Skip to content

Case Study Technology/Software Industry

Company Meets PCI Secure Coding Training Compliance

Security Journey Case Study PCI Secure Coding Header

81% of vulnerabilities were fixed correctly, up from just 14%

Security Journey Case Study PCI Secure Coding Header

The Company

A software technology company with many Fortune 500s as their customers store over 41 million records of end-user data and wanted a training solution to meet PCI secure coding requirements.

They needed to reduce vulnerabilities in software to protect their applications and, ultimately, their end-users' data.

Visit our Business Guide to PCI-DSS Compliance Training for more information

 

Region

North America

Number of Users

1,500

Company Size

Mid-Size

Industry

Software Technology

Compliance Requirements

PCI

  1. The Challenge The company wanted to show the effectiveness of the training solution so they could justify to engineering leadership that time away from development was worthwhile.
  2. The Solution The company decided to put all their software developers through hands-on secure coding training. 
  3. The Outcome The developers were given another assessment after the training and approximately nine months after the initial assessment with measurable results.
  • Reporting Learning Swing Icon 85% Average Assessment Score
  • Reduction in Vulnerabilities Icon 81% Reduction in Vulnerabilities
  • Score Improvements Icon 100% Developers found and fixed a majority of the vulnerabilities

The Challenge

Security Journey Case Study PCI Secure Coding

The company wanted to show the effectiveness of the training solution so they could justify to engineering leadership that time away from development was worthwhile, show the ROI for their internal security budget, and measure the effectiveness for C-level leadership.

Before taking any training, the company gave a secure coding assessment to all developers. The assessment had multiple questions about finding a simple OWASP Top 10 vulnerability in a code snippet and fixing it. The assessment consisted of two SQL Injection vulnerabilities, one XML External Entity (XXE) vulnerability, and one CrossSite Scripting vulnerability. In addition, there was a simple question on Insecure Deserialization.

The developers were not given the answers, only their final score. The developers averaged a total score of 19% and found and fixed an average of just 14% of the vulnerabilities. 58% of developers could not find and fix just one vulnerability successfully. 

The Solution

We're Here Every Step of the Way

The company decided to put all their software developers through hands-on secure coding training.

They chose HackEDU because of the interactive, secure development training, which has been proven to help developers lower the risk of vulnerabilities. Going through all the lessons, the developers improved their ability to write secure software, boosted their understanding of how systems are hacked, and decreased the time to solve those security-related issues.

The training also helped the company meet their PCI secure coding training compliance requirements. 

SJ_PCISoftwareFortune500_CaseStudy

The Results

The developers were given another assessment after the training and approximately nine months after the initial assessment. This time the average score was 85%, up from just 19%, and the developers found 81% of the vulnerabilities. 100% of the developers found and fixed a majority of the vulnerabilities in the assessment. The developers improved their ability to find and fix vulnerabilities in code and improved by an average of 452%. Not  only did the developers improve their ability to code securely, but they also thought the way the lessons were presented was exciting and enlightening which enticed them to complete the courses.

  • 10 Seconds 85% average score of developers assessed
  • 100% with secure code training experience preferred Security Journey 100% of the developers found and fixed a majority of the vulnerabilities in the assessment
  • 100% of developers learned something new 452%

    average of improved ability to find and fix vulnerabilities in code

Download the Case Study

Company Meets PCI Secure Coding Training Compliance