Course Catalog / Learning Path / PCI Developer

PCI Developer

Overview

The PCI learning path includes a variety of security courses that will vary depending on whether you are seeking core, advanced or elite paths. It is designed for those responsible for developing applications that process credit and debit card payments and/or any type of cardholder data.

The PCI Developer learning path provides learners with the tools required to meet the Payment Card Industry Data Security Standards (PCI DSS) for systems that transmit, process, and/or store cardholder data.

Courses provide a framework for:

  • Developing secure applications
  • Conducting effective test procedures
  • Adopting guidance for mitigating issues

Core

  • AWA 101 Fundamentals of Application Security
  • AWA 102 Secure Software Concepts
  • COD 102-108 Fundamentals of SDLC Security Series (7)
  • COD 141 Fundamentals of Secure DB Development
  • COD 152 Fundamentals of Secure Cloud Development
  • ENG 205 Fundamentals of Threat Modeling

Advanced

  • COD 246-249 PCI Compliance for Developers Series (4)
  • COD 225-230 IoT Specialization Series (6)
  • COD 241 Creating Secure Oracle Database Applications
  • DES 202-205 Fundamentals of Cryptography Series (4)
  • DES 214-216 Secure Enterprise Infrastructure Series (3)
  • DES 222-231 Applying OWASP 2017 Mitigations Series (10)
  • TST 253 Testing for Classic Buffer Overflow
  • TST 256 Testing for Missing Authorization
  • TST 257 Testing for Use of Hard-Coded Credentials
  • TST 258 Testing for Missing Encryption of Sensitive Data
  • TST 259 Testing for Unrestricted Upload of File with Dangerous Type
  • TST 260 Testing for Reliance on Untrusted Inputs in a Security Decision
  • TST 261 Testing for Execution with Unnecessary Privileges
  • TST 262 Testing for Cross-Site Request Forgery
  • TST 264 Testing for Download of Code Without Integrity Check
  • TST 266 Testing for Inclusion of Functionality from Untrusted Control Sphere
  • TST 267 Testing for Incorrect Permission Assignment for Critical Resource
  • TST 268 Testing for Use of a Potentially Dangerous Function
  • TST 269 Testing for Use of a Broken or Risky Cryptographic Algorithm
  • TST 272 Testing for Open Redirect
  • TST 273 Testing for Uncontrolled Format String

Elite

  • DES 101 Fundamentals of Secure Architecture
  • DES 212 Architecture Risk Analysis and Remediation
  • ENG 191-195 Integrating the MS SDL into your SDLC Series (5)
  • ENG 211 How to Create Application Security Design Requirements
  • ENG 311 Attack Surface Analysis & Reduction
  • ENG 312 How to Perform a Security Code Review
Ready to Demo? Questions about learning paths? Contact Us!

Learning Path Details

Number of Courses: 64

Total Duration: 26 hours

Total CPE Credits: 31

The Courses

View All Courses     Download Learning Path Catalog     Download Course Catalog

DES 214 – Securing Infrastructure Architecture

30 Minutes
Advanced

DES 215 – Defending Infrastructure

30 Minutes
Advanced

COD 249 – PCI DSS 11: Regularly Test Security Systems and Processes (NEW)

15 Minutes

COD 248 – PCI DSS 6: Develop and Maintain Secure Systems and Applications (NEW)

15 Minutes

COD 247 – PCI DSS 4: Encrypting Transmission of Cardholder Data (NEW)

15 Minutes

COD 246 – PCI DSS 3: Protecting Stored Cardholder Data (NEW)

15 Minutes

COD 108 – Software Operations and Maintenance (NEW)

10 Minutes

COD 107 – Secure Software Deployment (NEW)

10 Minutes

COD 106 – The Importance of Software Integration and Testing (NEW)

15 Minutes

COD 105 – Secure Software Development (NEW)

20 Minutes

COD 104 – Designing Secure Software (NEW)

15 Minutes

COD 103 – Creating Software Security Requirements (NEW)

10 Minutes

COD 102 – The Role of Software Security (NEW)

10 Minutes

TST 272 – Testing for Open Redirect (CWE-601)

15 Minutes
Advanced

TST 269 – Testing for Use of a Broken or Risky Cryptographic Algorithm (CWE-327)

15 Minutes
Advanced

TST 268 – Testing for Use of a Potentially Dangerous Function (CWE-676)

15 Minutes
Advanced

TST 267 – Testing for Incorrect Permission Assignment for Critical Resource (CWE-732)

15 Minutes
Advanced

TST 266 – Testing for Inclusion of Functionality from Untrusted Control Sphere (CWE-829)

15 Minutes
Advanced

TST 264 – Testing for Download of Code without Integrity Check (CWE-494)

15 Minutes
Advanced

TST 262 – Testing for Cross Site Request Forgery (CSRF): CWE-352

15 Minutes
Advanced

TST 261 – Testing for Execution with Unnecessary Privileges (CWE-250)

15 Minutes
Advanced

TST 260 – Testing for Reliance on Untrusted Inputs in a Security Decision (CWE-807)

15 Minutes
Advanced

TST 259 – Testing for Unrestricted Upload of File with Dangerous Type (CWE-434)

15 Minutes
Advanced

TST 258 – Testing for Missing Encryption of Sensitive Data (CWE-311)

15 Minutes
Advanced

TST 257 – Testing for Use of Hard-Coded Credentials (CWE-798)

15 Minutes
Advanced

TST 256 – Testing for Missing Authorization (CWE-862)

15 Minutes
Advanced

TST 253 – Testing for Classic Buffer Overflow (CWE-120)

15 Minutes
Advanced

ENG 312 – How to Perform a Security Code Review

60 Minutes
Elite

ENG 311 – Attack Surface Analysis & Reduction

60 Minutes
Elite

ENG 211 – How to Create Application Security Design Requirements

60 Minutes
Advanced

ENG 205 – Fundamentals of Threat Modeling

60 Minutes
Advanced

ENG 195 – Implementing the Microsoft SDL Threat Modeling Tool

20 Minutes
Core

ENG 194 – Implementing Microsoft SDL Line of Business

20 Minutes
Core

ENG 193 – Implementing the Microsoft SDL Optimization Model

25 Minutes
Core

ENG 192- Implementing the Agile Microsoft SDL

20 Minutes
Core

DES 231 – Applying OWASP 2017: Mitigating Insufficient Logging & Monitoring Vulnerabilities

12 Minutes
Advanced

DES 230 – Applying OWASP 2017: Mitigating Use of Components with Known Vulnerabilities

12 Minutes
Advanced

DES 229 – Applying OWASP 2017: Mitigating Insecure Deserialization

12 Minutes
Advanced

DES 226 – Applying OWASP 2017: Mitigating Broken Access Control

12 Minutes
Advanced

DES 225 – Applying OWASP 2017: Mitigating XML External Entities

12 Minutes
Advanced

DES 224 – Applying OWASP 2017: Mitigating Sensitive Data Exposure

12 Minutes
Advanced

DES 223 – Applying OWASP 2017: Mitigating Broken Authentication

12 Minutes
Advanced

DES 222 – Applying OWASP 2017: Mitigating Injection

12 Minutes
Advanced

DES 217 – Application, Technical & Physical Access Controls

30 Minutes
Advanced

DES 216 – Securing Cloud Instances

30 Minutes

DES 212 – Architecture Risk Analysis & Remediation

60 Minutes
Advanced

DES 205 – Message Integrity Cryptographic Functions

45 Minutes
Advanced

DES 204 – Role of Cryptography in Application Development

15 Minutes
Advanced

DES 203 – Cryptographic Components: Randomness, Algorithms, and Key Management

15 Minutes
Advanced

DES 202 – Cryptographic Suite Services: Encoding, Encrypting & Hashing

45 Minutes

DES 101 – Fundamentals of Secure Architecture

60 Minutes
Core

COD 241 – Creating Secure Oracle DB Applications

45 Minutes
Advanced

COD 229 – Insecure IoT Mobile Interface (NEW)

10 Minutes

COD 228 – Insecure IoT Communications (NEW)

10 Minutes
Advanced

COD 227 – Insecure IoT Network Services (NEW)

10 Minutes
Advanced

COD 226 – Insecure IoT Authentication & Authorization (UPDATED)

10 Minutes
Advanced

COD 225 – Insecure IoT Web Interfaces (UPDATED)

10 Minutes
Advanced

COD 222 – PCI DSS v3.2 Best Practices for Developers

60 Minutes
Advanced

COD 153 – Fundamentals of Secure Ajax Code (Update Coming Soon)

35 Minutes
Core

COD 152 – Fundamentals of Secure Cloud Development (Update Coming Soon)

30 Minutes
Core

COD 141 – Fundamentals of Secure Database Development

110 Minutes
Core

COD 101 – Fundamentals of Secure Development

60 Minutes
Core

AWA 102 – Secure Software Concepts

30 Minutes
Core

AWA 101 – Fundamentals of Application Security (UPDATED)

30 Minutes
Core