Fundamentals of Application Security
This course sets the foundation for understanding application security throughout the development process.
Information and Application Security Awareness
This Instructor-Led course examines the root cause of software vulnerabilities, how attackers view your applications, the true cost of software vulnerabilities, and how to integrate security into your development and IT organizations.
Fundamentals of Secure Development
This course introduces you to the need for secure software development and best practices.
Fundamentals Secure Mobile Development
This course introduces developers to the common risks associated with Mobile applications including client side injection, sensitive data handling, network transition, application patching, web based attacks, phishing, third-party code, location security and privacy and denial of service. The student is then given an overview of the Mobile application development best practices to reduce these risks including input validation, output encoding, least privilege, code signing, data protection at rest and in transit, avoiding client side validation, and using platform security capabilities as they apply in mobile environments. Included is a discussion of threat modeling mobile applications. With knowledge checks throughout, the student who completes this course will have an understanding of mobile environment threats and risks, and the programming principles to use to address them.
Fundamentals of Secure Database Development
This course provides software architects/developers with an understanding of database development best practices.
Fundamentals of Secure Cloud Development
This course introduces developers to the common risks associated with Cloud applications, including the security features of the different series models (IaaS, PaaS, and Saas), how to identify and mitigate the most common vulnerabilities, the unique security challenges of “Big Data”, and how to apply the Microsoft SDL to cloud applications. Threat coverage includes unauthorized account access, insecure APIs, shared technology, data leakage, and account hijacking, as well the importance of complying with regulatory requirements. With knowledge checks throughout, the student who completes this course will have an understanding of cloud computing threats and risks, and the programming principals to use to address them.
Fundamentals of Secure AJAX Code
This course introduces security issues and challenges specific to AJAX applications.
Fundamentals of Secure Embedded Software Development
This course teaches about security issues inherent to IoT embedded device architecture techniques to identify system security and performance requirements.
Identifying Threats to Mainframe COBOL Applications and Data
This course covers the most common security issues that affect the confidentiality, integrity, and availability of COBOL programs on mainframes.
Fundamentals of Secure Mobile Development for IoT Embedded Systems
This course provides additional training on Secure Mobile Development pertaining to embedded software engineers.
Creating Secure Code – Java Foundations
In this course, you will learn best practices and techniques for secure application development in Java. It discusses input validation, the Java security model, Java Authentication and Authorization Service (JAAS), and public key cryptography.
Creating Secure Code – C/C++ Foundations
This course presents best practices and techniques for secure application development in C/C++. It discusses basic application security principles, input validation in C/C++, common C/C++ application security vulnerabilities and mitigations, protecting data in C/C++, and conducting security code reviews.
Creating Secure Code – .NET Framework Foundations
This course describes .NET 4 security features, including concepts such as Code Access Security (CAS) and .NET cryptographic technologies. In addition, this course will introduce you to security changes in .NET 4 including level 2 security transparency, the new sandboxing and permission model, introduction of conditional APTCA, and changes to evidence objects and collections. This course provides secure coding best practices that will enable students to build more secure applications in .NET 4.
Creating Secure Code - SAP ABAP Foundations
This course discusses best practices and techniques for secure SAP application development using Java and ABAP.
PCI DSS v3.2 Best Practices for Developers
This course provides software developers an understanding of PCI-DSS Version 3.2 application security issues.
IoT Specialization Series
In this series, you will learn about the importance of integrating security into each stage of your IoT SDLC.
Insecure IoT Web Interfaces
In this course, you will learn how to identify common threats to IoT web interfaces and apply best practices to mitigate these threats.
Insecure IoT Authentication and Authorization
In this course, you will learn about how to implement secure authentication and authorization for Internet of Things (IoT) devices.
Insecure IoT Network Services
In this course, you will learn about the vulnerabilities of Insecure Network Services within the context of the Internet of Things (IoT) devices, and best practices to protect network services on IoT devices.
Insecure IoT Communications
In this course, you will learn about the risks of insecure communications.
Insecure IoT Mobile Interface
In this course, you will learn about best practices for protecting mobile applications used for IoT solutions
Insecure IoT Firmware
In this course, you will learn how to securely distribute updates that fix known vulnerabilities in software or firmware for your Internet of Things devices.
OWASP Mobile Series
In this series, you will learn about the importance of integrating security into each stage of your Mobile App Development SDLC.
Mobile Threats and Mitigations
In this course, you will learn about best practices for identifying and mitigating the most common threats to mobile applications and their data.
Defending Mobile Data with Cryptography
In this course, you will learn about best practices for implementing strong cryptography to protect mobile applications and their data.
Mobile App Authentication and Authorization
In this course, you will learn how to integrate secure authentication and authorization into your mobile application.
Defending Mobile App Code
In this course, you will learn about best practices for defending your mobile application's code from attacks.
Creating Secure SQL Server and Azure SQL Database Applications
In this course, you will learn how to protect sensitive data and while ensuring the integrity of applications running on the Microsoft SQL Server Engine and Azure SQL Database.
Creating Secure AJAX Code - ASP.NET Foundations
This course introduces secure ASP.NET coding principles for AJAX applications.
Creating Secure AJAX Code - Java Foundations
This course introduces secure Java coding principles for AJAX applications.
Creating Secure AWS Cloud Applications
This course examines the security vulnerabilities, threats, and mitigations for AWS cloud computing services.
Creating Secure Azure Applications
This course examines the security vulnerabilities, threats, and mitigations for Azure cloud computing services.
Creating Secure Code - Web API Applications
This course introduces the fundamentals of secure web services development.
Creating Secure Code - Ruby on Rail Foundations
This course teaches best practices and techniques for secure application development with Ruby on Rails.
Creating Secure Python Web Applications
In this course, you will learn about best practices and techniques for secure web application development with Python.
Secure Scripting Series
In this series, you will learn about how to identify security threats to scripts and how to mitigate those threats by implementing access controls and following secure scripting best practices.
Threats to Scripts
In this course, you will learn about the impact of incorrect script development or lax security measures. You will also learn about the most common scripting vulnerabilities, including cached secrets, a variety of injection vulnerabilities, weaknesses related to permissions and privileges, and the threat of resource exhaustion.
Fundamentals of Secure Scripting
In this course, you will learn about how shell scripting languages compare with more modern interpreted languages, several information security principles including least privilege and defense in depth, the importance of data validation, and operating system portability issues.
Secure Scripting with Perl, Python, Bash and Ruby
In this course, you will learn about the importance of error and exception handling in shell scripts and interpreted languages, common syntax pitfalls, and how to prevent or mitigate several common vulnerabilities.
Protecting Sensitive Data while Scripting
In this course, you will learn about how to use filesystem operations safely to protect files, techniques for system hardening, cryptography basics, and the importance of up-to-date communication security techniques.
Creating Secure COBOL and Mainframe Applications
This course covers countermeasures for security vulnerabilities on the mainframe, such as input validation, parameterized APIs, strong cryptography, and being aware of memory management issues.
Creating Secure ASP.NET MVC Applications
In this course, you will learn about ASP.NET MVC and Web API code security issues that affect MVC and Web API applications. You'll learn methods to protect your application from attacks against MVC’s model-binding behavior, as well as methods to protect your application from cross-site scripting, cross-site request forgery, and malicious URL redirects. You will also study the Web API pipeline and how to implement authentication and authorization in Web API applications.
Creating Secure C/C++ Code
In this course, you will learn techniques for securing your C/C++ applications. You will learn about secure memory management in C/C++, protecting and authenticating sensitive data with symmetric and public key cryptography, and secure communications with TLS.
Creating Secure Java Code
In this course, you will learn how to identify and mitigate the most common Java code security vulnerabilities such as Injection, Overflows, Cross-Site Scripting and Information Disclosure. This course also describes how to use symmetric and asymmetric cryptography to protect data and applications in Java.
Creating Secure C# Code
This course describes methods to produce secure C# applications. It presents common security vulnerabilities that can be mitigated by proper input validation, other common security vulnerabilities and their mitigations, secure error handling and logging, and secure communication. The course also discusses unique features of C# and the .NET Framework that help protect against security vulnerabilities.
Creating Secure PHP Code
This course teaches PHP programmers the security principals needed to build secure PHP applications.
Creating Secure iOS Code in Swift
In this course you will learn how to identify the most common iOS application security vulnerabilities, including Insecure Data Storage, Side Channel Data Leakage, Client Side Injection, Custom URL Scheme Abuse, Stack Smashing and Self-Signed Certificates. You will learn how to mitigate these threats by leveraging iOS and Swift security services while also implementing secure coding best practices, including Secure Memory Management, Automatic Reference Counting, Enabling Position Independent Executable, Secure Data Storage, Communicating Over HTTPS, App Transport Security, TLS Certificate Pinning, Asymmetric Encryption, Parameterized SQL Queries, Validating Path Location Input and Implementing Apple Pay.
Creating Secure Android Code in Java
In this course you will learn how to identify and mitigate the most common Android application security vulnerabilities and attack vectors, including: Weak Server Side Controls, Threats to Data, SQL Injection, Cross-Site Scripting (XSS), Session Hijacking, Threats to User Privacy and Confidentiality, Native Code Attacks, and Missing Data Encryption. Mitigation and best-practices include the Android software stack, the Android security model, access control methods, sandboxing, interprocess communications and implementing the security features of open-source developer tools.
Creating Secure HTML5 Code
This course provides in depth coverage on how to mitigate the most dangerous threats to HTML5 applications. It includes coverage of HTML5 Forms, WebSocket API, Server-Sent Events (SSE), Node.js security, jQuery security, the GPS API, static code analysis, and security packages. Upon completion of this class you will be able to identify key threats to your HTML5 application and then mitigate those threats by (1) leveraging built-in HTML5 security features and (2) implementing secure coding best practices.
Creating Secure jQuery Code
Learn about the most common threats to jQuery applications and how to mitigate these vulnerabilities.
Integer Overflows - Attacks and Countermeasures
This course covers the security concepts that will enable students to develop robust, secure applications.
Buffer Overflows - Attacks and Countermeasures
This course provides information to understand, avoid and mitigate the risks posed by buffer overflows.
Creating Secure Code - .NET (C#)
This Instructor-Led course gives developers an in-depth immersion into secure coding practices, with an emphasis on the security features and pitfalls of the .NET programming environment.
Attacker Techniques Exposed: Threats, Vulnerabilities, and Exploits
This Instructor-Led course examines trends in software vulnerabilities, demonstrates examples of security breaches, explores a wide range of live software vulnerabilities, and introduces threat modeling techniques.
PCI Bootcamp for Software Development Teams
This Instructor-Led course introduces the PCI-DSS to those responsible for compliance in software development.
Creating Secure Code - J2EE Applications
This Instructor-Led course gives developers an in-depth immersion into secure coding practices with an emphasis on the security features and pitfalls of the Java programming environment.
Creating Secure Code - iOS
In this Instructor-Led course, participants will learn to develop and deploy secure iPhone applications by leveraging Apple’s security libraries and frameworks.
Creating Secure Code - Android
This Instructor-Led course helps participants develop secure Android applications by applying Android-specific secure development techniques.
Creating Secure Code - Embedded C/C++
This Instructor-Led course examines coding errors and vulnerabilities in the context of embedded C/C++ programming and provides detailed code examples of insecure practices and methods to find, fix, and prevent each type of flaw.
Fundamentals of Secure Architecture
In this course, students will examine the state of the industry from a security perspective.
Fundamentals of Cryptography
This course examines the basic concepts of cryptography and common ways it is applied.
Architecture Risk Analysis and Remediation
This course defines techniques for analyzing the architecture/design of a software system for security flaws.
Designing Secure Enterprise Infrastructure Series
In this series, you will learn about the importance of designing and implementing secure access controls across the enterprise infrastructure. You will also learn about the techniques used to identify system security and performance requirements, develop appropriate security architecture, select the correct mitigations, and develop policies that can ensure the secure operation of your systems.
Securing Network Access
In this course, you will learn about how Network Access Control can be used to secure systems on a network.
Securing Operating Systems
In this course, you will learn about common operating system threats and how to best mitigate those threats.
Securing Cloud Instances
In this course, you will learn about the top threats to Cloud resources and how to mitigate them using application security best practices.
Application, Technical and Physical Access Controls
In this course, you will learn about the risks associated with data breaches and how to implement strong access controls and security policies that protect applications, systems and sensitive data.
OWASP 2017 Series
The primary objective of this series of courses, and of the OWASP Top 10, is to educate developers, designers, architects, managers, and organizations about the consequences of the most common and most important web application security weaknesses.
In this course, you will learn how to mitigate the risks associated with injection.
Mitigating Broken Authentication
In this course, you will learn how to mitigate the risks associated with broken authentication.
Mitigating Sensitive Data Exposure
In this course, you will learn how to mitigate the risks associated with sensitive data exposure.
Mitigating XML External Entities
In this course, you will learn how to mitigate the risks associated with XML External Entities (XXE).
Mitigating Broken Access Control
In this course, you will learn how to mitigate the risks associated with broken access control.
Mitigating Security Misconfiguration
In this course, you will learn how to mitigate the risks associated with security misconfiguration.
Mitigating Cross Site Scripting (XSS)
In this course, you will learn how to mitigate the risks associated with Cross-Site Scripting (XSS).
Mitigating Insecure Deserialization
In this course, you will learn how to mitigate the risks associated with insecure deserialization .
Mitigating Use of Components with Known Vulnerabilities
In this course, you will learn how to mitigate the risks associated with using components with known vulnerabilities.
Mitigating Insufficient Logging & Monitoring Vulnerabilities
In this course, you will learn how to mitigate the risks associated with insufficient logging and monitoring.
Architecture Risk Analysis & Remediation for IoT Embedded Systems
This module provides additional risk analysis and remediation training pertaining to IoT embedded software engineers.
Creating Secure Application Architecture
This course covers key principles used to increase security of application architecture and design.
Creating Secure OTA (Over the Air) Automotive System Updates
In this course, participants will learn about the secure design considerations for over-the-air (OTA) updates for automotive systems.
Creating Secure Application Architecture for IoT Embedded Systems
This module provides additional training on Creating Secure Application Architecture pertaining to IoT embedded software engineers.
OWASP Top Ten - Threats and Mitigations
This Instructor-Led course introduces students to OWASP and the Top 10 Project, and covers in detail each of the OWASP Top 10 Web Application Vulnerabilities.
CWE/SANS Top 25 - Threats & Mitagations
This Instructor-Led course covers in detail the CWE/SANS Top 25 Most Dangerous Programming Errors, which comprises weaknesses in all types of software applications.
Secure Architecture and Design
This Instructor-Led course addresses this gap by allowing students to use their own software application in lab-based exercises.
How to Integrate the Microsoft MS SDL into your SDLC
This course introduces the fundamentals of the Microsoft Security Development Lifecycle (SDL) process. It covers the security requirements for each phase your SDLC, including: Requirements, Design, Implementation, Verification, and Release. It also includes coverage of the Agile SDL variation, the Security Development Lifecycle for Line-of-Business Applications (SDL-LOB), and the Microsoft SDL Threat Modeling tool.
Fundamentals of Threat Modeling
In this course, you will learn about how to use filesystem operations safely to protect files, techniques for system hardening, cryptography basics, and the importance of up-to-date communication security techniques.
How to Create Application Security Design Requirements
This course examines how to apply the application security maturity model to the development process.
Attack Surface Analysis and Reduction
Learn about attack surface analysis and reduction as an exercise in risk reduction.
How to Perform a Security Code Review
Application developers may use a variety of tools to identify flaws in their software. Many of these tools, however, cannot be deployed until late in the development lifecycle; dynamic analysis tools require a staging site and sample data, and some static analysis tools require a compiled build. Manual code reviews, in contrast, can begin at any time and require no specialized tools - only secure coding knowledge. Manual code reviews can also be laborious if every line of source code is reviewed. This course provides students with guidance on how to best organize code reviews, prioritize those code segments that will be reviewed, best practices for reviewing source code and maximize security resources.
How to Create an Automotive Systems Threat Model
This course provides step-by-step instructions for performing threat modeling and its recommendations are aligned with the NHTSA’s proposed “Characterization of Potential Security Threats in Modern Automobiles."
Create an Application Security Threat Model for IoT Embedded Systems
Learn how to create an application security threat model for IoT embedded systems.
Attack Surface Analysis and Reduction for IoT Embedded Systems
Learn about attack surface analysis and reduction for IoT embedded systems.
Effective Threat Modeling
This Instructor-Led course introduces the technique of threat modeling, its primary goals, and its role within software development.
Security Code Review
This Instructor-Led course presents the primary techniques used to conduct a security code review, with the focus of identifying potential security vulnerabilities.
T.P.S.S.E. Certification Test Prep
Prepare for the T.P.S.S.E. certification exam with this prep course covering foundational skills.
Fundamentals of Security Testing
This course introduces security testing concepts that help students analyze an application from a security perspective.
Fundamentals of Security Testing for IoT Embedded Systems
This course provides additional security testing training of particular importance to IoT embedded software engineers.
Testing for CWE SANS Top 25 Software Errors
In this course, you will learn how to identify and mitigate each of the CWE's 25 Most Dangerous Software Errors. Coverage includes techniques for spotting common security issues through code review and testing. Secure coding best practices are included for each security defect, as well as descriptions of technology specific weaknesses. Upon completion of this course, you will be able to identify common security defects and their potential impact to your application. You will also be able to identify specific types of security vulnerabilities associated with different technologies. Finally, you will be able to apply the steps necessary to avoid, detect, and mitigate common types of security defects in your applications. The course includes Knowledge Checks, Module Summaries, and information about additional online resources.
How to Test for the OWASP Top 10
This course is critical to know how to test for the OWASP Top Ten.
Classes of Security Defects - IoT Embedded Systems
This course provides additional training on Classes of Security Defects pertaining to IoT embedded software engineers.
Advanced Software Security Testing - Tools and Techniques
This course delves deeply into the techniques for testing specific security weaknesses.
Exploiting Buffer Overflows
This course provides students with the required information to help understand and mitigate buffer overflow exploits.
IoT Advanced Embedded Software Security Testing
This course module provides additional Software Security Testing of particular importance to IoT embedded software engineers.
Advanced Web Application Security Testing
This Instructor-Led course examines many important web vulnerabilities like HTML5 attacks, business logic attacks, web services attacks, and AJAX/JSON specific vulnerabilities and issues.