Close
Training
CMD+CTRL Base Camp
SI-CSC Certification
Courses
Overview
Features
Learning Paths
Course Catalog
Customer Success
Try it
Labs
Cyber Range
Overview
Environments & Modes
Reporting
Customer Success
Get Started
Try it
|
Lab Journey series
Try it
|
Take the AppSec Challenge
Services
Overview
Software Penetration Testing
IoT Pen Testing
Mobile Pen Testing
Cloud & Web Penetration Testing
Blockchain Pen Testing
Our Difference
Application Security Consulting
Secure SDLC (SSDLC) Consulting
Application Security Code Review
Architecture & Design Review
Medical Device Threat Modeling
Infrastructure Security Consulting
Attack Simulation
Cloud Security Configuration
Security Tabletop Consulting
Solutions
Cloud & Web
Mobile
IoT & Embedded
Blockchain
Resources
Ed TALKS
White Papers, Tipsheets, & Case Studies
Webinars
About Us
Company Overview
20 Years of Innovation
Closing the Skills Gap
Diversity, Equity & Inclusion
Clients
Leadership
Careers
News & Events
Contact
Let’s Talk
Request a Demo
We’re Hiring
Blog
Course Catalog
Request a Demo
We’re Hiring
Blog
Course Catalog
Training
CMD+CTRL Base Camp
SI-CSC Certification
Courses
Overview
Features
Learning Paths
Course Catalog
Customer Success
Try it
Labs
Cyber Range
Overview
Environments & Modes
Reporting
Customer Success
Get Started
Try it
|
Lab Journey series
Try it
|
Take the AppSec Challenge
Services
Overview
Software Penetration Testing
IoT Pen Testing
Mobile Pen Testing
Cloud & Web Penetration Testing
Blockchain Pen Testing
Our Difference
Application Security Consulting
Secure SDLC (SSDLC) Consulting
Application Security Code Review
Architecture & Design Review
Medical Device Threat Modeling
Infrastructure Security Consulting
Attack Simulation
Cloud Security Configuration
Security Tabletop Consulting
Solutions
Cloud & Web
Mobile
IoT & Embedded
Blockchain
Resources
Ed TALKS
White Papers, Tipsheets, & Case Studies
Webinars
About Us
Company Overview
20 Years of Innovation
Closing the Skills Gap
Diversity, Equity & Inclusion
Clients
Leadership
Careers
News & Events
Contact
Let’s Talk
Course Catalog
/
Subject
/
Web
Web
View All Courses
Download Course Catalog
API 210 – Mitigating APIs Lack of Resources & Rate Limiting
15 Minutes
Advanced
API 211 – Mitigating APIs Broken Object Level Authorization
15 Minutes
Advanced
API 213 – Mitigating APIs Mass Assignment
15 Minutes
Advanced
API 214 – Mitigating APIs Improper Asset Management
15 Minutes
Advanced
COD 202 – Secure C Runtime Protection
15 Minutes
Advanced
COD 216 – Leveraging .NET Framework Code Access Security (CAS)
60 Minutes
Advanced
COD 217 – Mitigating .NET Security Threats
45 Minutes
Advanced
COD 251 – Defending AJAX-Enabled Web Applications
25 Minutes
Elective
COD 255 – Creating Secure Code: Web API Foundations
20 Minutes
Elective
COD 256 – Creating Secure Code: Ruby on Rails Foundations
90 Minutes
Advanced
COD 257 – Creating Secure Python Web Applications
45 Minutes
Advanced
COD 258 – Creating Secure PHP Web Applications
30 Minutes
Advanced
COD 283 – Java Cryptography
45 Minutes
Advanced
COD 284 – Secure Java Coding
30 Minutes
Advanced
COD 287 – Java Application Server Hardening (UPDATED)
20 Minutes
Advanced
COD 288 – Java Public Key Cryptography (NEW)
20 Minutes
Advanced
COD 308 – Common ASP.NET MVC Vulnerabilities and Attacks
45 Minutes
Elite
COD 309 – Securing ASP.NET MVC Applications
30 Minutes
Elite
COD 322 – Protecting C# from SQL Injection
8 Minutes
Elite
COD 324 – Protecting C# from XML Injection
8 Minutes
Elite
COD 361 – HTML5 Secure Threats
15 Minutes
Elite
COD 362 – HTML5 Built in Security Features
20 Minutes
Elite
COD 363 – Securing HTML5 Data
20 Minutes
Elite
COD 364 – Securing HTML5 Connectivity
20 Minutes
Elite
COD 380 – Preventing SQL Injection in Java
8 Minutes
Elite
COD 381 – Preventing Path Traversal Attacks in Java
8 Minutes
Elite
COD 382 – Protecting Data in Java
30 Minutes
Elite
COD 384 – Protecting Java from Information Disclosure
8 Minutes
Elite
COD 385 – Preventing Race Conditions in Java Code
8 Minutes
Elite
COD 386 – Preventing Integer Overflows in Java Code
8 Minutes
Elite
DES 207 – Mitigating OWASP API Security Top 10
15 Minutes
Advanced
DES 208 – Defending Against the CSA Top 11 Threats to Cloud Computing
15 Minutes
Advanced
DES 210 – Hardening Linux/Unix Systems
30 Minutes
Advanced
DES 216 – Protecting Cloud Infrastructure
40 Minutes
Advanced
DES 232 – Mitigating OWASP 2021 Injection
12 Minutes
Advanced
DES 233 – Mitigating OWASP 2021 Identification and Authentication Failures
12 Minutes
Advanced
DES 234 – Mitigating OWASP 2021 Cryptographic Failures
12 Minutes
Advanced
DES 235 – Mitigating OWASP 2021 Insecure Design
12 Minutes
Advanced
DES 236 – Mitigating OWASP 2021 Broken Access Control
12 Minutes
Advanced
DES 237 – Mitigating OWASP 2021 Security Misconfiguration
12 Minutes
Advanced
DES 238 – Mitigating OWASP 2021 Server-Side Request Forgery (SSRF)
12 Minutes
Advanced
DES 239 – Mitigating OWASP 2021 Software and Data Integrity Failures
12 Minutes
Advanced
DES 240 – Mitigating OWASP 2021 Vulnerable and Outdated Components
12 Minutes
Advanced
DES 241 – Mitigating OWASP 2021 Security Logging and Monitoring Failures
12 Minutes
Advanced
DES 305 – Protecting Existing Blockchain Assets
20 Minutes
Elite
DES 306 – Creating a Secure Blockchain Network
20 Minutes
Elite
DSO 205 – Securing the COTS Supply Chain
15 Minutes
Advanced
DSO 253 – DevSecOps in the AWS Cloud
20 Minutes
Advanced
DSO 254 – DevSecOps in the Azure Cloud
20 Minutes
Advanced
ENG 150 – Meeting Confidentiality, Integrity, and Availability
30 Minutes
Core
ENG 191 – Introduction to the Microsoft SDL
25 Minutes
Core
ENG 192 – Implementing the Agile Microsoft SDL
20 Minutes
Core
ENG 193 – Implementing the Microsoft SDL Optimization Model
12 Minutes
Core
ENG 194 – Implementing Microsoft SDL Line of Business
20 Minutes
Core
ENG 195 – Implementing the Microsoft SDL Threat Modeling Tool
20 Minutes
Core
ENG 353 – Selecting, Implementing and Assessing Controls within the RMF
20 Minutes
Elite
ENG 354 – Authorizing and Monitoring System Controls within the RMF
20 Minutes
Elite
LAB 101 – Identifying Broken Access Control Vulnerabilities
5 Minutes
Advanced
LAB 102 – Identifying Broken Object-Level Authorization Vulnerabilities
5 Minutes
Advanced
LAB 103 – Identifying Broken User Authentication Vulnerabilities
7 Minutes
Advanced
LAB 104 – Identifying Business Logic Flaw Vulnerabilities
7 Minutes
Advanced
LAB 105 – Identifying Credential Dumping: Vulnerability Identification
7 Minutes
Advanced
LAB 106 – Identifying Cross-Site Scripting Vulnerabilities
7 Minutes
Advanced
LAB 107 – Identifying Injection Vulnerabilities
7 Minutes
Advanced
LAB 108 – Identifying Reverse Engineering Vulnerabilities
8 Minutes
Advanced
LAB 109 – Identifying Security Misconfiguration Vulnerabilities
5 Minutes
Advanced
LAB 110 – Identifying Sensitive Data Exposure Vulnerability Identification
7 Minutes
Advanced
LAB 111 – Identifying Server-Side Request Forgery
5 Minutes
Advanced
LAB 113 – Identifying Cryptographic Failures
5 Minutes
Advanced
LAB 114 – Identifying Cookie Tampering
5 Minutes
Advanced
LAB 115 – Identifying Reflective XSS
5 Minutes
Advanced
LAB 116 – Identifying Forceful Browsing
5 Minutes
Advanced
LAB 117 – Identifying Hidden Form Field
5 Minutes
Advanced
LAB 118 – Identifying Weak File Upload Validation
5 Minutes
Advanced
LAB 119 – Identifying Persistent XSS
5 Minutes
Advanced
LAB 120 – Identifying XML Injection
5 Minutes
Advanced
LAB 121 – Identifying Vulnerable and Outdate Components
5 Minutes
Advanced
LAB 124 – Identifying Horizontal Privilege Escalation
5 Minutes
Advanced
LAB 125 – Identifying Buffer Overflow
5 Minutes
Advanced
LAB 126 – Identifying Information Leakage
5 Minutes
Advanced
LAB 127 – Identifying Security Logging and Monitoring Failures
5 Minutes
Advanced
LAB 128 – Identifying Unverified Password Change
5 Minutes
Advanced
LAB 129 – Identifying Error Message Containing Sensitive Information
5 Minutes
Advanced
LAB 130 – Identifying Generation of Predictable Numbers or Identifiers
5 Minutes
Advanced
LAB 131 – Identifying Improper Restriction of XML External Entity Reference
5 Minutes
Elective
LAB 132 – Identifying Exposed Services
5 Minutes
Elective
LAB 133 – Identifying Exposure of Sensitive Information Through Environmental Variables
5 Minutes
LAB 134 – Identifying Plaintext Storage of a Password
5 Minutes
LAB 135 – Identifying URL Redirection to Untrusted Site
5 Minutes
LAB 136 – Identifying Improper Neutralization of Script in Attributes in a Web Page
5 Minutes
LAB 137 – Identifying Improper Authorization (NEW)
5 Minutes
Advanced
LAB 138 – Identifying Authorization Bypass Through User-Controlled Key (NEW)
5 Minutes
Advanced
LAB 139 – Identifying Use of a Key Past its Expiration Date (NEW)
5 Minutes
Advanced
LAB 211 – Defending Java Applications Against Credentials in Code Medium
10 Minutes
Advanced
LAB 212 – Defending Python Applications Against Credentials in Code Medium
10 Minutes
Advanced
LAB 213 – Defending Node.js Applications Against Credentials in Code Medium
10 Minutes
Advanced
LAB 214 – Defending C# Applications Against Credentials in Code Medium
10 Minutes
Advanced
LAB 215 – Defending Java Applications Against Business Logic Error for Input Validation
10 Minutes
Advanced
LAB 216 – Defending Python Applications Against Business Logic Error for Input Validation
10 Minutes
Advanced
LAB 217 – Defending Node.js Applications Against Business Logic Error for Input Validation
10 Minutes
Advanced
LAB 218 – Defending C# Applications Against Business Logic Error for Input Validation
10 Minutes
Advanced
LAB 220 – Defending Against Hard-Coded Secrets
5 Minutes
Advanced
LAB 221 – Defending C# Applications Against SQL Injection
10 Minutes
Advanced
LAB 222 – Defending Python Applications Against SQL Injection
10 Minutes
Advanced
LAB 223 – Defending Node.js Applications Against SQL Injection
10 Minutes
Advanced
LAB 224 – Defending Java Applications Against Forceful Browsing
10 Minutes
Advanced
LAB 225 – Defending Python Applications Against Forceful Browsing
10 Minutes
Advanced
LAB 226 – Defending Node.js Applications Against Forceful Browsing
10 Minutes
Advanced
LAB 227 – Defending C# Applications Against Forceful Browsing
10 Minutes
Advanced
LAB 228 – Defending Java Applications Against Weak AES ECB Mode Encryption
10 Minutes
Advanced
LAB 229 – Defending Java Applications Against Weak PRNG
10 Minutes
Advanced
LAB 230 – Defending Java Applications Against XSS
15 Minutes
Advanced
LAB 231 – Defending Python Applications Against XSS
15 Minutes
Advanced
LAB 232 – Defending C# Applications Against XSS
15 Minutes
Advanced
LAB 233 – Defending Node.js Applications Against XSS
15 Minutes
Advanced
LAB 234 – Defending Java Applications Against Parameter Tampering
10 Minutes
Advanced
LAB 235 – Defending Java Applications Against Plaintext Password Storage
10 Minutes
Advanced
LAB 236 – Defending Java Applications Against Sensitive Information in Error Messages
10 Minutes
Advanced
LAB 237 – Defending Java Applications Against SQL Injection
20 Minutes
Advanced
LAB 238 – Defending C# Applications Against Weak AES ECB Mode Encryption
10 Minutes
Advanced
LAB 239 – Defending C# Applications Against Weak PRNG
10 Minutes
Advanced
LAB 240 – Defending Java Applications Against eXternal XML Entity (XXE) Vulnerabilities
10 Minutes
Advanced
LAB 241 – Defending C# Applications Against eXternal XML Entity (XXE) Vulnerabilities
10 Minutes
Advanced
LAB 242 – Defending Node.js Applications Against eXternal XML Entity (XXE) Vulnerabilities
10 Minutes
Advanced
LAB 243 – Defending Python Applications Against eXternal XML Entity (XXE) Vulnerabilities
10 Minutes
Advanced
LAB 244 – Defending Java Applications Against Security Misconfiguration
12 Minutes
Advanced
LAB 245 – Defending Node.js Applications Against Plaintext Password Storage
10 Minutes
Advanced
LAB 246 – Defending Node.js Applications Against Weak AES ECB Mode Encryption
10 Minutes
Advanced
LAB 247 – Defending Node.js Applications Against Weak PRNG
10 Minutes
Advanced
LAB 248 – Defending Node.js Applications Against Parameter Tampering
10 Minutes
Advanced
LAB 249 – Defending Python Applications Against Plaintext Password Storage
10 Minutes
Advanced
LAB 250 – Defending C# Applications Against Parameter Tampering
10 Minutes
Advanced
LAB 251 – Defending C# Applications Against Plaintext Password Storage
10 Minutes
Advanced
LAB 252 – Defending Python Applications Against Weak AES ECB Mode Encryption
10 Minutes
Advanced
LAB 253 – Defending Python Applications Against Weak PRNG
10 Minutes
Advanced
LAB 254 – Defending Python Applications Against Parameter Tampering
10 Minutes
Advanced
LAB 260 – Defending C# Applications Against Sensitive Information in Error Messages
10 Minutes
Advanced
LAB 261 – Defending Python Applications Against Sensitive Information in Error Messages
10 Minutes
Advanced
LAB 262 – Defending Node.js Applications Against Sensitive Information in Error Messages
10 Minutes
Advanced
LAB 263 – Defending Java Applications Against Sensitive Information in Log Files
10 Minutes
Advanced
LAB 264 – Defending Python Applications Against Sensitive Information in Log Files
10 Minutes
Advanced
LAB 265 – Defending Node.js Applications Against Sensitive Information in Log Files
10 Minutes
Advanced
LAB 266 – Defending C# Applications Against Sensitive Information in Log Files
10 Minutes
Advanced
LAB 267 – Defending Java Applications Against Deserialization of Untrusted Data
10 Minutes
Advanced
LAB 268 – Defending Python Applications Against Deserialization of Untrusted Data
10 Minutes
Advanced
LAB 269 – Defending Node.js Applications Against Deserialization of Untrusted Data
10 Minutes
Advanced
LAB 270 – Defending C# Applications Against Deserialization of Untrusted Data
10 Minutes
Advanced
LAB 271 – Defending Java Applications Against SSRF
10 Minutes
Advanced
LAB 272 – Defending Python Applications Against SSRF
10 Minutes
Advanced
LAB 273 – Defending Node.js Applications Against SSRF
10 Minutes
Advanced
LAB 274 – Defending C# Applications Against SSRF
10 Minutes
Advanced
LAB 275 – Defending Java Applications Against Command Injection (NEW)
10 Minutes
Advanced
LAB 276 – Defending Python Applications Against Command Injection (NEW)
10 Minutes
Advanced
LAB 277 – Defending Node.js Applications Against Command Injection (NEW)
10 Minutes
Advanced
LAB 278 – Defending C# Applications Against Command Injection (NEW)
10 Minutes
Advanced
LAB 279 – Defending Java Applications Against Dangerous File Upload (NEW)
10 Minutes
Advanced
LAB 280 – Defending Python Applications Against Dangerous File Upload (NEW)
10 Minutes
Advanced
LAB 281 – Defending Node.js Applications Against Dangerous File Upload (NEW)
10 Minutes
Advanced
LAB 282 – Defending C# Applications Against Dangerous File Upload (NEW)
10 Minutes
Advanced
LAB 283 – Defending Java Applications Against RegEx DoS (NEW)
10 Minutes
Advanced
LAB 284 – Defending Python Applications Against RegEx DoS (NEW)
10 Minutes
Advanced
LAB 285 – Defending Node.js Applications Against RegEx DoS (NEW)
10 Minutes
Advanced
LAB 286 – Defending C# Applications Against RegEx DoS (NEW)
10 Minutes
Advanced
LAB 315 – ATT&CK: Updating Vulnerable Java Web Application Server Software
12 Minutes
Elite
LAB 321 – ATT&CK: Password Cracking
5 Minutes
Elite
LAB 322 – ATT&CK: Exploiting Windows File Sharing Server with External Remote Services
20 Minutes
Elite
LAB 323 – ATT&CK: Exploiting Vulnerable Java Web Application Server Software
12 Minutes
Elite
LAB 324 – ATT&CK: Exploiting Java Web Application Server Misconfiguration
12 Minutes
Elite
LAB 330 – ATT&CK: Exploiting Java SQL Injection to Extract Password Hashes
15 Minutes
Elite
SDT 301 – Testing for Injection
10 Minutes
Elite
SDT 302 – Testing for Identification and Authentication Failures
10 Minutes
Elite
SDT 303 – Testing for Cryptographic Failures
10 Minutes
Elite
SDT 304 – Testing for Insecure Design
10 Minutes
Elite
SDT 305 – Testing for Broken Access Control
10 Minutes
Elite
SDT 306 – Testing for Security Misconfiguration
10 Minutes
Elite
SDT 307 – Testing for Server-Side Request Forgery (SSRF)
10 Minutes
Elite
SDT 308 – Testing for Software and Data Integrity Failures
10 Minutes
Elite
SDT 309 – Testing for Vulnerable and Outdated Components
10 Minutes
Elite
SDT 310 – Testing for Security Logging and Monitoring Failures
10 Minutes
Elite
SDT 314 – Testing for Unrestricted Upload of File with Dangerous Type
15 Minutes
Elite
TST 202 – Penetration Testing Fundamentals
25 Minutes
Advanced
TST 206 – ASVS Requirements for Developers
20 Minutes
Advanced
TST 351 – Penetration Testing for TLS Vulnerabilities
12 Minutes
Elite
TST 352 – Penetration Testing for Injection Vulnerabilities
12 Minutes
Elite
TST 353 – Penetration Testing for SQL Injection
12 Minutes
Elite
TST 355 – Penetration Testing for Authorization Vulnerabilities
12 Minutes
Elite
TST 356 – Penetration Testing for Cross-Site Scripting (XSS)
12 Minutes
Elite