Overview
The PCI learning path includes a variety of security courses that will vary depending on whether you are seeking core, advanced or elite paths. It is designed for those responsible for developing applications that process credit and debit card payments and/or any type of cardholder data.
The PCI Developer learning path provides learners with the tools required to meet the Payment Card Industry Data Security Standards (PCI DSS) for systems that transmit, process, and/or store cardholder data.
Courses provide a framework for:
- Developing secure applications
- Conducting effective test procedures
- Adopting guidance for mitigating issues
- AWA 101 – Fundamentals of Application Security (UPDATED)
- AWA 102 – Secure Software Concepts
- COD 102 – The Role of Software Security (NEW)
- COD 103 – Creating Software Security Requirements (NEW)
- COD 104 – Designing Secure Software (NEW)
- COD 105 – Secure Software Development (NEW)
- COD 106 – The Importance of Software Integration and Testing (NEW)
- COD 107 – Secure Software Deployment (NEW)
- COD 108 – Software Operations and Maintenance (NEW)
- COD 141 – Fundamentals of Secure Database Development
- COD 152 – Fundamentals of Secure Cloud Development (Updated)
- DES 101 – Fundamentals of Secure Architecture
- ENG 205 – Fundamentals of Threat Modeling
- COD 225 – Insecure IoT Web Interfaces (UPDATED)
- COD 226 – Insecure IoT Authentication & Authorization (UPDATED)
- COD 227 – Insecure IoT Network Services (UPDATED)
- COD 228 – Insecure IoT Communications (UPDATED)
- COD 229 – Insecure IoT Mobile Interface (UPDATED)
- COD 230 – Insecure IoT Firmware (UPDATED)
- COD 241 – Creating Secure Oracle DB Applications
- COD 246 – PCI DSS 3: Protecting Stored Cardholder Data (NEW)
- COD 247 – PCI DSS 4: Encrypting Transmission of Cardholder Data (NEW)
- COD 248 – PCI DSS 6: Develop and Maintain Secure Systems and Applications (NEW)
- COD 249 – PCI DSS 11: Regularly Test Security Systems and Processes (NEW)
- COD 251 – Defending AJAX-Enabled Web Applications (NEW)
- DES 202 – Cryptographic Suite Services: Encoding, Encrypting & Hashing
- DES 203 – Cryptographic Components: Randomness, Algorithms, and Key Management
- DES 204 – Role of Cryptography in Application Development
- DES 205 – Message Integrity Cryptographic Functions
- DES 214 – Securing Infrastructure Architecture (NEW)
- DES 215 – Defending Infrastructure (NEW)
- DES 216 – Protecting Cloud Infrastructure (New)
- DES 218 – Protecting Microservices, Containers, and Orchestration (New)
- DES 222 – Applying OWASP 2017: Mitigating Injection
- DES 223 – Applying OWASP 2017: Mitigating Broken Authentication
- DES 224 – Applying OWASP 2017: Mitigating Sensitive Data Exposure
- DES 225 – Applying OWASP 2017: Mitigating XML External Entities
- DES 226 – Applying OWASP 2017: Mitigating Broken Access Control
- DES 227 – Applying OWASP 2017: Mitigating Security Misconfiguration
- DES 228 – Applying OWASP 2017: Mitigating Cross Site Scripting (XSS)
- DES 229 – Applying OWASP 2017: Mitigating Insecure Deserialization
- DES 230 – Applying OWASP 2017: Mitigating Use of Components with Known Vulnerabilities
- DES 231 – Applying OWASP 2017: Mitigating Insufficient Logging & Monitoring Vulnerabilities
- TST 253 – Testing for Classic Buffer Overflow (CWE-120)
- TST 256 – Testing for Missing Authorization (CWE-862)
- TST 257 – Testing for Use of Hard-Coded Credentials (CWE-798)
- TST 258 – Testing for Missing Encryption of Sensitive Data (CWE-311)
- TST 259 – Testing for Unrestricted Upload of File with Dangerous Type (CWE-434)
- TST 260 – Testing for Reliance on Untrusted Inputs in a Security Decision (CWE-807)
- TST 261 – Testing for Execution with Unnecessary Privileges (CWE-250)
- TST 262 – Testing for Cross Site Request Forgery (CSRF): CWE-352
- TST 264 – Testing for Download of Code without Integrity Check (CWE-494)
- TST 266 – Testing for Inclusion of Functionality from Untrusted Control Sphere (CWE-829)
- TST 267 – Testing for Incorrect Permission Assignment for Critical Resource (CWE-732)
- TST 268 – Testing for Use of a Potentially Dangerous Function (CWE-676)
- TST 269 – Testing for Use of a Broken or Risky Cryptographic Algorithm (CWE-327)
- TST 272 – Testing for Open Redirect (CWE-601)
- TST 273 – Testing for Uncontrolled Format String (CWE-134)
- DES 212 – Architecture Risk Analysis & Remediation
- DES 311 – Creating Secure Application Architecture
- ENG 191 – Introduction to the Microsoft SDL
- ENG 192- Implementing the Agile Microsoft SDL
- ENG 193 – Implementing the Microsoft SDL Optimization Model
- ENG 194 – Implementing Microsoft SDL Line of Business
- ENG 195 – Implementing the Microsoft SDL Threat Modeling Tool
- ENG 211 – How to Create Application Security Design Requirements
- ENG 311 – Attack Surface Analysis & Reduction
- ENG 312 – How to Perform a Security Code Review
Learning Path Details
Number of Courses: 68
Total Duration: 27 hours
Total CPE Credits: 33