Certified Payment Industry Security Implementer – Developer

With the increase in the demand for digital transactions, application developers are innovating payment features continually. In today’s digital evolution, a simple error in software code can create a vulnerability that can result in a data breach. This brings up the need to incorporate resilient secure application development practices right from the first line of the application.


CPISI-D is a Secure Application Development Training workshop aimed at developers and architects to build secure applications. The workshop revolves around the two best application security practices, PCI-SSF, and OWASP to train participants on an in-depth security implementation during design, development, testing, and deployment.


Secure Application Development Training can ensure that security controls are established at every stage of the Software Development Life Cycle and helps to secure payment applications from possible vulnerabilities and remove any redundant codes and functionality.

Who can participate?

The intended audience for this workshop is application developers, architects, application testing teams, and the payment application security enthusiasts with the zeal of learning payment security concepts.

CPISI-D Agenda

Day 1

  • Introduction to PCI-DSS and payment eco-system
    • Basic Concepts, Background and Recent Events
    • Overview of Payment Card Industry and PCI-SSF standard
    • How to do risk assessment and threat profiling for the application
  • Security By Design
    • How to process and protect sensitive data, includes deail on encryption, key management, hashing, truncation and tokenization
    • Application authorization and access control feature
    • What to log and how the audit trails needs to be captured
  • Designing the application for covering common application vulnerabilities
  • Securing applications from Code Level Vulnerabilities

Day 2

  • Security During Development
    • Overview OWASP Top 10 Vulnerability (Web+Mobile)
  • Overview of the PCI-SSF Requirements
    • PCI-SSF Applications
    • PCI-SSF Requirements (1-12)
  • OWASP Top 10 Vulnerability Demo
  • Impact and Mitigation Approach
  • Mobile Application Security Overview
  • Secure deployment, maintaining the application security including production support

Key Takeaways

  • Understand the in-depth concepts of payments ecosystems and payment transaction flow
  • Gain knowledge on PCI-SSF requirements and respective security control implementations
  • Learn from use cases of recent payment application breaches
  • Learn about secure coding and some of the common coding vulnerabilities

Who can participate?

  • Payment application Developers
  • Code reviewers
  • Application head
  • Application architects
  • Software Developers
  • Website Developers
  • Mobile App Developers

CPISI-D Exclusive

  • CPISI-D is a comprehensive course covering holistic approaches to build a secure payment application
  • Provided by trainers with expertise in source code review and experience in handling PCI-SSF compliance
  • The 2-day session covers a broad scope of major risks and vulnerabilities that the developer needs to be vigilant while building secure payment applications

Workshop Participants Testimonial

Trainers stress on participation by candidates made the session lively and enjoyable.

Very useful information and relevant to today’s status.

The training was very useful to understand the payment card industry standard.

The trainer was very knowledgeable and the workshop helped us to gain knowledge necessary for both personal and business development.

Trainers are SME’s, competent and knowledgeable enough to understand, respond and clarify participants queries.

My second CPISI and this was the best.

Request a Call

Your Message
How did you hear about us?

Validate your certificate

Please Note: Certified Payment Industry Security Implementer 2.0 (CPISI 2.0) is an independent payments industry certification offered by SISA for payment security professionals, relating to the standards; PCI DSS, ISO 27001, NIST, SWIFT, and Regional Data Security Regulations (including Central Bank Regulations).

The standards mentioned above are managed and developed by the respective council/ provider/ standard holders. They might provide their own training and certification programs. SISA is not affiliated with or endorsed by any of the above council/ provider/ standard holders.

For more information about the mentioned standards, kindly visit their respective websites.
SISA’s Latest
close slider