Obtain and review software development processes for payment applications (internal and external, and including web-administrative access to product). Verify the process includes training in secure coding techniques for developers, based on industry best practices and guidance. The PCI-Council is working with SANS for a set of courses that PA-DSS vendors can use. These courses include fundamental courses for developers and security staff as well as development language specific courses. There are also courses for senior level developers, tester and managers. An example of one of the courses is Secure Coding for PCI Compliance. This is a two-day course on the OWASP top ten issues and is for a developer with experience in one of the following languages: Perl, PHP, C, C++, Java or Ruby. If you are a payment application vendor needing to start of enhance your training, look at the SANS web site – https://www.sans.org/visatop10/. These should help you get through requirement 5.2.a. Please note, NetSPI is not associated with SANS in any way.
Explore More Blog Posts

Understanding Indirect Prompt Injection Attacks in LLM-Integrated Workflows
Learn how indirect prompt injection attacks exploit AI workflows, their security risks, and strategies for protecting your systems from these hidden threats.

CVE-2025-26685 – Spoofing to Elevate Privileges with Microsoft Defender for Identity
Discover how NetSPI uncovered and reported a vulnerability in Microsoft Defender for Identity that allowed unauthenticated attackers to perform spoofing and elevate privileges.

How RayV Lite is Democratizing Laser Fault Injection
Discover how the RayV Lite by NetSPI makes advanced laser fault injection accessible, reshaping hardware security with its open-source, low-cost innovation.