Course Catalog / Subject / Web

Web

View All Courses Download Course Catalog

API 210 – Mitigating APIs Lack of Resources & Rate Limiting

API 211 – Mitigating APIs Broken Object Level Authorization

API 213 – Mitigating APIs Mass Assignment

API 214 – Mitigating APIs Improper Asset Management

COD 202 – Secure C Runtime Protection

COD 216 – Leveraging .NET Framework Code Access Security (CAS)

COD 217 – Mitigating .NET Security Threats

COD 251 – Defending AJAX-Enabled Web Applications

COD 255 – Creating Secure Code: Web API Foundations

COD 256 – Creating Secure Code: Ruby on Rails Foundations

COD 257 – Creating Secure Python Web Applications

COD 258 – Creating Secure PHP Web Applications

COD 283 – Java Cryptography

COD 284 – Secure Java Coding

COD 287 – Java Application Server Hardening (UPDATED)

COD 288 – Java Public Key Cryptography (NEW)

COD 308 – Common ASP.NET MVC Vulnerabilities and Attacks

COD 309 – Securing ASP.NET MVC Applications

COD 322 – Protecting C# from SQL Injection

COD 324 – Protecting C# from XML Injection

COD 361 – HTML5 Secure Threats

COD 362 – HTML5 Built in Security Features

COD 363 – Securing HTML5 Data

COD 364 – Securing HTML5 Connectivity

COD 380 – Preventing SQL Injection in Java

COD 381 – Preventing Path Traversal Attacks in Java

COD 382 – Protecting Data in Java

COD 384 – Protecting Java from Information Disclosure

COD 385 – Preventing Race Conditions in Java Code

COD 386 – Preventing Integer Overflows in Java Code

DES 207 – Mitigating OWASP API Security Top 10

DES 208 – Defending Against the CSA Top 11 Threats to Cloud Computing

DES 210 – Hardening Linux/Unix Systems

DES 216 – Protecting Cloud Infrastructure

DES 232 – Mitigating OWASP 2021 Injection

DES 233 – Mitigating OWASP 2021 Identification and Authentication Failures

DES 234 – Mitigating OWASP 2021 Cryptographic Failures

DES 235 – Mitigating OWASP 2021 Insecure Design

DES 236 – Mitigating OWASP 2021 Broken Access Control

DES 237 – Mitigating OWASP 2021 Security Misconfiguration

DES 238 – Mitigating OWASP 2021 Server-Side Request Forgery (SSRF)

DES 239 – Mitigating OWASP 2021 Software and Data Integrity Failures

DES 240 – Mitigating OWASP 2021 Vulnerable and Outdated Components

DES 241 – Mitigating OWASP 2021 Security Logging and Monitoring Failures

DES 305 – Protecting Existing Blockchain Assets

DES 306 – Creating a Secure Blockchain Network

DSO 205 – Securing the COTS Supply Chain

DSO 253 – DevSecOps in the AWS Cloud

DSO 254 – DevSecOps in the Azure Cloud

ENG 150 – Meeting Confidentiality, Integrity, and Availability

ENG 191 – Introduction to the Microsoft SDL

ENG 192 – Implementing the Agile Microsoft SDL

ENG 193 – Implementing the Microsoft SDL Optimization Model

ENG 194 – Implementing Microsoft SDL Line of Business

ENG 195 – Implementing the Microsoft SDL Threat Modeling Tool

ENG 353 – Selecting, Implementing and Assessing Controls within the RMF

ENG 354 – Authorizing and Monitoring System Controls within the RMF

LAB 101 – Identifying Broken Access Control Vulnerabilities

LAB 102 – Identifying Broken Object-Level Authorization Vulnerabilities

LAB 103 – Identifying Broken User Authentication Vulnerabilities

LAB 104 – Identifying Business Logic Flaw Vulnerabilities

LAB 105 – Identifying Credential Dumping: Vulnerability Identification

LAB 106 – Identifying Cross-Site Scripting Vulnerabilities

LAB 107 – Identifying Injection Vulnerabilities

LAB 108 – Identifying Reverse Engineering Vulnerabilities

LAB 109 – Identifying Security Misconfiguration Vulnerabilities

LAB 110 – Identifying Sensitive Data Exposure Vulnerability Identification

LAB 111 – Identifying Server-Side Request Forgery

LAB 113 – Identifying Cryptographic Failures

LAB 114 – Identifying Cookie Tampering

LAB 115 – Identifying Reflective XSS

LAB 116 – Identifying Forceful Browsing

LAB 117 – Identifying Hidden Form Field

LAB 118 – Identifying Weak File Upload Validation

LAB 119 – Identifying Persistent XSS

LAB 120 – Identifying XML Injection

LAB 121 – Identifying Vulnerable and Outdate Components

LAB 124 – Identifying Horizontal Privilege Escalation

LAB 125 – Identifying Buffer Overflow

LAB 126 – Identifying Information Leakage

LAB 127 – Identifying Security Logging and Monitoring Failures

LAB 128 – Identifying Unverified Password Change

LAB 129 – Identifying Error Message Containing Sensitive Information

LAB 130 – Identifying Generation of Predictable Numbers or Identifiers

LAB 131 – Identifying Improper Restriction of XML External Entity Reference

LAB 132 – Identifying Exposed Services

LAB 133 – Identifying Exposure of Sensitive Information Through Environmental Variables

LAB 134 – Identifying Plaintext Storage of a Password

LAB 135 – Identifying URL Redirection to Untrusted Site

LAB 136 – Identifying Improper Neutralization of Script in Attributes in a Web Page

LAB 137 – Identifying Improper Authorization (NEW)

LAB 138 – Identifying Authorization Bypass Through User-Controlled Key (NEW)

LAB 139 – Identifying Use of a Key Past its Expiration Date (NEW)

LAB 211 – Defending Java Applications Against Credentials in Code Medium

LAB 212 – Defending Python Applications Against Credentials in Code Medium

LAB 213 – Defending Node.js Applications Against Credentials in Code Medium

LAB 214 – Defending C# Applications Against Credentials in Code Medium

LAB 215 – Defending Java Applications Against Business Logic Error for Input Validation

LAB 216 – Defending Python Applications Against Business Logic Error for Input Validation

LAB 217 – Defending Node.js Applications Against Business Logic Error for Input Validation

LAB 218 – Defending C# Applications Against Business Logic Error for Input Validation

LAB 220 – Defending Against Hard-Coded Secrets

LAB 221 – Defending C# Applications Against SQL Injection

LAB 222 – Defending Python Applications Against SQL Injection

LAB 223 – Defending Node.js Applications Against SQL Injection

LAB 224 – Defending Java Applications Against Forceful Browsing

LAB 225 – Defending Python Applications Against Forceful Browsing

LAB 226 – Defending Node.js Applications Against Forceful Browsing

LAB 227 – Defending C# Applications Against Forceful Browsing

LAB 228 – Defending Java Applications Against Weak AES ECB Mode Encryption

LAB 229 – Defending Java Applications Against Weak PRNG

LAB 230 – Defending Java Applications Against XSS

LAB 231 – Defending Python Applications Against XSS

LAB 232 – Defending C# Applications Against XSS

LAB 233 – Defending Node.js Applications Against XSS

LAB 234 – Defending Java Applications Against Parameter Tampering

LAB 235 – Defending Java Applications Against Plaintext Password Storage

LAB 236 – Defending Java Applications Against Sensitive Information in Error Messages

LAB 237 – Defending Java Applications Against SQL Injection

LAB 238 – Defending C# Applications Against Weak AES ECB Mode Encryption

LAB 239 – Defending C# Applications Against Weak PRNG

LAB 240 – Defending Java Applications Against eXternal XML Entity (XXE) Vulnerabilities

LAB 241 – Defending C# Applications Against eXternal XML Entity (XXE) Vulnerabilities

LAB 242 – Defending Node.js Applications Against eXternal XML Entity (XXE) Vulnerabilities

LAB 243 – Defending Python Applications Against eXternal XML Entity (XXE) Vulnerabilities

LAB 244 – Defending Java Applications Against Security Misconfiguration

LAB 245 – Defending Node.js Applications Against Plaintext Password Storage

LAB 246 – Defending Node.js Applications Against Weak AES ECB Mode Encryption

LAB 247 – Defending Node.js Applications Against Weak PRNG

LAB 248 – Defending Node.js Applications Against Parameter Tampering

LAB 249 – Defending Python Applications Against Plaintext Password Storage

LAB 250 – Defending C# Applications Against Parameter Tampering

LAB 251 – Defending C# Applications Against Plaintext Password Storage

LAB 252 – Defending Python Applications Against Weak AES ECB Mode Encryption

LAB 253 – Defending Python Applications Against Weak PRNG

LAB 254 – Defending Python Applications Against Parameter Tampering

LAB 260 – Defending C# Applications Against Sensitive Information in Error Messages

LAB 261 – Defending Python Applications Against Sensitive Information in Error Messages

LAB 262 – Defending Node.js Applications Against Sensitive Information in Error Messages

LAB 263 – Defending Java Applications Against Sensitive Information in Log Files

LAB 264 – Defending Python Applications Against Sensitive Information in Log Files

LAB 265 – Defending Node.js Applications Against Sensitive Information in Log Files

LAB 266 – Defending C# Applications Against Sensitive Information in Log Files

LAB 267 – Defending Java Applications Against Deserialization of Untrusted Data

LAB 268 – Defending Python Applications Against Deserialization of Untrusted Data

LAB 269 – Defending Node.js Applications Against Deserialization of Untrusted Data

LAB 270 – Defending C# Applications Against Deserialization of Untrusted Data

LAB 271 – Defending Java Applications Against SSRF

LAB 272 – Defending Python Applications Against SSRF

LAB 273 – Defending Node.js Applications Against SSRF

LAB 274 – Defending C# Applications Against SSRF

LAB 275 – Defending Java Applications Against Command Injection (NEW)

LAB 276 – Defending Python Applications Against Command Injection (NEW)

LAB 277 – Defending Node.js Applications Against Command Injection (NEW)

LAB 278 – Defending C# Applications Against Command Injection (NEW)

LAB 279 – Defending Java Applications Against Dangerous File Upload (NEW)

LAB 280 – Defending Python Applications Against Dangerous File Upload (NEW)

LAB 281 – Defending Node.js Applications Against Dangerous File Upload (NEW)

LAB 282 – Defending C# Applications Against Dangerous File Upload (NEW)

LAB 283 – Defending Java Applications Against RegEx DoS (NEW)

LAB 284 – Defending Python Applications Against RegEx DoS (NEW)

LAB 285 – Defending Node.js Applications Against RegEx DoS (NEW)

LAB 286 – Defending C# Applications Against RegEx DoS (NEW)

LAB 315 – ATT&CK: Updating Vulnerable Java Web Application Server Software

LAB 321 – ATT&CK: Password Cracking

LAB 322 – ATT&CK: Exploiting Windows File Sharing Server with External Remote Services

LAB 323 – ATT&CK: Exploiting Vulnerable Java Web Application Server Software

LAB 324 – ATT&CK: Exploiting Java Web Application Server Misconfiguration

LAB 330 – ATT&CK: Exploiting Java SQL Injection to Extract Password Hashes

SDT 301 – Testing for Injection

SDT 302 – Testing for Identification and Authentication Failures

SDT 303 – Testing for Cryptographic Failures

SDT 304 – Testing for Insecure Design

SDT 305 – Testing for Broken Access Control

SDT 306 – Testing for Security Misconfiguration

SDT 307 – Testing for Server-Side Request Forgery (SSRF)

SDT 308 – Testing for Software and Data Integrity Failures

SDT 309 – Testing for Vulnerable and Outdated Components

SDT 310 – Testing for Security Logging and Monitoring Failures

SDT 314 – Testing for Unrestricted Upload of File with Dangerous Type

TST 202 – Penetration Testing Fundamentals

TST 206 – ASVS Requirements for Developers

TST 351 – Penetration Testing for TLS Vulnerabilities

TST 352 – Penetration Testing for Injection Vulnerabilities

TST 353 – Penetration Testing for SQL Injection

TST 355 – Penetration Testing for Authorization Vulnerabilities

TST 356 – Penetration Testing for Cross-Site Scripting (XSS)