Fundamentals of Application Security
This course sets the foundation for understanding application security throughout the development process.
Information and Application Security Awareness
This Instructor-Led course examines the root cause of software vulnerabilities, how attackers view your applications, the true cost of software vulnerabilities, and how to integrate security into your development and IT organizations.
Fundamentals of Secure Development
This course introduces you to the need for secure software development and best practices.
Fundamentals Secure Mobile Development
This course introduces developers to the common risks associated with Mobile applications including client side injection, sensitive data handling, network transition, application patching, web based attacks, phishing, third-party code, location security and privacy and denial of service. The student is then given an overview of the Mobile application development best practices to reduce these risks including input validation, output encoding, least privilege, code signing, data protection at rest and in transit, avoiding client side validation, and using platform security capabilities as they apply in mobile environments. Included is a discussion of threat modeling mobile applications. With knowledge checks throughout, the student who completes this course will have an understanding of mobile environment threats and risks, and the programming principles to use to address them.
Fundamentals of Secure Database Development
This course provides software architects/developers with an understanding of database development best practices.
Fundamentals of Secure Cloud Development
This course introduces developers to the common risks associated with Cloud applications, including the security features of the different series models (IaaS, PaaS, and Saas), how to identify and mitigate the most common vulnerabilities, the unique security challenges of “Big Data”, and how to apply the Microsoft SDL to cloud applications. Threat coverage includes unauthorized account access, insecure APIs, shared technology, data leakage, and account hijacking, as well the importance of complying with regulatory requirements. With knowledge checks throughout, the student who completes this course will have an understanding of cloud computing threats and risks, and the programming principals to use to address them.
Fundamentals of Secure AJAX Code
This course introduces security issues and challenges specific to AJAX applications.
Fundamentals of Secure Embedded Software Development
This course teaches about security issues inherent to IoT embedded device architecture techniques to identify system security and performance requirements.
Identifying Threats to Mainframe COBOL Applications and Data
This course covers the most common security issues that affect the confidentiality, integrity, and availability of COBOL programs on mainframes.
Fundamentals of Secure Mobile Development for IoT Embedded Systems
This course provides additional training on Secure Mobile Development pertaining to embedded software engineers.
Creating Secure C Code Series
This series provides C developers with the knowledge and skills required to secure communications with Transport Layer Security (TLS) and to implement run-time protections with technologies such as stack security cookies, Address Space Layout Randomization (ASLR), and No-eXecute.
Secure C Encrypted Network Communications
In this course, you will learn about secure communications using Transport Layer Security (TLS), and best practices for implementing these with your C and C++ applications. After completing this course, you will be able to identify the basic principles of TLS, identify libraries and interfaces for implementing the TLS protocol, identify TLS security considerations, and identify alternatives to TLS.
Secure C Run-Time Protection
This course discusses common run-time protection technologies that you can use to protect your application from attack. After completing this course, you will be able to identify run-time protection technologies, such as stack security cookies, Address Space Layout Randomization, and No-eXecute. You will be also able to identify their limitations, and how to apply them to your applications.
Creating Secure C++ Code Series
This series provides C++ developers with the knowledge and skills required to mitigate memory corruption vulnerabilities, protect data in transit using strong TLS ciphers, and to protect data using cryptographic best practices
Creating Secure C++ Code
This course highlights some of the most useful security features for avoiding memory corruption vulnerabilities in C++, including: • Using standard containers and their built-in functions to avoid direct memory operations • Using bounds-checking functions, especially for string manipulation, to avoid buffer overflows • Using smart pointers to avoid memory leaks associated with managing raw pointers • Using standard concurrency features to help reduce the risk of introducing race conditions • Using object-oriented programming features to define and manipulate data in terms of objects, thus avoiding direct memory operations that may lead to memory corruption • Using range-based loops to avoid off-by-one indexing errors Using native regular expressions to validate untrusted text input and avoid the risk of introducing vulnerabilities through third-party libraries.
Communication Security in C++
This course discusses how to protect data in transit using encryption libraries and strong TLS ciphers. It also reviews important issues about public key certificates including signing and verifying them.After completing this course, you will be able to identify well-trusted encryption libraries and strong TLS cipher suites to protect data in transit, and explain how to protect and verify the integrity of public key certificates
Creating Secure Code – .NET Framework Foundations
This course describes .NET 4 security features, including concepts such as Code Access Security (CAS) and .NET cryptographic technologies. In addition, this course will introduce you to security changes in .NET 4 including level 2 security transparency, the new sandboxing and permission model, introduction of conditional APTCA, and changes to evidence objects and collections. This course provides secure coding best practices that will enable students to build more secure applications in .NET 4.
Creating Secure Code - SAP ABAP Foundations
This course discusses best practices and techniques for secure SAP application development using Java and ABAP.
PCI DSS v3.2 Best Practices for Developers
This course provides software developers an understanding of PCI-DSS Version 3.2 application security issues.
IoT Specialization Series
In this series, you will learn about the importance of integrating security into each stage of your IoT SDLC.
Insecure IoT Web Interfaces
In this course, you will learn how to identify common threats to IoT web interfaces and apply best practices to mitigate these threats.
Insecure IoT Authentication and Authorization
In this course, you will learn about how to implement secure authentication and authorization for Internet of Things (IoT) devices.
Insecure IoT Network Services
In this course, you will learn about the vulnerabilities of Insecure Network Services within the context of the Internet of Things (IoT) devices, and best practices to protect network services on IoT devices.
Insecure IoT Communications
In this course, you will learn about the risks of insecure communications.
Insecure IoT Mobile Interface
In this course, you will learn about best practices for protecting mobile applications used for IoT solutions
Insecure IoT Firmware
In this course, you will learn how to securely distribute updates that fix known vulnerabilities in software or firmware for your Internet of Things devices.
OWASP Mobile Series
In this series, you will learn about the importance of integrating security into each stage of your Mobile App Development SDLC.
Mobile Threats and Mitigations
In this course, you will learn about best practices for identifying and mitigating the most common threats to mobile applications and their data.
Defending Mobile Data with Cryptography
In this course, you will learn about best practices for implementing strong cryptography to protect mobile applications and their data.
Mobile App Authentication and Authorization
In this course, you will learn how to integrate secure authentication and authorization into your mobile application.
Defending Mobile App Code
In this course, you will learn about best practices for defending your mobile application's code from attacks.
Creating Secure SQL Server and Azure SQL Database Applications
In this course, you will learn how to protect sensitive data and while ensuring the integrity of applications running on the Microsoft SQL Server Engine and Azure SQL Database.
Creating Secure AJAX Code - ASP.NET Foundations
This course introduces secure ASP.NET coding principles for AJAX applications.
Creating Secure AJAX Code - Java Foundations
This course introduces secure Java coding principles for AJAX applications.
Creating Secure AWS Cloud Applications
This course examines the security vulnerabilities, threats, and mitigations for AWS cloud computing services.
Creating Secure Azure Applications
This course examines the security vulnerabilities, threats, and mitigations for Azure cloud computing services.
Creating Secure Code - Web API Applications
This course introduces the fundamentals of secure web services development.
Creating Secure Code - Ruby on Rail Foundations
This course teaches best practices and techniques for secure application development with Ruby on Rails.
Creating Secure Python Web Applications
In this course, you will learn about best practices and techniques for secure web application development with Python.
Secure Scripting Series
In this series, you will learn about how to identify security threats to scripts and how to mitigate those threats by implementing access controls and following secure scripting best practices.
Threats to Scripts
In this course, you will learn about the impact of incorrect script development or lax security measures. You will also learn about the most common scripting vulnerabilities, including cached secrets, a variety of injection vulnerabilities, weaknesses related to permissions and privileges, and the threat of resource exhaustion.
Fundamentals of Secure Scripting
In this course, you will learn about how shell scripting languages compare with more modern interpreted languages, several information security principles including least privilege and defense in depth, the importance of data validation, and operating system portability issues.
Secure Scripting with Perl, Python, Bash and Ruby
In this course, you will learn about the importance of error and exception handling in shell scripts and interpreted languages, common syntax pitfalls, and how to prevent or mitigate several common vulnerabilities.
Protecting Sensitive Data while Scripting
In this course, you will learn about how to use filesystem operations safely to protect files, techniques for system hardening, cryptography basics, and the importance of up-to-date communication security techniques.
Creating Secure COBOL and Mainframe Applications
This course covers countermeasures for security vulnerabilities on the mainframe, such as input validation, parameterized APIs, strong cryptography, and being aware of memory management issues.
Creating Secure Java Series Services
This series provides Java developers with the knowledge and skills required to implement the Java Security Model, JAAS, and to protect data using cryptographic best practices.
Java Security Model
This course introduces you to Java’s policy-driven security model. Key topics include the Java security model, the Java security manager, security policies, and security policy files. After completing this course, you will be able to identify the components of the Java security model and the functionality of the Java security manager and access controller. You will also be able to identify the components of Java security policies as well as describe the function of Java security policy files.
Java Authentication and Authorization Services (JAAS)
This course discusses the Java authentication and authorization service, or JAAS. JAAS is a Java implementation of the standard pluggable authentication module, or PAM, framework. JAAS provides a framework that developers can use to require users to log in and to define precisely which actions users can perform. After completing this course, you will be able to identify the components of the JAAS framework, and identify how to use JAAS to control user authentication and authorization in your Java application.
This course discusses cryptography and related issues in Java.After completing this course, you will be able to generate secure encryption keys and identify related issues such as pseudo random number generators, key derivation functions, and initialization vectors. You will also be able to select an appropriate symmetric encryption algorithm, cipher mode, and authenticated encryption mode.You will also be able to identify key concepts of public key cryptography, explain how public and private key pairs work together to encrypt and decrypt data for secure transfer and to create and verify digital signatures, and use the Java keytool command-line utility for creating and managing keys and keystores.
Protecting C Code Series
This series provides C developers with the knowledge and skills required to mitigate buffer overflow conditions, implement secure memory management best practices, and protect applications and data from attacks. data for secure transfer and to create and verify digital signatures, and use the Java keytool command-line utility for creating and managing keys and keystores.
Creating Secure C/C++ Code
The C and C++ languages cover a wide range of systems spanning several decades of development.Although all programming languages are susceptible to security vulnerabilities, C and C++ are particularly prone to them due to the low-level nature of the language.In this course, you will learn how to prevent the most serious vulnerabilities in your C and C++ applications.After completing this course, you will be able to mitigate buffer overflows, understand and prevent several additional types of memory management vulnerabilities, protect data in memory, prevent format string vulnerabilities, understand integer overflows, mitigate race conditions, and avoid the most common types of Injection vulnerabilities.
Secure C Memory Management
After completing this course, you will able to identify the key concepts of dynamic memory management, identify common mistakes that lead to memory corruption and vulnerabilities, and implement best practices to mitigate memory management vulnerabilities
Common C Vulnerabilities and Attacks
In this course you will review common C application vulnerabilities, how they manifest in code, and techniques and libraries that you can use to mitigate the risk of attack.After completing this course, you will be able to mitigate risk from format string attacks, integer overflows, race conditions, canonicalization issues, command injection, and SQL Injection
Protecting Data in C++
This course discusses cryptography and related issues for COD 307 - Protecting Data in C++. After completing this course, you will be able to generate strong encryption keys and identify related symmetric cryptography issues, such as pseudo random number generators (PRNGs), key derivation algorithms, and initialization vectors. Additionally, you will be able to select an appropriate symmetric encryption algorithm, cipher mode, and authenticated encryption mode, and identify common libraries that support symmetric cryptography. You will also be able to identify key concepts of public key cryptography, explain how public and private key pairs work together both to encrypt and decrypt data for secure transfer and to create and verify digital signatures, and implement best practices to mitigate memory exposure vulnerabilities.
Creating Secure ASP.NET MVC Applications
In this course, you will learn about ASP.NET MVC and Web API code security issues that affect MVC and Web API applications. You'll learn methods to protect your application from attacks against MVC’s model-binding behavior, as well as methods to protect your application from cross-site scripting, cross-site request forgery, and malicious URL redirects. You will also study the Web API pipeline and how to implement authentication and authorization in Web API applications.
Creating Secure C# Code
This course describes methods to produce secure C# applications. It presents common security vulnerabilities that can be mitigated by proper input validation, other common security vulnerabilities and their mitigations, secure error handling and logging, and secure communication. The course also discusses unique features of C# and the .NET Framework that help protect against security vulnerabilities.
Creating Secure PHP Code
This course teaches PHP programmers the security principals they need to know to build secure PHP applications. This class teaches programming principles for security in PHP such as proper session management, error handling, authentication, authorization, data storage, use of encryption and defensive programming as well as avoiding and mitigating vulnerabilities such as SQL Injections, Cross-Site Scripting (XSS), File Inclusion, Command Injection, Cross Site Request Forgery (CSRF) and Null Byte attacks. With interactive knowledge checks in each of the modules, after completing the course, the student will be able to program securely and defensively in PHP.
Creating Secure iOS Code in Swift
In this course you will learn how to identify the most common iOS application security vulnerabilities, including Insecure Data Storage, Side Channel Data Leakage, Client Side Injection, Custom URL Scheme Abuse, Stack Smashing and Self-Signed Certificates. You will learn how to mitigate these threats by leveraging iOS and Swift security services while also implementing secure coding best practices, including Secure Memory Management, Automatic Reference Counting, Enabling Position Independent Executable, Secure Data Storage, Communicating Over HTTPS, App Transport Security, TLS Certificate Pinning, Asymmetric Encryption, Parameterized SQL Queries, Validating Path Location Input and Implementing Apple Pay.
Creating Secure Android Code in Java
In this course you will learn how to identify and mitigate the most common Android application security vulnerabilities and attack vectors, including: Weak Server Side Controls, Threats to Data, SQL Injection, Cross-Site Scripting (XSS), Session Hijacking, Threats to User Privacy and Confidentiality, Native Code Attacks, and Missing Data Encryption. Mitigation and best-practices include the Android software stack, the Android security model, access control methods, sandboxing, interprocess communications and implementing the security features of open-source developer tools.
Creating Secure HTML5 Code
This course provides in depth coverage on how to mitigate the most dangerous threats to HTML5 applications. It includes coverage of HTML5 Forms, WebSocket API, Server-Sent Events (SSE), Node.js security, jQuery security, the GPS API, static code analysis, and security packages. Upon completion of this class you will be able to identify key threats to your HTML5 application and then mitigate those threats by (1) leveraging built-in HTML5 security features and (2) implementing secure coding best practices.
Creating Secure jQuery Code
Learn about the most common threats to jQuery applications and how to mitigate these vulnerabilities.
Protecting Java Code Series
This series provides Java developers with the knowledge and skills required to mitigate the most common application security vulnerabilities, including SQLi, XSS, and Information Disclosure.
Protecting Java Code: SQLi and Integer Overflows
This course describes ways to remediate common application security vulnerabilities in your Java application.After completing this course, you will be able to mitigate risk from SQL injection and integer overflows.
Protecting Java Code: Canonicalization, Information Disclosure and TOCTOU
This course describes ways to remediate common application security vulnerabilities in your Java application.After completing this course, you will be able to mitigate risk from canonicalization issues, information disclosure, and race conditions.
Protecting Data in Java
This course discusses protecting data at rest and in transit in Java applications. Several code examples are provided to illustrate key concepts. After completing this course, you will be able to protect data at rest and in transit with appropriate cryptographic techniques.
Creating Secure Code - .NET (C#)
This Instructor-Led course gives developers an in-depth immersion into secure coding practices, with an emphasis on the security features and pitfalls of the .NET programming environment.
Attacker Techniques Exposed: Threats, Vulnerabilities, and Exploits
This Instructor-Led course examines trends in software vulnerabilities, demonstrates examples of security breaches, explores a wide range of live software vulnerabilities, and introduces threat modeling techniques.
PCI Bootcamp for Software Development Teams
This Instructor-Led course introduces the PCI-DSS to those responsible for compliance in software development.
Creating Secure Code - J2EE Applications
This Instructor-Led course gives developers an in-depth immersion into secure coding practices with an emphasis on the security features and pitfalls of the Java programming environment.
Creating Secure Code - iOS
In this Instructor-Led course, participants will learn to develop and deploy secure iPhone applications by leveraging Apple’s security libraries and frameworks.
Creating Secure Code - Android
This Instructor-Led course helps participants develop secure Android applications by applying Android-specific secure development techniques.
Creating Secure Code - Embedded C/C++
This Instructor-Led course examines coding errors and vulnerabilities in the context of embedded C/C++ programming and provides detailed code examples of insecure practices and methods to find, fix, and prevent each type of flaw.
Fundamentals of Secure Architecture
In this course, students will examine the state of the industry from a security perspective.
Fundamentals of Cryptography
This course examines the basic concepts of cryptography and common ways it is applied.
Architecture Risk Analysis and Remediation
This course defines techniques for analyzing the architecture/design of a software system for security flaws.
Designing Secure Enterprise Infrastructure Series
In this series, you will learn about the importance of designing and implementing secure access controls across the enterprise infrastructure. You will also learn about the techniques used to identify system security and performance requirements, develop appropriate security architecture, select the correct mitigations, and develop policies that can ensure the secure operation of your systems.
Securing Network Access
In this course, you will learn about how Network Access Control can be used to secure systems on a network.
Securing Operating Systems
In this course, you will learn about common operating system threats and how to best mitigate those threats.
Securing Cloud Instances
In this course, you will learn about the top threats to Cloud resources and how to mitigate them using application security best practices.
Application, Technical and Physical Access Controls
In this course, you will learn about the risks associated with data breaches and how to implement strong access controls and security policies that protect applications, systems and sensitive data.
OWASP 2017 Series
The primary objective of this series of courses, and of the OWASP Top 10, is to educate developers, designers, architects, managers, and organizations about the consequences of the most common and most important web application security weaknesses.
In this course, you will learn how to mitigate the risks associated with injection.
Mitigating Broken Authentication
In this course, you will learn how to mitigate the risks associated with broken authentication.
Mitigating Sensitive Data Exposure
In this course, you will learn how to mitigate the risks associated with sensitive data exposure.
Mitigating XML External Entities
In this course, you will learn how to mitigate the risks associated with XML External Entities (XXE).
Mitigating Broken Access Control
In this course, you will learn how to mitigate the risks associated with broken access control.
Mitigating Security Misconfiguration
In this course, you will learn how to mitigate the risks associated with security misconfiguration.
Mitigating Cross Site Scripting (XSS)
In this course, you will learn how to mitigate the risks associated with Cross-Site Scripting (XSS).
Mitigating Insecure Deserialization
In this course, you will learn how to mitigate the risks associated with insecure deserialization .
Mitigating Use of Components with Known Vulnerabilities
In this course, you will learn how to mitigate the risks associated with using components with known vulnerabilities.
Mitigating Insufficient Logging & Monitoring Vulnerabilities
In this course, you will learn how to mitigate the risks associated with insufficient logging and monitoring.
Architecture Risk Analysis & Remediation for IoT Embedded Systems
This module provides additional risk analysis and remediation training pertaining to IoT embedded software engineers.
Creating Secure Application Architecture
This course covers key principles used to increase security of application architecture and design.
Creating Secure OTA (Over the Air) Automotive System Updates
In this course, participants will learn about the secure design considerations for over-the-air (OTA) updates for automotive systems.
Creating Secure Application Architecture for IoT Embedded Systems
This module provides additional training on Creating Secure Application Architecture pertaining to IoT embedded software engineers.
OWASP Top Ten - Threats and Mitigations
This Instructor-Led course introduces students to OWASP and the Top 10 Project, and covers in detail each of the OWASP Top 10 Web Application Vulnerabilities.
CWE/SANS Top 25 - Threats & Mitagations
This Instructor-Led course covers in detail the CWE/SANS Top 25 Most Dangerous Programming Errors, which comprises weaknesses in all types of software applications.
Secure Architecture and Design
This Instructor-Led course addresses this gap by allowing students to use their own software application in lab-based exercises.
How to Integrate the Microsoft MS SDL into your SDLC
This course introduces the fundamentals of the Microsoft Security Development Lifecycle (SDL) process. It covers the security requirements for each phase your SDLC, including: Requirements, Design, Implementation, Verification, and Release. It also includes coverage of the Agile SDL variation, the Security Development Lifecycle for Line-of-Business Applications (SDL-LOB), and the Microsoft SDL Threat Modeling tool.
Fundamentals of Threat Modeling
In this course, you will learn about how to use filesystem operations safely to protect files, techniques for system hardening, cryptography basics, and the importance of up-to-date communication security techniques.
How to Create Application Security Design Requirements
This course examines how to apply the application security maturity model to the development process.
Attack Surface Analysis and Reduction
Learn about attack surface analysis and reduction as an exercise in risk reduction.
How to Perform a Security Code Review
Application developers may use a variety of tools to identify flaws in their software. Many of these tools, however, cannot be deployed until late in the development lifecycle; dynamic analysis tools require a staging site and sample data, and some static analysis tools require a compiled build. Manual code reviews, in contrast, can begin at any time and require no specialized tools - only secure coding knowledge. Manual code reviews can also be laborious if every line of source code is reviewed. This course provides students with guidance on how to best organize code reviews, prioritize those code segments that will be reviewed, best practices for reviewing source code and maximize security resources.
Create an Application Security Threat Model for IoT Embedded Systems
Learn how to create an application security threat model for IoT embedded systems.
Attack Surface Analysis and Reduction for IoT Embedded Systems
Learn about attack surface analysis and reduction for IoT embedded systems.
Effective Threat Modeling
This Instructor-Led course introduces the technique of threat modeling, its primary goals, and its role within software development.
Security Code Review
This Instructor-Led course presents the primary techniques used to conduct a security code review, with the focus of identifying potential security vulnerabilities.
Fundamentals of Security Testing
This course introduces security testing concepts that help students analyze an application from a security perspective.
Fundamentals of Security Testing for IoT Embedded Systems
This course provides additional security testing training of particular importance to IoT embedded software engineers.
Testing for CWE SANS Top 25 Software Errors
In this course, you will learn how to identify and mitigate each of the CWE's 25 Most Dangerous Software Errors. Coverage includes techniques for spotting common security issues through code review and testing. Secure coding best practices are included for each security defect, as well as descriptions of technology specific weaknesses. Upon completion of this course, you will be able to identify common security defects and their potential impact to your application. You will also be able to identify specific types of security vulnerabilities associated with different technologies. Finally, you will be able to apply the steps necessary to avoid, detect, and mitigate common types of security defects in your applications. The course includes Knowledge Checks, Module Summaries, and information about additional online resources.
How to Test for the OWASP Top 10
This course is critical to know how to test for the OWASP Top Ten.
Classes of Security Defects - IoT Embedded Systems
This course provides additional training on Classes of Security Defects pertaining to IoT embedded software engineers.
Exploiting Buffer Overflows
This course provides students with the required information to help understand and mitigate buffer overflow exploits.
IoT Advanced Embedded Software Security Testing
This course module provides additional Software Security Testing of particular importance to IoT embedded software engineers.
Advanced Web Application Security Testing
This Instructor-Led course examines many important web vulnerabilities like HTML5 attacks, business logic attacks, web services attacks, and AJAX/JSON specific vulnerabilities and issues.