Course Catalog / Learning Path / PCI Developer

PCI Developer

Overview

The PCI learning path includes a variety of security courses that will vary depending on whether you are seeking core, advanced or elite paths. It is designed for those responsible for developing applications that process credit and debit card payments and/or any type of cardholder data.

The PCI Developer learning path provides learners with the tools required to meet the Payment Card Industry Data Security Standards (PCI DSS) for systems that transmit, process, and/or store cardholder data.

Courses provide a framework for:

Developing secure applications
Conducting effective test procedures
Adopting guidance for mitigating issues

Core

Fundamentals of Application Security
Secure Software Concepts
Fundamentals of Secure Development
Fundamentals of Secure DB Development
Fundamentals of Secure Cloud Development
Fundamentals of Threat Modeling

Advanced

PCI DSS v3.2 Best Practices for Developers
IoT Specialization Series (6)
Creating Secure Oracle Database Applications
Fundamentals of Cryptography Series (4)
Secure Enterprise Infrastructure Series (4)
Applying OWASP 2017 Mitigations Series (10)
Testing for Classic Buffer Overflow
Testing for Missing Authorization
Testing for Use of Hard-Coded Credentials
Testing for Missing Encryption of Sensitive Data
Testing for Unrestricted Upload of File with Dangerous Type
Testing for Reliance on Untrusted Inputs in a Security Decision
Testing for Execution with Unnecessary Privileges
Testing for Cross-Site Request Forgery
Testing for Download of Code Without Integrity Check
Testing for Inclusion of Functionality from Untrusted Control Sphere
Testing for Incorrect Permission Assignment for Critical Resource
Testing for Use of a Potentially Dangerous Function
Testing for Use of a Broken or Risky Cryptographic Algorithm
Testing for Open Redirect
Testing for Uncontrolled Format String

Elite

Fundamentals of Secure Architecture
Architecture Risk Analysis and Remediation
Creating Secure Application Architecture
Integrating the MS SDL into your SDLC Series (5)
How to Create Application Security Design Requirements
Attack Surface Analysis & Reduction
How to Perform a Security Code Review

Ready to Demo? Questions about learning paths? Contact Us!

Learning Path Details

Number of Courses: 53

Total Duration: 26 hours

Total CPE Credits: 31

The Courses

View All Courses Download Learning Path Catalog Download Course Catalog

Course Catalog / Learning Path / PCI Developer

PCI Developer

Overview

Learning Path Details

The Courses

TST 272 – Testing for Open Redirect (CWE-601)

TST 269 – Testing or Use of a Broken or Risky Cryptographic Algorithm (CWE-327)

TST 268 – Testing for Use of a Potentially Dangerous Function (CWE-676)

TST 267 – Testing or Incorrect Permission Assignment for Critical Resource (CWE-732)

TST 266 – Testing for Inclusion of Functionality from Untrusted Control Sphere (CWE-829)

TST 264 – Testing for Download of Code without Integrity Check (CWE-494)

TST 262 – Testing for Cross Site Request Forgery (CSRF): CWE-352

TST 261 – Testing for Execution with Unnecessary Privileges (CWE-250)

TST 260 – Testing for Reliance on Untrusted Inputs in a Security Decision (CWE-807)

TST 259 – Testing for Unrestricted Upload of File with Dangerous Type (CWE-434)

TST 258 – Testing for Missing Encryption of Sensitive Data (CWE-311)

TST 257 – Testing for Use of Hard-Coded Credentials (CWE-798)

TST 256 – Testing for Missing Authorization (CWE-862)

TST 253 – Testing for Classic Buffer Overflow (CWE-120)

ENG 312 – How to Perform a Security Code Review

Attack Surface Analysis & Reduction

How to Create Application Security Design Requirements

Fundamentals of Threat Modeling

Implementing the Microsoft SDL Threat Modeling Tool

Implementing Microsoft SDL Line of Business

Implementing the Microsoft SDL Optimization Model

Implementing the Agile Microsoft SDL

Applying OWASP 2017: Mitigating Insufficient Logging & Monitoring Vulnerabilities

Applying OWASP 2017: Mitigating Use of Components with Known Vulnerabilities

Applying OWASP 2017: Mitigating Insecure Deserialization

Applying OWASP 2017: Mitigating Broken Access Control

Applying OWASP 2017: Mitigating XML External Entities

Applying OWASP 2017: Mitigating Sensitive Data Exposure

Applying OWASP 2017: Mitigating Broken Authentication

Applying OWASP 2017: Mitigating Injection

Application, Technical & Physical Access Controls

Securing Cloud Instances

Securing Operating System Access

Securing Network Access

Architecture Risk Analysis & Remediation

Message Integrity Cryptographic Functions

Role of Cryptography in Application Development

Cryptographic Components: Randomness, Algorithms, and Key Management

Cryptographic Suite Services: Encoding, Encrypting & Hashing

Fundamentals of Secure Architecture

Creating Secure Oracle DB Applications

Insecure IoT Mobile Interface

Insecure IoT Communications

Insecure IoT Network Services

Insecure IoT Authentication & Authorization

Insecure IoT Web Interfaces

PCI DSS v3.2 Best Practices for Developers

Fundamentals of Secure Ajax Code

Fundamentals of Secure Cloud Development

Fundamentals of Secure Database Development

Fundamentals of Secure Development

Secure Software Concepts

Fundamentals of Application Security