Course Catalog / Subject / Web

Web

The Courses

View All Courses Download Course Catalog

LAB 253 Defending Against Weak PRNG (Python) (COMING SOON)

LAB 247 Defending Against Weak PRNG (Node.js) (COMING SOON)

LAB 229 Defending Against Weak PRNG (Java) (COMING SOON)

LAB 239 Defending Against Weak PRNG (C#) (COMING SOON)

LAB 252 Defending Against Weak AES ECB Mode Encryption (Python) (COMING SOON)

LAB 246 Defending Against Weak AES ECB Mode Encryption (Node.js) (COMING SOON)

LAB 228 Defending Against Weak AES ECB Mode Encryption (Java) (COMING SOON)

LAB 238 Defending Against Weak AES ECB Mode Encryption (C#) (COMING SOON)

LAB 249 Defending Against Plaintext Password Storage (Python) (COMING SOON)

LAB 245 Defending Against Plaintext Password Storage (Node.js) (COMING SOON)

LAB 235 Defending Against Plaintext Password Storage (Java) (COMING SOON)

LAB 251 Defending Against Plaintext Password Storage (C#) (COMING SOON)

LAB 254 Defending Against Parameter Tampering (Python) (COMING SOON)

LAB 248 Defending Against Parameter Tampering (Node.js) (COMING SOON)

LAB 234 Defending Against Parameter Tampering (Java) (COMING SOON)

LAB 250 Defending Against Parameter Tampering (C#) (COMING SOON)

LAB 126 Identifying Information Leakage (COMING SOON)

LAB 125 Identifying Buffer Overflow (COMING SOON)

LAB 124 Identifying Horizontal Privilege Escalation (COMING SOON)

LAB 111 Identifying Server-Side Request Forgery (COMING SOON)

API 211 Mitigating APIs Broken Object Level Authorization (COMING SOON)

API 210 Mitigating APIs Lack of Resources & Rate Limiting (COMING SOON)

LAB 324 ATT&CK: Exploiting Java Web Application Server Misconfiguration (NEW)

LAB 323 ATT&CK: Exploiting Vulnerable Java Web Application Server Software (NEW)

LAB 315 ATT&CK: Updating Vulnerable Java Web Application Server Software (NEW)

LAB 244 Defending Java Against Security Misconfiguration (NEW)

LAB 243 Defending Python Against eXternal XML Entity (XXE) Vulnerabilities (NEW)

LAB 242 Defending Node.js Against eXternal XML Entity (XXE) Vulnerabilities (NEW)

LAB 241 Defending C# Against eXternal XML Entity (XXE) Vulnerabilities (NEW)

LAB 240 Defending Java Against eXternal XML Entity (XXE) Vulnerabilities (NEW)

LAB 223 Defending Node.js Against SQL Injection (NEW)

LAB 222 Defending Python Against SQL Injection (NEW)

LAB 221 Defending C# Against SQL Injection (NEW)

LAB 121 Identifying Vulnerable and Outdate Components (NEW)

LAB 113 Identifying Cryptographic Failures (NEW)

SDT 310 Testing for Security Logging and Monitoring Failures (NEW)

SDT 309 Testing for Vulnerable and Outdated Components (NEW)

SDT 308 Testing for Software and Data Integrity Failures (NEW)

SDT 307 Testing for Server-Side Request Forgery (SSRF) (NEW)

SDT 306 Testing for Security Misconfiguration (NEW)

SDT 305 Testing for Broken Access Control (NEW)

SDT 304 Testing for Insecure Design (NEW)

SDT 303 Testing for Cryptographic Failures (NEW)

SDT 302 Testing for Identification and Authentication Failures (NEW)

SDT 301 Testing for Injection (NEW)

DES 241 Mitigating OWASP 2021 Security Logging and Monitoring Failures (NEW)

DES 240 Mitigating OWASP 2021 Vulnerable and Outdated Components (NEW)

DES 239 Mitigating OWASP 2021 Software and Data Integrity Failures (NEW)

DES 238 Mitigating OWASP 2021 Server-Side Request Forgery (SSRF) (NEW)

DES 237 Mitigating OWASP 2021 Security Misconfiguration (NEW)

DES 236 Mitigating OWASP 2021 Broken Access Control (NEW)

DES 235 Mitigating OWASP 2021 Insecure Design (NEW)

DES 234 – Mitigating OWASP 2021 Cryptographic Failures (NEW)

DES 233 – Mitigating OWASP 2021 Identification and Authentication Failures (NEW)

DES 232 – Mitigating OWASP 2021 Injection (NEW)

LAB 330 ATT&CK: Exploiting Java SQL Injection to Extract Password Hashes (NEW)

LAB 322 ATT&CK: Exploiting Windows File Sharing Server with External Remote Services (NEW)

LAB 321 ATT&CK: Password Cracking (NEW)

LAB 237 Defending Java from SQL Injection (NEW)

LAB 233 Defending Node.js Against XSS (NEW)

LAB 232 Defending C# Against XSS (NEW)

LAB 231 Defending Python Against XSS (NEW)

LAB 230 Defending Java Against XSS (NEW)

LAB 220 Defending Against Hard-Coded Secrets (NEW)

LAB 120 Identifying XML Injection (NEW)

LAB 119 Identifying Persistent XSS (NEW)

LAB 118 Identifying Weak File Upload Validation (NEW)

LAB 117 Identifying Hidden Form Field (NEW)

LAB 116 Identifying Forceful Browsing (NEW)

LAB 115 Identifying Reflective XSS (NEW)

LAB 114 Identifying Cookie Tampering (NEW)

LAB 110 – Identifying Sensitive Data Exposure Vulnerability Identification

LAB 109 – Identifying Security Misconfiguration Vulnerabilities

LAB 108 – Identifying Reverse Engineering Vulnerabilities

LAB 107 – Identifying Injection Vulnerabilities

LAB 106 – Identifying Cross-Site Scripting Vulnerabilities

LAB 105 – Identifying Credential Dumping: Vulnerability Identification

LAB 104 – Identifying Business Logic Flaw Vulnerabilities

LAB 103 – Identifying Broken User Authentication Vulnerabilities

LAB 102 – Identifying Broken Object-Level Authorization Vulnerabilities

LAB 101 – Identifying Broken Access Control Vulnerabilities

DES 208 – Defending Against the CSA Top 11 Threats to Cloud Computing

DES 207 – Mitigating OWASP API Security Top 10

COD 386 – Preventing Integer Overflows in Java Code

COD 385 – Preventing Race Conditions in Java Code

COD 384 – Protecting Java from Information Disclosure

COD 324 – Protecting C# from XML Injection

COD 287 – Java Application Server Hardening

TST 206 – ASVS Requirements for Developers

ENG 354 – Authorizing and Monitoring System Controls within the RMF

ENG 353 – Selecting, Implementing and Assessing Controls within the RMF

DSO 254 – DevSecOps in the Azure Cloud

DSO 253 – DevSecOps in the AWS Cloud

DSO 205 – Securing the COTS Supply Chain

DES 306 – Creating a Secure Blockchain Network

DES 305 – Protecting Existing Blockchain Assets

DES 210 – Hardening Linux/Unix Systems

TST 356 – Penetration Testing for Cross-Site Scripting (XSS)

TST 355 – Penetration Testing for Authorization Vulnerabilities

TST 353 – Penetration Testing for SQL Injection

TST 352 – Penetration Testing for Injection Vulnerabilities

TST 351 – Penetration Testing for TLS Vulnerabilities

TST 202 – Penetration Testing Fundamentals

COD 258 – Creating Secure PHP Web Applications

COD 251 – Defending AJAX-Enabled Web Applications

COD 309 – Securing ASP.NET MVC Applications

COD 308 – Common ASP.NET MVC Vulnerabilities and Attacks

ENG 150 – Meeting Confidentiality, Integrity, and Availability

COD 284 – Secure Java Coding

COD 249 – PCI DSS 11: Regularly Test Security Systems and Processes

COD 248 – PCI DSS 6: Develop and Maintain Secure Systems and Applications

COD 247 – PCI DSS 4: Encrypting Transmission of Cardholder Data

COD 246 – PCI DSS 3: Protecting Stored Cardholder Data

SDT 314 – Testing for Unrestricted Upload of File with Dangerous Type

COD 379 – Testing for OWASP 2017: Insufficient Logging & Monitoring

COD 378 – Testing for OWASP 2017: Use of Components with Known Vulnerabilities

COD 377 – Testing for OWASP 2017: Insecure Deserialization

COD 376 – Testing for OWASP 2017: Cross Site Scripting (XSS)

COD 375 – Testing for OWASP 2017: Security Misconfiguration

COD 374 – Testing for OWASP 2017: Broken Access Control

COD 373 – Testing for OWASP 2017: XML External Entities

COD 372 – Testing for OWASP 2017: Sensitive Data Exposure

COD 371 – Testing for OWASP 2017: Broken Authentication

COD 370- Testing for OWASP 2017: Injection

ENG 195 – Implementing the Microsoft SDL Threat Modeling Tool

ENG 194 – Implementing Microsoft SDL Line of Business

ENG 193 – Implementing the Microsoft SDL Optimization Model

ENG 192- Implementing the Agile Microsoft SDL

ENG 191 – Introduction to the Microsoft SDL

DES 231 – Applying OWASP 2017: Mitigating Insufficient Logging & Monitoring Vulnerabilities

DES 230 – Applying OWASP 2017: Mitigating Use of Components with Known Vulnerabilities

DES 229 – Applying OWASP 2017: Mitigating Insecure Deserialization

DES 228 – Applying OWASP 2017: Mitigating Cross Site Scripting (XSS)

DES 227 – Applying OWASP 2017: Mitigating Security Misconfiguration

DES 226 – Applying OWASP 2017: Mitigating Broken Access Control

DES 225 – Applying OWASP 2017: Mitigating XML External Entities

DES 224 – Applying OWASP 2017: Mitigating Sensitive Data Exposure

DES 223 – Applying OWASP 2017: Mitigating Broken Authentication

DES 222 – Applying OWASP 2017: Mitigating Injection

COD 382 – Protecting Data in Java

COD 381 – Preventing Path Traversal Attacks in Java

COD 380 – Preventing SQL Injection in Java

COD 364 – Securing HTML5 Connectivity

COD 363- Securing HTML5 Data

COD 362 – HTML5 Built in Security Features

COD 361 – HTML5 Secure Threats

COD 322 – Protecting C# from SQL Injection

COD 283 – Java Cryptography

COD 281 – Java Security Model

COD 257 – Creating Secure Python Web Applications

COD 256 – Creating Secure Code: Ruby on Rails Foundations

COD 255 – Creating Secure Code: Web API Foundations

COD 217 – Mitigating .NET Security Threats

COD 216 – Leveraging .NET Framework Code Access Security (CAS)

COD 202 – Secure C Runtime Protection