PCI DSS for Developers Learning Path

Explore the details of PCI DSS with this path aimed at developers.

3 hours, 51 minutes

Quick facts

About this learning path

  • courses

    100% online

  • Duration

    3 hours, 51 minutes

  • Assessment


About PCI DSS for Developers

Any application that processes or stores credit card data needs to comply with the Payment Card Industry Data Security Standard (PCI DSS). Developers should be aware of PCI DSS and understand how to design for and maintain continuous compliance. This path equips participants with a foundational understanding of the PCI DSS framework, as well as providing a deep dive into the applicable PCI DSS requirements that apply to software design, development and testing; some known security vulnerabilities; and code review techniques to assess the adequacy of security controls.



PCI-DSS for Developers Skill Assessment

Assessment - 26 questions

Setting the scene for PCI DSS

Course - 00:38:00

The Payment Card Industry Data Security Standard (PCI DSS) is an established information security standard which applies to any organization involved in the processing, transmission and storage of credit card information. As an introduction, we debunk some common myths surrounding PCI DSS and provide an overview of the evolution of PCI DSS since 2004. We close out with an overview of related industry frameworks and legislation which also impact data protection.
PCI DSS unpacked and applied to the software development life cycle

Course - 00:47:00

Applications can be used as easy gateways for hacking sensitive data like credit card numbers and customer details. Any application that will be processing credit card data will need to comply with specific PCI DSS regulations. In this course, we unpack Requirement 6 of PCI DSS, which speaks to deploying secure systems and applications.
Data privacy & security by design

Course - 00:16:00

In this course, we bring the disciplines of data privacy and information Security together. We show how GDPR and comparable global legislation define privacy requirements, and also outline technical and organizational policies and measures to protect private information.
Solving for common coding vulnerabilities to ensure PCI DSS compliance

Course - 00:32:00

As secure coding practices accepted by the industry evolve, our coding practices and training programs should also pivot to address those new threats. Up-to-date secure code development methods should align with leading industry practices such as the OWASP Guidelines, SANS CWE Top 25 and CERT Secure Coding.
PCI DSS-relevant code review tips and techniques

Course - 00:44:00

Secure code review allows organizations to provide assurance that their application developers are following secure development techniques. The intention behind secure code reviews is to verify that the proper security and logical controls are present, that they work as intended and that they have been called up in the right places. We unpack the what, the why (benefits) and the how (common methods) of code assurance, also known as code reviews.
Bringing it home - Course wrap up and PCI-DSS project

Course - 00:43:00

Our case study is about Deeyes EsMart, a California-based online retailer which (by virtue of their size and number of transactions processed) triggers the PCI DSS requirements. We devise and walk through a six-point game plan which weaves together a lot of the concepts covered throughout this course. We've also included reference material for delegates to refer to at their leisure.

The details

Learning path insights

How to claim CPEs

Should you complete this learning path, you’ll be able to download a certificate of completion. Use this to claim your CPEs or CPUs.

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • All-Source Analyst
  • Mission Assessment Specialist
  • Exploitation Analyst

No software. No set up. Unlimited access.

Skip the server racks and spin up a realistic environment with one click. Infosec Skills cyber ranges require no additional software, hardware or server space so your team can spend less time configuring environments and more time learning. Unlimited cyber range access is included in every Infosec Skills subscription so your team can skill up however they learn best.

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo