Overview
The PCI learning path includes a variety of security courses that will vary depending on whether you are seeking core, advanced or elite paths. It is designed for those responsible for developing applications that process credit and debit card payments and/or any type of cardholder data.
The PCI Developer learning path provides learners with the tools required to meet the Payment Card Industry Data Security Standards (PCI DSS) for systems that transmit, process, and/or store cardholder data.
Courses provide a framework for:
- Developing secure applications
- Conducting effective test procedures
- Adopting guidance for mitigating issues
- AWA 101 – Fundamentals of Application Security
- AWA 102 – Secure Software Concepts
- COD 102 – The Role of Software Security
- COD 103 – Creating Software Security Requirements
- COD 104 – Designing Secure Software
- COD 105 – Secure Software Development
- COD 106 – The Importance of Software Integration and Testing
- COD 107 – Secure Software Deployment
- COD 108 – Software Operations and Maintenance
- COD 141 – Fundamentals of Database Security
- COD 152 – Fundamentals of Secure Cloud Development
- DES 101 – Fundamentals of Secure Architecture
- DES 151 – Fundamentals of the PCI Secure SLC Standard
- COD 241 – Creating Secure Oracle DB Applications
- COD 246 – PCI DSS 3: Protecting Stored Cardholder Data
- COD 247 – PCI DSS 4: Encrypting Transmission of Cardholder Data
- COD 248 – PCI DSS 6: Develop and Maintain Secure Systems and Applications
- COD 249 – PCI DSS 11: Regularly Test Security Systems and Processes
- COD 251 – Defending AJAX-Enabled Web Applications
- DES 204 – Role of Cryptography in Application Development
- DES 212 – Architecture Risk Analysis & Remediation
- DES 214 – Securing Infrastructure Architecture
- DES 215 – Defending Infrastructure
- DES 216 – Protecting Cloud Infrastructure
- DES 218 – Protecting Microservices, Containers, and Orchestration
- DES 222 – Applying OWASP 2017: Mitigating Injection
- DES 223 – Applying OWASP 2017: Mitigating Broken Authentication
- DES 224 – Applying OWASP 2017: Mitigating Sensitive Data Exposure
- DES 225 – Applying OWASP 2017: Mitigating XML External Entities
- DES 226 – Applying OWASP 2017: Mitigating Broken Access Control
- DES 227 – Applying OWASP 2017: Mitigating Security Misconfiguration
- DES 228 – Applying OWASP 2017: Mitigating Cross Site Scripting (XSS)
- DES 229 – Applying OWASP 2017: Mitigating Insecure Deserialization
- DES 230 – Applying OWASP 2017: Mitigating Use of Components with Known Vulnerabilities
- DES 231 – Applying OWASP 2017: Mitigating Insufficient Logging & Monitoring Vulnerabilities
- DES 281 – OWASP IoT1: Mitigating Weak, Guessable or Hardcoded Passwords
- DES 282 – OWASP IoT2: Mitigating Insecure Network Services
- DES 283 – OWASP IoT3: Mitigating Insecure Ecosystem Interfaces
- DES 284 – OWASP IoT4: Mitigating Lack of Secure Update Mechanism
- DES 285 – OWASP IoT5: Mitigating Use of Insecure or Outdated Components
- DES 286 – OWASP IoT6: Mitigating Insufficient Privacy Protection
- DES 287 – OWASP IoT7: Mitigating Insecure Data Transfer and Storage
- DES 288 – OWASP IoT8: Mitigating Lack of Device Management
- DES 289 – OWASP IoT9: Mitigating Insecure Default Settings
- DES 290 – OWASP IoT10 Mitigating Lack of Physical Hardening
- ENG 205 – Fundamentals of Threat Modeling
- ENG 211 – How to Create Application Security Design Requirements
- ENG 212 – Implementing Secure Software Operations
- COD 328 – Testing for Classic Buffer Overflow (CWE-120)
- COD 331 – Testing for Missing Authorization (CWE-862)
- COD 332 – Testing for Use of Hard-Coded Credentials (CWE-798)
- COD 333 – Testing for Missing Encryption of Sensitive Data (CWE-311)
- COD 334 – Testing for Unrestricted Upload of File with Dangerous Type (CWE-434)
- COD 335 – Testing for Reliance on Untrusted Inputs in a Security Decision (CWE-807)
- COD 336 – Testing for Execution with Unnecessary Privileges (CWE-250)
- COD 337 – Testing for Cross Site Request Forgery (CSRF): CWE-352
- COD 339 – Testing for Download of Code without Integrity Check (CWE-494)
- COD 341 – Testing for Inclusion of Functionality from Untrusted Control Sphere (CWE-829)
- COD 342 – Testing for Incorrect Permission Assignment for Critical Resource (CWE-732)
- COD 343 – Testing for Use of a Potentially Dangerous Function (CWE-676)
- COD 344 – Testing for Use of a Broken or Risky Cryptographic Algorithm (CWE-327)
- COD 347 – Testing for Open Redirect (CWE-601)
- COD 348 – Testing for Uncontrolled Format String (CWE-134)
- DES 311 – Creating Secure Application Architecture
- DES 312 – Protecting Cardholder Data (NEW)
- DSO 307 – Secure Secrets Management
- ENG 311 – Attack Surface Analysis & Reduction
- ENG 312 – How to Perform a Security Code Review
Learning Path Details
Number of Courses: 68
Total Duration: 21 hours
Total CPE Credits: 25