Training Type
Language
Filtered By:
AWA 101

Fundamentals of Application Security

This course sets the foundation for understanding application security throughout the development process.

E-Learning English Multi-Language
AWA 102

Secure Software Concepts

This course provides a high-level overview of secure software concepts for web applications, including application security, security standards, secure development methodologies, and security best practices.

E-Learning English
NEW
AWA 601

Information and Application Security Awareness

This Instructor-Led course examines the root cause of software vulnerabilities, how attackers view your applications, the true cost of software vulnerabilities, and how to integrate security into your development and IT organizations.

Live Training English
COD 101

Fundamentals of Secure Development

This course introduces you to the need for secure software development and best practices.

E-Learning English Multi-Language
COD 110

Fundamentals Secure Mobile Development

This course introduces developers to the common risks associated with Mobile applications including client side injection, sensitive data handling, network transition, application patching, web based attacks, phishing, third-party code, location security and privacy and denial of service. The student is then given an overview of the Mobile application development best practices to reduce these risks including input validation, output encoding, least privilege, code signing, data protection at rest and in transit, avoiding client side validation, and using platform security capabilities as they apply in mobile environments. Included is a discussion of threat modeling mobile applications. With knowledge checks throughout, the student who completes this course will have an understanding of mobile environment threats and risks, and the programming principles to use to address them.

E-Learning English
COD 141

Fundamentals of Secure Database Development

This course provides software architects/developers with an understanding of database development best practices.

E-Learning English
COD 152

Fundamentals of Secure Cloud Development

This course introduces developers to the common risks associated with Cloud applications, including the security features of the different series models (IaaS, PaaS, and Saas), how to identify and mitigate the most common vulnerabilities, the unique security challenges of “Big Data”, and how to apply the Microsoft SDL to cloud applications. Threat coverage includes unauthorized account access, insecure APIs, shared technology, data leakage, and account hijacking, as well the importance of complying with regulatory requirements. With knowledge checks throughout, the student who completes this course will have an understanding of cloud computing threats and risks, and the programming principals to use to address them.

E-Learning English
COD 153

Fundamentals of Secure AJAX Code

This course introduces security issues and challenges specific to AJAX applications.

E-Learning English
COD 160

Fundamentals of Secure Embedded Software Development

This course teaches about security issues inherent to IoT embedded device architecture techniques to identify system security and performance requirements.

E-Learning English
COD 170

Identifying Threats to Mainframe COBOL Applications and Data

This course covers the most common security issues that affect the confidentiality, integrity, and availability of COBOL programs on mainframes.

E-Learning English
COD 190

Fundamentals of Secure Mobile Development for IoT Embedded Systems

This course provides additional training on Secure Mobile Development pertaining to embedded software engineers.

E-Learning English
COD 200

Creating Secure C Code Series

This series provides C developers with the knowledge and skills required to secure communications with Transport Layer Security (TLS) and to implement run-time protections with technologies such as stack security cookies, Address Space Layout Randomization (ASLR), and No-eXecute.

E-Learning English Multi-Language
NEW
COD 201

Secure C Encrypted Network Communications

In this course, you will learn about secure communications using Transport Layer Security (TLS), and best practices for implementing these with your C and C++ applications. After completing this course, you will be able to identify the basic principles of TLS, identify libraries and interfaces for implementing the TLS protocol, identify TLS security considerations, and identify alternatives to TLS.

E-Learning English
NEW
COD 202

Secure C Run-Time Protection

This course discusses common run-time protection technologies that you can use to protect your application from attack. After completing this course, you will be able to identify run-time protection technologies, such as stack security cookies, Address Space Layout Randomization, and No-eXecute. You will be also able to identify their limitations, and how to apply them to your applications.

E-Learning English
NEW
COD 205

Creating Secure C++ Code Series

This series provides C++ developers with the knowledge and skills required to mitigate memory corruption vulnerabilities, protect data in transit using strong TLS ciphers, and to protect data using cryptographic best practices

E-Learning English Multi-Language
NEW
COD 206

Creating Secure C++ Code

This course highlights some of the most useful security features for avoiding memory corruption vulnerabilities in C++, including: • Using standard containers and their built-in functions to avoid direct memory operations • Using bounds-checking functions, especially for string manipulation, to avoid buffer overflows • Using smart pointers to avoid memory leaks associated with managing raw pointers • Using standard concurrency features to help reduce the risk of introducing race conditions • Using object-oriented programming features to define and manipulate data in terms of objects, thus avoiding direct memory operations that may lead to memory corruption • Using range-based loops to avoid off-by-one indexing errors Using native regular expressions to validate untrusted text input and avoid the risk of introducing vulnerabilities through third-party libraries.

E-Learning English Multi-Language
NEW
COD 207

Communication Security in C++

This course discusses how to protect data in transit using encryption libraries and strong TLS ciphers. It also reviews important issues about public key certificates including signing and verifying them.After completing this course, you will be able to identify well-trusted encryption libraries and strong TLS cipher suites to protect data in transit, and explain how to protect and verify the integrity of public key certificates

E-Learning English Multi-Language
NEW
COD 215

(Coming Soon) Creating Secure Code – .NET Framework Foundations

This series provides you with secure coding techniques and best practices that will enable you to avoid common security flaws and ultimately build secure applications in .NET.

E-Learning English
COD 216

(Coming Soon) Leveraging .NET Framework Code Access Security (CAS)

This course provides you with the necessary information to help you understand the foundation of .NET, the CLR’s native security infrastructure (Code Access Security), and the ASP.NET security infrastructure.

E-Learning English
COD 217

(Coming Soon) Mitigating .NET Security Threats

This course provides you with secure coding techniques and best practices that will enable you to avoid common security flaws and ultimately build secure applications in .NET. Additionally, the course discusses secure error handling and secure logging in the context of preventing information disclosure and other vulnerabilities.

E-Learning English
COD 219

Creating Secure Code - SAP ABAP Foundations

This course discusses best practices and techniques for secure SAP application development using Java and ABAP.

E-Learning English
COD 222

PCI DSS v3.2 Best Practices for Developers

This course provides software developers an understanding of PCI-DSS Version 3.2 application security issues.

E-Learning English
COD 224

IoT Specialization Series

In this series, you will learn about the importance of integrating security into each stage of your IoT SDLC.

E-Learning English
COD 225

Insecure IoT Web Interfaces

In this course, you will learn how to identify common threats to IoT web interfaces and apply best practices to mitigate these threats.

E-Learning English
COD 226

Insecure IoT Authentication and Authorization

In this course, you will learn about how to implement secure authentication and authorization for Internet of Things (IoT) devices.

E-Learning English
COD 227

Insecure IoT Network Services

In this course, you will learn about the vulnerabilities of Insecure Network Services within the context of the Internet of Things (IoT) devices, and best practices to protect network services on IoT devices.

E-Learning English
COD 228

Insecure IoT Communications

In this course, you will learn about the risks of insecure communications.

E-Learning English
COD 229

Insecure IoT Mobile Interface

In this course, you will learn about best practices for protecting mobile applications used for IoT solutions

E-Learning English
COD 230

Insecure IoT Firmware

In this course, you will learn how to securely distribute updates that fix known vulnerabilities in software or firmware for your Internet of Things devices.

E-Learning English
COD 233

OWASP Mobile Series

In this series, you will learn about the importance of integrating security into each stage of your Mobile App Development SDLC.

E-Learning English
COD 234

Mobile Threats and Mitigations

In this course, you will learn about best practices for identifying and mitigating the most common threats to mobile applications and their data.

E-Learning English
COD 235

Defending Mobile Data with Cryptography

In this course, you will learn about best practices for implementing strong cryptography to protect mobile applications and their data.

E-Learning English
COD 236

Mobile App Authentication and Authorization

In this course, you will learn how to integrate secure authentication and authorization into your mobile application.

E-Learning English
COD 237

Defending Mobile App Code

In this course, you will learn about best practices for defending your mobile application's code from attacks.

E-Learning English
COD 241

Creating Secure Oracle Database Applications

This course introduces database application developers to key industry best practices for data security, such as secure query construction and secure communication and storage. After completing this course, you will be able to describe how to write stored procedures securely. You will also be able to explain how to secure data stored in the database as well as data in transit using Oracle Database features.

E-Learning English
UPDATED
COD 242

Creating Secure SQL Server and Azure SQL Database Applications

In this course, you will learn how to protect sensitive data and while ensuring the integrity of applications running on the Microsoft SQL Server Engine and Azure SQL Database.

E-Learning English
COD 251

Creating Secure AJAX Code - ASP.NET Foundations

This course introduces secure ASP.NET coding principles for AJAX applications.

E-Learning English
COD 252

Creating Secure AJAX Code - Java Foundations

This course introduces secure Java coding principles for AJAX applications.

E-Learning English Multi-Language
COD 253

Creating Secure AWS Cloud Applications

This course examines the security vulnerabilities, threats, and mitigations for AWS cloud computing services.

E-Learning English
COD 254

Creating Secure Azure Applications

This course examines the security vulnerabilities, threats, and mitigations for Azure cloud computing services.

E-Learning English
COD 255

Creating Secure Code - Web API Applications

This course introduces the fundamentals of secure web services development.

E-Learning English
COD 256

Creating Secure Code - Ruby on Rail Foundations

This course teaches best practices and techniques for secure application development with Ruby on Rails.

E-Learning English
COD 257

Creating Secure Python Web Applications

In this course, you will learn about best practices and techniques for secure web application development with Python.

E-Learning English
COD 259

Node.js Threats and Vulnerabilities

This course discusses system configuration, injection attacks, session management, package management, and the AngularJS framework, all within the context of Node.js security.

E-Learning English
NEW
COD 260

Secure Scripting Series

In this series, you will learn about how to identify security threats to scripts and how to mitigate those threats by implementing access controls and following secure scripting best practices.

E-Learning English
COD 261

Threats to Scripts

In this course, you will learn about the impact of incorrect script development or lax security measures. You will also learn about the most common scripting vulnerabilities, including cached secrets, a variety of injection vulnerabilities, weaknesses related to permissions and privileges, and the threat of resource exhaustion.

E-Learning English
COD 262

Fundamentals of Secure Scripting

In this course, you will learn about how shell scripting languages compare with more modern interpreted languages, several information security principles including least privilege and defense in depth, the importance of data validation, and operating system portability issues.

E-Learning English
COD 263

Secure Scripting with Perl, Python, Bash and Ruby

In this course, you will learn about the importance of error and exception handling in shell scripts and interpreted languages, common syntax pitfalls, and how to prevent or mitigate several common vulnerabilities.

E-Learning English
COD 264

Protecting Sensitive Data while Scripting

In this course, you will learn about how to use filesystem operations safely to protect files, techniques for system hardening, cryptography basics, and the importance of up-to-date communication security techniques.

E-Learning English
COD 270

Creating Secure COBOL and Mainframe Applications

This course covers countermeasures for security vulnerabilities on the mainframe, such as input validation, parameterized APIs, strong cryptography, and being aware of memory management issues.

E-Learning English
COD 280

Creating Secure Java Series Services

This series provides Java developers with the knowledge and skills required to implement the Java Security Model, JAAS, and to protect data using cryptographic best practices.

E-Learning English Multi-Language
NEW
COD 281

Java Security Model

This course introduces you to Java’s policy-driven security model. Key topics include the Java security model, the Java security manager, security policies, and security policy files. After completing this course, you will be able to identify the components of the Java security model and the functionality of the Java security manager and access controller. You will also be able to identify the components of Java security policies as well as describe the function of Java security policy files.

E-Learning English Multi-Language
NEW
COD 282

Java Authentication and Authorization Services (JAAS)

This course discusses the Java authentication and authorization service, or JAAS. JAAS is a Java implementation of the standard pluggable authentication module, or PAM, framework. JAAS provides a framework that developers can use to require users to log in and to define precisely which actions users can perform. After completing this course, you will be able to identify the components of the JAAS framework, and identify how to use JAAS to control user authentication and authorization in your Java application.

E-Learning English Multi-Language
NEW
COD 283

Java Cryptography

This course discusses cryptography and related issues in Java.After completing this course, you will be able to generate secure encryption keys and identify related issues such as pseudo random number generators, key derivation functions, and initialization vectors. You will also be able to select an appropriate symmetric encryption algorithm, cipher mode, and authenticated encryption mode.You will also be able to identify key concepts of public key cryptography, explain how public and private key pairs work together to encrypt and decrypt data for secure transfer and to create and verify digital signatures, and use the Java keytool command-line utility for creating and managing keys and keystores.

E-Learning English Multi-Language
NEW
COD 300

Protecting C Code Series

This series provides C developers with the knowledge and skills required to mitigate buffer overflow conditions, implement secure memory management best practices, and protect applications and data from attacks. data for secure transfer and to create and verify digital signatures, and use the Java keytool command-line utility for creating and managing keys and keystores.

E-Learning English Multi-Language
NEW
COD 301

Secure C Buffer Overflow Mitigations

The C and C++ languages cover a wide range of systems spanning several decades of development.Although all programming languages are susceptible to security vulnerabilities, C and C++ are particularly prone to them due to the low-level nature of the language.In this course, you will learn how to prevent the most serious vulnerabilities in your C and C++ applications.After completing this course, you will be able to mitigate buffer overflows, understand and prevent several additional types of memory management vulnerabilities, protect data in memory, prevent format string vulnerabilities, understand integer overflows, mitigate race conditions, and avoid the most common types of Injection vulnerabilities.

E-Learning English
NEW
COD 302

Secure C Memory Management

After completing this course, you will able to identify the key concepts of dynamic memory management, identify common mistakes that lead to memory corruption and vulnerabilities, and implement best practices to mitigate memory management vulnerabilities

E-Learning English Multi-Language
NEW
COD 303

Common C Vulnerabilities and Attacks

In this course you will review common C application vulnerabilities, how they manifest in code, and techniques and libraries that you can use to mitigate the risk of attack.After completing this course, you will be able to mitigate risk from format string attacks, integer overflows, race conditions, canonicalization issues, command injection, and SQL Injection

E-Learning English Multi-Language
NEW
COD 307

Protecting Data in C++

This course discusses cryptography and related issues for COD 307 - Protecting Data in C++. After completing this course, you will be able to generate strong encryption keys and identify related symmetric cryptography issues, such as pseudo random number generators (PRNGs), key derivation algorithms, and initialization vectors. Additionally, you will be able to select an appropriate symmetric encryption algorithm, cipher mode, and authenticated encryption mode, and identify common libraries that support symmetric cryptography. You will also be able to identify key concepts of public key cryptography, explain how public and private key pairs work together both to encrypt and decrypt data for secure transfer and to create and verify digital signatures, and implement best practices to mitigate memory exposure vulnerabilities.

E-Learning English Multi-Language
NEW
COD 311

Creating Secure ASP.NET MVC Applications

In this course, you will learn about ASP.NET MVC and Web API code security issues that affect MVC and Web API applications. You'll learn methods to protect your application from attacks against MVC’s model-binding behavior, as well as methods to protect your application from cross-site scripting, cross-site request forgery, and malicious URL redirects. You will also study the Web API pipeline and how to implement authentication and authorization in Web API applications.

E-Learning English
COD 315

Creating Secure PHP Code

This course teaches PHP programmers the security principals they need to know to build secure PHP applications. This class teaches programming principles for security in PHP such as proper session management, error handling, authentication, authorization, data storage, use of encryption and defensive programming as well as avoiding and mitigating vulnerabilities such as SQL Injections, Cross-Site Scripting (XSS), File Inclusion, Command Injection, Cross Site Request Forgery (CSRF) and Null Byte attacks. With interactive knowledge checks in each of the modules, after completing the course, the student will be able to program securely and defensively in PHP.

E-Learning English Multi-Language
COD 317

Creating Secure iOS Code in Swift

In this course you will learn how to identify the most common iOS application security vulnerabilities, including Insecure Data Storage, Side Channel Data Leakage, Client Side Injection, Custom URL Scheme Abuse, Stack Smashing and Self-Signed Certificates. You will learn how to mitigate these threats by leveraging iOS and Swift security services while also implementing secure coding best practices, including Secure Memory Management, Automatic Reference Counting, Enabling Position Independent Executable, Secure Data Storage, Communicating Over HTTPS, App Transport Security, TLS Certificate Pinning, Asymmetric Encryption, Parameterized SQL Queries, Validating Path Location Input and Implementing Apple Pay.

E-Learning English
COD 318

Creating Secure Android Code in Java

In this course you will learn how to identify and mitigate the most common Android application security vulnerabilities and attack vectors, including: Weak Server Side Controls, Threats to Data, SQL Injection, Cross-Site Scripting (XSS), Session Hijacking, Threats to User Privacy and Confidentiality, Native Code Attacks, and Missing Data Encryption. Mitigation and best-practices include the Android software stack, the Android security model, access control methods, sandboxing, interprocess communications and implementing the security features of open-source developer tools.

E-Learning English
COD 320

Protecting C# Series

This series describes methods that will produce secure C# applications. It presents the common security vulnerabilities "Canonicalization Issues" and "Integer Overflows", and the unique features of C# and the .NET Framework that can be used to mitigate them.

E-Learning English
NEW
COD 321

Protecting C# from Integer Overflows and Canonicalization Issues

This course describes methods that will produce secure C# applications. It presents the common security vulnerabilities “Canonicalization Issues” and “Integer Overflows”, and the unique features of C# and the .NET Framework that can be used to mitigate them.

E-Learning English
NEW
COD 322

Protecting C# from SQL and XML Injection

This course presents some of the most pervasive security vulnerabilities, “SQL Injection” and “XML Injection”, and the features of the .NET Framework that can be used to mitigate them. When you have completed this course, you will be able to explain where and when SQL injection and XML injection are likely to occur, identify common pitfalls when defending against these vulnerabilities, and identify best practices for mitigating these vulnerabilities.

E-Learning English
NEW
COD 323

Protecting Data in C#

This course describes protecting data both in transit and at rest in C# applications using strong cryptography. Included examples show how sensitive data can be protected in memory with the SecureString and ProtectedMemory classes. The course also describes common cryptographic pitfalls you should avoid, and finally discusses how to protect data in transit, preferably with Transport Layer Security (TLS).

E-Learning English
NEW
COD 352

Creating Secure jQuery Code

Learn about the most common threats to jQuery applications and how to mitigate these vulnerabilities.

E-Learning English Multi-Language
COD 360

(Coming Soon) Creating Secure HTML5 Code Series

This series provides in depth coverage on how to identify and mitigate the most dangerous threats to HTML5 applications, including exposure of sensitive data and insecure communications. In addition it describes how to leverage important HTML5 security features.

E-Learning English
COD 361

(Coming Soon) HTML5 Security Threats

In this course, you will learn about security risks introduced by HTML5. You will also learn about threats, including cross-site scripting, cross-site request forgery, clickjacking, and threats to user privacy, as well as techniques for mitigating these threats.

E-Learning English
COD 362

(Coming Soon) HTML5 Built-In Security Features

In this course, you will learn about important HTML5 security features, including Same-Origin Policy (SOP), Content Security Policy (CSP), Cross-Origin Resource Sharing (CORS), and IFrame Sandboxing, including examples and best practices.

E-Learning English
COD 363

(Coming Soon) Securing HTML5 Data

In this course, you will learn about new features that raise security issues in HTML5 forms, security issues surrounding local data storage, best practices for HTML5 connectivity with the WebSocket API and Server-Sent Events, and best practices for the Web Workers, History, Geolocation, and Drag and Drop APIs.

E-Learning English
COD 364

(Coming Soon) Securing HTML5 Connectivity

In this course, you will learn about best practices for securing connections used by applications that leverage HTML5

E-Learning English
COD 379

Protecting Java Code Series

This series provides Java developers with the knowledge and skills required to mitigate the most common application security vulnerabilities, including SQLi, XSS, and Information Disclosure.

E-Learning English Multi-Language
NEW
COD 380

Protecting Java Code: SQLi and Integer Overflows

This course describes ways to remediate common application security vulnerabilities in your Java application.After completing this course, you will be able to mitigate risk from SQL injection and integer overflows.

E-Learning English Multi-Language
NEW
COD 381

Protecting Java Code: Canonicalization, Information Disclosure and TOCTOU

This course describes ways to remediate common application security vulnerabilities in your Java application.After completing this course, you will be able to mitigate risk from canonicalization issues, information disclosure, and race conditions.

E-Learning English Multi-Language
NEW
COD 382

Protecting Data in Java

This course discusses protecting data at rest and in transit in Java applications. Several code examples are provided to illustrate key concepts. After completing this course, you will be able to protect data at rest and in transit with appropriate cryptographic techniques.

E-Learning English Multi-Language
NEW
COD 715

Creating Secure Code - .NET (C#)

This Instructor-Led course gives developers an in-depth immersion into secure coding practices, with an emphasis on the security features and pitfalls of the .NET programming environment.

Live Training English
COD 721

Attacker Techniques Exposed: Threats, Vulnerabilities, and Exploits

This Instructor-Led course examines trends in software vulnerabilities, demonstrates examples of security breaches, explores a wide range of live software vulnerabilities, and introduces threat modeling techniques.

Live Training English
COD 722

PCI Bootcamp for Software Development Teams

This Instructor-Led course introduces the PCI-DSS to those responsible for compliance in software development.

Live Training English
COD 813

Creating Secure Code - J2EE Applications

This Instructor-Led course gives developers an in-depth immersion into secure coding practices with an emphasis on the security features and pitfalls of the Java programming environment.

Live Training English
COD 817

Creating Secure Code - iOS

In this Instructor-Led course, participants will learn to develop and deploy secure iPhone applications by leveraging Apple’s security libraries and frameworks.

Live Training English
COD 818

Creating Secure Code - Android

This Instructor-Led course helps participants develop secure Android applications by applying Android-specific secure development techniques.

Live Training English
COD 892

Creating Secure Code - Embedded C/C++

This Instructor-Led course examines coding errors and vulnerabilities in the context of embedded C/C++ programming and provides detailed code examples of insecure practices and methods to find, fix, and prevent each type of flaw.

Live Training English
DES 101

Fundamentals of Secure Architecture

In this course, students will examine the state of the industry from a security perspective.

E-Learning English
DES 201

(Coming Soon) Fundamentals of Cryptography Series

In this series, you will learn basic concepts of cryptography and common ways that it is applied, from the perspective of application development. You will learn the importance of randomness; the roles of encoding, encryption, and hashing; the concepts of symmetric and asymmetric encryption; the purpose of cryptographic keys; and the roles of message authentication codes (MACs) and digital signatures. In addition, you'll be introduced to key management, digital certificates, and the public key infrastructure (PKI).

E-Learning English
DES 202

(Coming Soon) Cryptographic Suite Services: Encoding, Encrypting and Hashing

In this series, you will learn basic concepts of cryptography and common ways that it is applied, from the perspective of application development. You will learn the importance of randomness; the roles of encoding, encryption, and hashing; the concepts of symmetric and asymmetric encryption; the purpose of cryptographic keys; and the roles of message authentication codes (MACs) and digital signatures. In addition, you'll be introduced to key management, digital certificates, and the public key infrastructure (PKI).

E-Learning English
DES 203

(Coming Soon) Cryptographic Components: Randomness, Algorithms, and Key Management

This course introduces the common components of cryptographic systems including random number generation, algorithms to perform cryptographic manipulation of information, cryptographic keys, and a mechanism to manage and distribute cryptographic keys. This course coverage aligns with the National Initiative for Cybersecurity Education (NICE) requirements K0018: Knowledge of encryption algorithms, andK0019: Knowledge of cryptography and cryptographic key management concepts.

E-Learning English
DES 204

(Coming Soon) The Role of Cryptography in Application Development

This course introduces cryptography and how cryptography can help secure applications and data. It also provides an overview of common uses of cryptography. After completing this course, you will be able to identify the various cryptographic technologies that are relevant to software solutions. You will also be able to identify several common data-in-motion cryptographic security applications, and identify several common data-at rest cryptographic security applications.

E-Learning English
DES 205

(Coming Soon) Message Integrity Crytographic Functions

This course introduces cryptography and how cryptography can help secure applications and data. It also provides an overview of common uses of cryptography. After completing this course, you will be able to identify the various cryptographic technologies that are relevant to software solutions. You will also be able to identify several common data-in-motion cryptographic security applications, and identify several common data-at rest cryptographic security applications.

E-Learning English
DES 212

Architecture Risk Analysis and Remediation

This course defines techniques for analyzing the architecture/design of a software system for security flaws.

E-Learning English
DES 213

Designing Secure Enterprise Infrastructure Series

In this series, you will learn about the importance of designing and implementing secure access controls across the enterprise infrastructure. You will also learn about the techniques used to identify system security and performance requirements, develop appropriate security architecture, select the correct mitigations, and develop policies that can ensure the secure operation of your systems.

E-Learning English
DES 214

Securing Network Access

In this course, you will learn about how Network Access Control can be used to secure systems on a network.

E-Learning English
DES 215

Securing Operating Systems

In this course, you will learn about common operating system threats and how to best mitigate those threats.

E-Learning English
DES 216

Securing Cloud Instances

In this course, you will learn about the top threats to Cloud resources and how to mitigate them using application security best practices.

E-Learning English
DES 217

Application, Technical and Physical Access Controls

In this course, you will learn about the risks associated with data breaches and how to implement strong access controls and security policies that protect applications, systems and sensitive data.

E-Learning English
DES 221

OWASP 2017 Series

The primary objective of this series of courses, and of the OWASP Top 10, is to educate developers, designers, architects, managers, and organizations about the consequences of the most common and most important web application security weaknesses.

E-Learning English
DES 222

Mitigating Injection

In this course, you will learn how to mitigate the risks associated with injection.

E-Learning English
DES 223

Mitigating Broken Authentication

In this course, you will learn how to mitigate the risks associated with broken authentication.

E-Learning English
DES 224

Mitigating Sensitive Data Exposure

In this course, you will learn how to mitigate the risks associated with sensitive data exposure.

E-Learning English
DES 225

Mitigating XML External Entities

In this course, you will learn how to mitigate the risks associated with XML External Entities (XXE).

E-Learning English
DES 226

Mitigating Broken Access Control

In this course, you will learn how to mitigate the risks associated with broken access control.

E-Learning English
DES 227

Mitigating Security Misconfiguration

In this course, you will learn how to mitigate the risks associated with security misconfiguration.

E-Learning English
DES 228

Mitigating Cross Site Scripting (XSS)

In this course, you will learn how to mitigate the risks associated with Cross-Site Scripting (XSS).

E-Learning English
DES 229

Mitigating Insecure Deserialization

In this course, you will learn how to mitigate the risks associated with insecure deserialization .

E-Learning English
DES 230

Mitigating Use of Components with Known Vulnerabilities

In this course, you will learn how to mitigate the risks associated with using components with known vulnerabilities.

E-Learning English
DES 231

Mitigating Insufficient Logging & Monitoring

In this course, you will learn how to mitigate the risks associated with insufficient logging and monitoring.

E-Learning English
NEW
DES 260

Fundamentals of IoT Architecture and Design

This course focuses on topics in architecting and designing a secure Internet of Things (IoT) system, with emphasis on an embedded IoT device and itsrelationship with the cloud. Topics discussed range from what should be reviewed and defined in the requirements phase to authorization considerations within the IoT device and cloud.This course presents the following subjects:

E-Learning English
NEW
DES 311

Creating Secure Application Architecture

This course covers key principles used to increase security of application architecture and design.

E-Learning English
DES 352

Creating Secure OTA (Over the Air) Automotive System Updates

In this course, participants will learn about the secure design considerations for over-the-air (OTA) updates for automotive systems.

E-Learning English
DES 721

OWASP Top Ten - Threats and Mitigations

This Instructor-Led course introduces students to OWASP and the Top 10 Project, and covers in detail each of the OWASP Top 10 Web Application Vulnerabilities.

Live Training English
DES 722

CWE/SANS Top 25 - Threats & Mitagations

This Instructor-Led course covers in detail the CWE/SANS Top 25 Most Dangerous Programming Errors, which comprises weaknesses in all types of software applications.

Live Training English
DES 811

Secure Architecture and Design

This Instructor-Led course addresses this gap by allowing students to use their own software application in lab-based exercises.

Live Training English
ENG 190

(Coming Soon) Implementing the MS SDL Process Into your SDLC

This series introduces the fundamentals of the Microsoft Security Development Lifecycle (SDL) process and covers the security requirements for each phase your SDLC. Agile SDL variation, the Security Development Lifecycle for Line-of-Business Applications (SDL-LOB), and the Microsoft SDL Threat Modeling tool.

E-Learning English
ENG 191

(Coming Soon) Introduction to the Microsoft SDL

This course describes the main phases of the Microsoft Security Development Lifecycle (SDL) process, namely Requirements, Design, Implementation, Verification, and Release, with a focus on security throughout. After completing this course, you will be able to list the phases of the Microsoft SDL process, and describe the required and recommended tasks for each phase of the process

E-Learning English
ENG 192

(Coming Soon) Implementing the Agile MS SDL

This course describes the Agile variation of the Microsoft Security Development Lifecycle (SDL) process. The standard MS SDL process follows the traditional incremental waterfall model, while Agile methodologies are more iterative. SDL-Agile maps critical security practices into every-sprint requirements, bucket or periodic requirements, and one-time requirements.

E-Learning English
ENG 193

(Coming Soon) Implementing the MS SDL Optimization Model

This course introduces the Microsoft Security Development Lifecycle (SDL) Optimization Model and how to use it.

E-Learning English
ENG 194

(Coming Soon) Implementing MS SDL Line of Business

This course describes the Microsoft Security Development Lifecycle for Line of Business (SDL-LOB), aimed at development of internal or business-facing applications. Important activities include security training, risk assessment, and the typical software lifecycle phases: Requirements, Design, Implementation, Verification, and Release.

E-Learning English
ENG 195

(Coming Soon) Implementing the MS SDL Threat Modeling Tool

This course describes the features of the Microsoft SDL Threat Modeling tool, which complements the Microsoft SDL Threat Modeling process. While not required to perform threat modeling, use of the tool aids teams with the creation of threat models and helps enumerate threats using STRIDE.

E-Learning English
ENG 205

Fundamentals of Threat Modeling

In this course, you will learn about how to use filesystem operations safely to protect files, techniques for system hardening, cryptography basics, and the importance of up-to-date communication security techniques.

E-Learning English
ENG 211

How to Create Application Security Design Requirements

This course examines how to apply the application security maturity model to the development process.

E-Learning English
ENG 311

Attack Surface Analysis and Reduction

Learn about attack surface analysis and reduction as an exercise in risk reduction.

E-Learning English Multi-Language
ENG 312

How to Perform a Security Code Review

Application developers may use a variety of tools to identify flaws in their software. Many of these tools, however, cannot be deployed until late in the development lifecycle; dynamic analysis tools require a staging site and sample data, and some static analysis tools require a compiled build. Manual code reviews, in contrast, can begin at any time and require no specialized tools - only secure coding knowledge. Manual code reviews can also be laborious if every line of source code is reviewed. This course provides students with guidance on how to best organize code reviews, prioritize those code segments that will be reviewed, best practices for reviewing source code and maximize security resources.

E-Learning English Multi-Language
UPDATED
ENG 392

Attack Surface Analysis and Reduction for IoT Embedded Systems

Learn about attack surface analysis and reduction for IoT embedded systems.

E-Learning English
ENG 801

Effective Threat Modeling

This Instructor-Led course introduces the technique of threat modeling, its primary goals, and its role within software development.

Live Training English
ENG 812

Security Code Review

This Instructor-Led course presents the primary techniques used to conduct a security code review, with the focus of identifying potential security vulnerabilities.

Live Training English
TST 101

Fundamentals of Security Testing

This course introduces security testing concepts that help students analyze an application from a security perspective.

E-Learning English
TST 191

Fundamentals of Security Testing for IoT Embedded Systems

This course provides additional security testing training of particular importance to IoT embedded software engineers.

E-Learning English
TST 221

Testing for OWASP 2017 Series

Equally important to understanding what makes the OWASP Top Ten list every three years is understanding how to test for these critical vulnerabilities and keep them out of your applications. By reducing your risk of exposure to the OWASP Top Ten, you help safeguard against compromise. Additionally, testing for these flaws is a requirement of the Payment Card Industry Standards (PCI-DSS) as well as other regulatory bodies. This course explains how these flaws occur and provides testing strategies to identify the flows in web applications.

E-Learning English
NEW
TST 222

Testing for OWASP 2017: Injection

This course explains how testers and developers can determine if their web applications are vulnerable to the A1:2017 family of injection security vulnerabilities identified by the Open Web Application Security Project (OWASP). It also explains how to protect web applications against these vulnerabilities. In this course, you will learn how to test your application against injection, and you will learn how to protect your applications against injection.

E-Learning English
NEW
TST 223

Testing for OWASP 2017: Broken Authentication

This course explains how testers and developers can determine if their web applications are vulnerable to the A2:2017 security vulnerability, broken authentication, identified by the Open Web Application Security Project (OWASP). It also explains how to protect web applications against this vulnerability. In this course, you will learn how to test your application against broken authentication, and you will learn how to protect your applications against broken authentication.

E-Learning English
NEW
TST 224

Testing for OWASP 2017: Sensitive Data Exposure

This course explains how testers and developers can determine if their web applications are vulnerable to the A3:2017 security vulnerability, sensitive data exposure, identified by the Open Web Application Security Project (OWASP). It also explains how to protect web applications against this vulnerability. In this course, you will learn how to test your application against sensitive data exposure, and you will learn how to protect your applications against sensitive data exposure

E-Learning English
NEW
TST 225

Testing for OWASP 2017: XML External Entities

This course explains how testers and developers can determine if their web applications are vulnerable to the A4:2017 security vulnerability, XML external entities, identified by the Open Web Application Security Project (OWASP). It also explains how to protect web applications against this vulnerability. In this course, you will learn how to test your application against XML external entities, and you will learn how to protect your applications against XML external entities.

E-Learning English
NEW
TST 226

Testing for OWASP 2017: Broken Access Control

The Open Web Application Security Project (OWASP) Top 10 lists the most serious and prevalent security vulnerabilities identified for Web applications. This course explains the second vulnerability identified in the OWASP Top 10, Broken Access Control, and the mitigations you can use to reduce the risk to your application. After completing this course, you will be able to determine if a Web application is vulnerable to Broken Access Control, and explain how to protect the application against this security.

E-Learning English
NEW
TST 227

Testing for OWASP 2017: Security Misconfiguration

This course explains how testers and developers can determine if their web applications are vulnerable to the A6:2017 vulnerability, security misconfiguration, identified by the Open Web Application Security Project (OWASP). It also explains how to protect web applications against this vulnerability. In this course, you will learn how to test your application for security misconfiguration,and you will learn how to protect your application against security misconfiguration.

E-Learning English
NEW
TST 228

Testing for OWASP 2017: Cross Site Scripting

The Open Web Application Security Project (OWASP) Top 10 lists the most serious and prevalent security vulnerabilities identified for Web applications. This course explains the seventh vulnerability identified in the OWASP Top 10, Cross-Site Scripting (XSS), and the mitigations you can use to reduce the risk to your application. After completing this course, you will be able to determine if a Web application is vulnerable to Cross-Site Scripting vulnerabilities, and explain how to protect the application.

E-Learning English
NEW
TST 229

Testing for OWASP 2017: Insecure Deserialization

This course explains how testers and developers can determine if their web applications are vulnerable to the A8:2017 Insecure Deserialization vulnerability identified by the Open Web Application Security Project (OWASP).It also explains how to protect web applications against this vulnerability.In this course, you will learn how to test your application for insecure deserialization and you will learn how to protect your application against insecure deserialization.

E-Learning English
NEW
TST 230

Testing for OWASP 2017: Use of Components with Known Vulnerabilities

This course explains how testers and developers can determine if their web applications are vulnerable to the A9:2017 security vulnerability, Using Components with Known Vulnerabilities, identified by the Open Web Application Security Project (OWASP). It also explains how to protect web applications against this vulnerability. In this course, you will learn how to test your application for using components with known vulnerabilities and you will learn how to protect your application against using components with known vulnerabilities.

E-Learning English
NEW
TST 231

Testing for OWASP 2017: Insufficient Logging and Monitoring

This course explains how testers and developers can determine if their web applications are vulnerable to the A10:2017 Insufficient Logging and Monitoring vulnerability identified by the Open Web Application Security Project (OWASP). It also explains how to protect web applications against this vulnerability. In this course, you will learn how to test your application for insufficient logging and monitoring, and you will learn how to protect your application against insufficient logging and monitoring.

E-Learning English
NEW
TST 250

(Coming Soon) Testing for CWE SANS Top 25 Software Errors Series

​In this series, you will learn how to identify and mitigate each of the CWE's 25 Most Dangerous Software Errors. Coverage includes techniques for spotting common security issues through code review and testing. Secure coding best practices are included for each security defect, as well as descriptions of technology specific weaknesses.The course includes Knowledge Checks, Module Summaries, and information about additional online resources.

E-Learning English
TST 251

(Coming Soon) Testing for SQL Injection

In this course, you will learn how to identify and mitigate CWE-89: Improper Neutralization of Special Elements used in an SQL Command (SQL Injection). Coverage includes techniques for spotting SQL Injection through code review and testing. Secure coding best practices are included, as well as descriptions of technology and platform- specific weaknesses as appropriate. This course requires basic knowledge of client-server applications, web applications, the Software Development Life Cycle, cryptography, and the STRIDE model.

E-Learning English
TST 252

(Coming Soon) Testing for OS Command Injection

In this course, you will learn how to identify and mitigate CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection). Coverage includes techniques for spotting OS Command Injection through code review testing. Secure coding best practices are included, as well as descriptions of technology and platform- specific weaknesses as appropriate.This course requires basic knowledge of client-server applications, web applications,the Software Development Life Cycle, cryptography, and the STRIDE model.

E-Learning English
TST 253

(Coming Soon) Testing for Classic Buffer Overflow

In this course, you will learn how to identify and mitigate CWE-120: Buffer Copy without Checking Size of Input. Coverage includes techniques for spotting Classic Buffer Overflow through code review and testing. Secure coding best practices are included, as well as descriptions of technology and platform- specific weaknesses as appropriate. This course requires basic knowledge of client-server applications, web applications, the Software Development Life Cycle, cryptography, and the STRIDE model.

E-Learning English
TST 254

(Coming Soon) Testing for Cross-site Scripting

In this course, you will learn how to identify and mitigate CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’), or XSS. Coverage includes techniques for spotting Cross-site Scripting through code review and testing. Secure coding best practices are included, as well as descriptions of technology and platform- specific weaknesses as appropriate. This course requires basic knowledge of client-server applications, web applications, the Software Development Life Cycle, cryptography, and the STRIDE model.

E-Learning English
TST 255

(Coming Soon) Testing for Missing Authentication for Critical Function

In this course, you will learn how to identify and mitigate CWE-306: Missing Authentication for Critical Function. Coverage includes techniques for spotting the Missing Authentication vulnerability through code review and testing. Secure coding best practices are included, as well as descriptions of technology and platform- specific weaknesses as appropriate.This course requires basic knowledge of client-server applications, web applications, the Software Development Life Cycle, cryptography, and the STRIDE model.

E-Learning English
TST 256

(Coming Soon) Testing for Missing Authorization

In this course, you will learn how to identify and mitigate CWE-862: Missing Authorization. Coverage includes techniques for spotting Missing Authorization through code review and testing. Secure coding best practices are included, as well as descriptions of technology and platform- specific weaknesses as appropriate.This course requires basic knowledge of client-server applications, web applications, the Software Development Life Cycle, cryptography, and the STRIDE model.

E-Learning English
TST 257

(Coming Soon) Testing for Use of Hard-Coded Credentials

In this course, you will learn how to identify and mitigate CWE-798: Use of Hard- coded Credentials. Coverage includes techniques for spotting Hard-coded credential weaknesses through code review and testing. Secure coding best practices are included, as well as descriptions of technology and platform-specific weaknesses as appropriate. This course requires basic knowledge of client-server applications, web applications, the Software Development Life Cycle, cryptography, and the STRIDE model.

E-Learning English
TST 258

(Coming Soon) Testing for Missing Encryption of Sensitive Data

In this course, you will learn how to identify and mitigate CWE-311: Missing Encryption of Sensitive Data. Coverage includes techniques for spotting Missing Encryptions through code review and testing. Secure coding best practices are included, as well as descriptions of technology and platform- specific weaknesses as appropriate.

E-Learning English
TST 259

(Coming Soon) Testing for Unrestricted Upload of File with Dangerous Type

In this course, you will learn how to identify and mitigate CWE-434: Unrestricted Upload of File with Dangerous Type. Coverage includes techniques for spotting Unrestricted Upload vulnerabilities through code review and testing. Secure coding best practices are included, as well as descriptions of technology and platform-specific weaknesses as appropriate.This course requires basic knowledge of client-server applications, web applications, the Software Development Life Cycle, cryptography, and the STRIDE model.

E-Learning English
TST 260

(Coming Soon) Testing for Reliance on Untrusted Inputs in a Security Decision

In this course, you will learn how to identify and mitigate CWE-807: Testing for Reliance on Untrusted Inputs in a Security Decision. Coverage includes techniques for spotting Reliance on Untrusted Inputs vulnerabilities through code review and testing. Secure coding best practices are included, as well as descriptions of technology and platform- specific weaknesses as appropriate. This course requires basic knowledge of client-server applications, web applications, the Software Development Life Cycle, cryptography, and the STRIDE model.

E-Learning English
TST 261

(Coming Soon) Testing for Execution with Unnecessary Privileges

In this course, you will learn how to identify and mitigate CWE-250: Testing for Execution with Unnecessary Privileges. Coverage includes techniques for spotting Execution with Unnecessary Privileges vulnerabilities through code review and testing. Secure coding best practices are included, as well as descriptions of technology and platform- specific weaknesses as appropriate. This course requires basic knowledge of client-server applications, web applications, the Software Development Life Cycle, cryptography, and the STRIDE model.

E-Learning English
TST 262

(Coming Soon) Testing for Cross Site Request Forgery

In this course, you will learn how to identify and mitigate CWE-352: Cross-site Request Forgery (CSRF). Coverage includes techniques for spotting CSRF vulnerabilities through code review and testing. Secure coding best practices are included, as well as descriptions of technology and platform- specific weaknesses as appropriate.This course requires basic knowledge of client-server applications, web applications, the Software Development Life Cycle, cryptography, and the STRIDE model.

E-Learning English
TST 263

(Coming Soon) Testing for Path Traversal

In this course, you will learn how to identify and mitigate CWE-22: Testing for Path Traversal. Coverage includes techniques for spotting Path Traversal weaknesses through code review and testing. Secure coding best practices are included, as well as descriptions of technology and platform-specific weaknesses as appropriate.

E-Learning English
TST 264

(Coming Soon) Testing for Download of Code without integrity Check

In this course, you will learn how to identify and mitigate CWE-494: Testing for Download of Code without Integrity Check. Coverage includes techniques for spotting weaknesses through code review and testing. Secure coding best practices are included, as well as descriptions of technology and platform- specific weaknesses as appropriate.

E-Learning English
TST 265

(Coming Soon) Testing for Incorrect Authorization

In this course, you will learn how to identify and mitigate CWE-863: Incorrect Authorization. Coverage includes techniques for spotting Incorrect Authorization vulnerabilities through code review and testing. Secure coding best practices are included, as well as descriptions of technology and platform- specific weaknesses as appropriate.

E-Learning English
TST 266

(Coming Soon) Testing for Inclusion of Functionality from Untrusted Control Sphere

In this course, you will learn how to identify and mitigate CWE-829: Inclusion of Functionality from Untrusted Control Sphere. Coverage includes techniques for spotting CWE-829 weaknesses through code review and testing. Secure coding best practices are included, as well as descriptions of technology and platform- specific weaknesses as appropriate.

E-Learning English
TST 267

(Coming Soon) Testing for Incorrect Permission Assignment for Critical Resource

In this course, you will learn how to identify and mitigate CWE-732: Testing for Incorrect Permission Assignment for Critical Resource. Coverage includes techniques for spotting CWE-732 vulnerabilities through code review and testing. Secure coding best practices are included, as well as descriptions of technology and platform-specific weaknesses as appropriate.

E-Learning English
TST 268

(Coming Soon) Testing for Use of a Potentially Dangerous Function

In this course, you will learn how to identify and mitigate CWE-676: Testing for Use of a Potentially Dangerous Function. Coverage includes techniques for spotting CWE- 676 vulnerabilities through code review and testing. Secure coding best practices are included, as well as descriptions of technology and platform- specific weaknesses as appropriate.

E-Learning English
TST 269

(Coming Soon) Testing for Use of a Broken or Risky Cryptographic Algorithm

In this course, you will learn how to identify and mitigate CWE-327: Testing for Use of a Broken or Risky Cryptographic Algorithm. Coverage includes techniques for spotting CWE-327 vulnerabilities through code review and testing. Secure coding best practices are included, as well as descriptions of technology and platform- specific weaknesses as appropriate.

E-Learning English
TST 270

(Coming Soon) Testing for Incorrect Calculation of Buffer Size

In this course, you will learn how to identify and mitigate CWE-131: Testing for Incorrect Calculation of Buffer Size. Coverage includes techniques for spotting CWE-131 vulnerabilities through code review and testing. Secure coding best practices are included, as well as descriptions of technology and platform- specific weaknesses as appropriate. This course requires basic knowledge of client-server applications, web applications, the Software Development Life Cycle, cryptography, and the STRIDE model. Upon completion of this course, you will be able to identify CWE-131 vulnerabilities, recognize its potential impact, apply coding best practices to avoid it, find CWE-131 vulnerabilities in your application’s source code, and test your application to detect it.

E-Learning English
TST 271

(Coming Soon) Testing for Improper Restriction of Excessive Authentication Attempts

In this course, you will learn how to identify and mitigate CWE-307: Testing for Improper Restriction of Excessive Authentication Attempts. Coverage includes techniques for spotting CWE-307 vulnerabilities through code review and testing. Secure coding best practices are included, as well as descriptions of technology and platform- specific weaknesses as appropriate.

E-Learning English
TST 272

(Coming Soon) Testing for Open Redirect

In this course, you will learn how to identify and mitigate CWE-601: Open Redirect. Coverage includes techniques for spotting CWE-601 vulnerabilities through codereview and testing. Secure coding best practices are included, as well as descriptions of technology and platform- specific weaknesses as appropriate.This course requires basic knowledge of client-server applications, web applications,the Software Development Life Cycle, cryptography, and the STRIDE model.

E-Learning English
TST 273

(Coming Soon) Testing for Uncontrolled Format String

In this course, you will learn how to identify and mitigate CWE-134: Testing for Uncontrolled Format String. Coverage includes techniques for spotting CWE-134 vulnerabilities through code review and testing. Secure coding best practices are included, as well as descriptions of technology and platform- specific weaknesses as appropriate.

E-Learning English
TST 274

(Coming Soon) Testing for Integer Overflow or Wraparound

In this course, you will learn how to identify and mitigate CWE-190: Testing for Integer Overflow or Wraparound. Coverage includes techniques for spotting weaknesses through code review and testing. Secure coding best practices are included, as well as descriptions of technology and platform- specific weaknesses as appropriate.

E-Learning English
TST 275

(Coming Soon) Testing for Use of a One-Way Hash without a Salt

In this course, you will learn how to identify and mitigate CWE-759: Testing for Use of a One-Way Hash without a Salt. Coverage includes techniques for spotting weaknesses through code review and testing. Secure coding best practices are included, as well as descriptions of technology and platform- specific weaknesses as appropriate.

E-Learning English
TST 291

Classes of Security Defects - IoT Embedded Systems

This course provides additional training on Classes of Security Defects pertaining to IoT embedded software engineers.

E-Learning English
TST 411

Exploiting Buffer Overflows

This course provides students with the required information to help understand and mitigate buffer overflow exploits.

E-Learning English Multi-Language
TST 491

IoT Advanced Embedded Software Security Testing

This course module provides additional Software Security Testing of particular importance to IoT embedded software engineers.

E-Learning English
TST 901

Advanced Web Application Security Testing

This Instructor-Led course examines many important web vulnerabilities like HTML5 attacks, business logic attacks, web services attacks, and AJAX/JSON specific vulnerabilities and issues.

Live Training English
Sorry, there are no courses that meet these specifications.