PCI Developer


The PCI learning path includes a variety of security courses that will vary depending on whether you are seeking core, advanced or elite paths. It is designed for those responsible for developing applications that process credit and debit card payments and/or any type of cardholder data.

The PCI Developer learning path provides learners with the tools required to meet the Payment Card Industry Data Security Standards (PCI DSS) for systems that transmit, process, and/or store cardholder data.

Courses provide a framework for:

  • Developing secure applications
  • Conducting effective test procedures
  • Adopting guidance for mitigating issues


  • AWA 101 Fundamentals of Application Security
  • AWA 102 Secure Software Concepts
  • COD 102-108 Fundamentals of SDLC Security Series (7)
  • COD 141 Fundamentals of Secure DB Development
  • COD 152 Fundamentals of Secure Cloud Development
  • ENG 205 Fundamentals of Threat Modeling


  • COD 246-249 PCI Compliance for Developers Series (4)
  • COD 225-230 IoT Specialization Series (6)
  • COD 241 Creating Secure Oracle Database Applications
  • DES 202-205 Fundamentals of Cryptography Series (4)
  • DES 214-216 Secure Enterprise Infrastructure Series (3)
  • DES 222-231 Applying OWASP 2017 Mitigations Series (10)
  • TST 253 Testing for Classic Buffer Overflow
  • TST 256 Testing for Missing Authorization
  • TST 257 Testing for Use of Hard-Coded Credentials
  • TST 258 Testing for Missing Encryption of Sensitive Data
  • TST 259 Testing for Unrestricted Upload of File with Dangerous Type
  • TST 260 Testing for Reliance on Untrusted Inputs in a Security Decision
  • TST 261 Testing for Execution with Unnecessary Privileges
  • TST 262 Testing for Cross-Site Request Forgery
  • TST 264 Testing for Download of Code Without Integrity Check
  • TST 266 Testing for Inclusion of Functionality from Untrusted Control Sphere
  • TST 267 Testing for Incorrect Permission Assignment for Critical Resource
  • TST 268 Testing for Use of a Potentially Dangerous Function
  • TST 269 Testing for Use of a Broken or Risky Cryptographic Algorithm
  • TST 272 Testing for Open Redirect
  • TST 273 Testing for Uncontrolled Format String


  • DES 101 Fundamentals of Secure Architecture
  • DES 212 Architecture Risk Analysis and Remediation
  • ENG 191-195 Integrating the MS SDL into your SDLC Series (5)
  • ENG 211 How to Create Application Security Design Requirements
  • ENG 311 Attack Surface Analysis & Reduction
  • ENG 312 How to Perform a Security Code Review

Learning Path Details

Number of Courses: 64

Total Duration: 26 hours

Total CPE Credits: 31