Course Catalog / Subject / Web

Web

View All Courses Download Course Catalog

LAB 274 – Defending C# Applications Against SSRF (NEW)

LAB 273 – Defending Node.js Applications Against SSRF (NEW)

LAB 272 – Defending Python Applications Against SSRF (NEW)

LAB 271 – Defending Java Applications Against SSRF (NEW)

LAB 270 – Defending C# Applications Against Deserialization of Untrusted Data (NEW)

LAB 269 – Defending Node.js Applications Against Deserialization of Untrusted Data (NEW)

LAB 268 – Defending Python Applications Against Deserialization of Untrusted Data (NEW)

LAB 267 – Defending Java Applications Against Deserialization of Untrusted Data (NEW)

LAB 266 – Defending C# Applications Against Sensitive Information in Log Files (NEW)

LAB 265 – Defending Node.js Applications Against Sensitive Information in Log Files (NEW)

LAB 264 – Defending Python Applications Against Sensitive Information in Log Files (NEW)

LAB 263 – Defending Java Applications Against Sensitive Information in Log Files (NEW)

LAB 132 – Identifying Exposed Services (NEW)

LAB 131 – Identifying Improper Restriction of XML External Entity Reference (NEW)

LAB 262 – Defending Node.js Applications Against Sensitive Information in Error Messages

LAB 261 – Defending Python Applications Against Sensitive Information in Error Messages

LAB 260 – Defending C# Applications Against Sensitive Information in Error Messages

LAB 236 – Defending Java Applications Against Sensitive Information in Error Messages

LAB 130 – Identifying Generation of Predictable Numbers or Identifiers

LAB 129 – Identifying Error Message Containing Sensitive Information

LAB 128 – Identifying Unverified Password Change

LAB 127 – Identifying Security Logging and Monitoring Failures

API 213 – Mitigating APIs Mass Assignment

API 214 – Mitigating APIs Improper Asset Management

LAB 253 – Defending Python Applications Against Weak PRNG

LAB 247 – Defending Node.js Applications Against Weak PRNG

LAB 229 – Defending Java Applications Against Weak PRNG

LAB 239 – Defending C# Applications Against Weak PRNG

LAB 252 – Defending Python Applications Against Weak AES ECB Mode Encryption

LAB 246 – Defending Node.js Applications Against Weak AES ECB Mode Encryption

LAB 228 – Defending Java Applications Against Weak AES ECB Mode Encryption

LAB 238 – Defending C# Applications Against Weak AES ECB Mode Encryption

LAB 249 – Defending Python Applications Against Plaintext Password Storage

LAB 245 – Defending Node.js Applications Against Plaintext Password Storage

LAB 235 – Defending Java Applications Against Plaintext Password Storage

LAB 251 – Defending C# Applications Against Plaintext Password Storage

LAB 254 – Defending Python Applications Against Parameter Tampering

LAB 248 – Defending Node.js Applications Against Parameter Tampering

LAB 234 – Defending Java Applications Against Parameter Tampering

LAB 250 – Defending C# Applications Against Parameter Tampering

LAB 126 – Identifying Information Leakage

LAB 125 – Identifying Buffer Overflow

LAB 124 – Identifying Horizontal Privilege Escalation

LAB 111 – Identifying Server-Side Request Forgery

API 211 – Mitigating APIs Broken Object Level Authorization

API 210 – Mitigating APIs Lack of Resources & Rate Limiting

LAB 324 ATT&CK: Exploiting Java Web Application Server Misconfiguration

LAB 323 ATT&CK: Exploiting Vulnerable Java Web Application Server Software

LAB 315 ATT&CK: Updating Vulnerable Java Web Application Server Software

LAB 244 – Defending Java Applications Against Security Misconfiguration

LAB 243 – Defending Python Applications Against eXternal XML Entity (XXE) Vulnerabilities

LAB 242 – Defending Node.js Applications Against eXternal XML Entity (XXE) Vulnerabilities

LAB 241 – Defending C# Applications Against eXternal XML Entity (XXE) Vulnerabilities

LAB 240 – Defending Java Applications Against eXternal XML Entity (XXE) Vulnerabilities

LAB 223 – Defending Node.js Applications Against SQL Injection

LAB 222 – Defending Python Applications Against SQL Injection

LAB 221 – Defending C# Applications Against SQL Injection

LAB 121 – Identifying Vulnerable and Outdate Components

LAB 113 – Identifying Cryptographic Failures

SDT 310 – Testing for Security Logging and Monitoring Failures

SDT 309 – Testing for Vulnerable and Outdated Components

SDT 308 – Testing for Software and Data Integrity Failures

SDT 307 – Testing for Server-Side Request Forgery (SSRF)

SDT 306 – Testing for Security Misconfiguration

SDT 305 – Testing for Broken Access Control

SDT 304 – Testing for Insecure Design

SDT 303 – Testing for Cryptographic Failures

SDT 302 – Testing for Identification and Authentication Failures

SDT 301 – Testing for Injection

DES 241 – Mitigating OWASP 2021 Security Logging and Monitoring Failures

DES 240 – Mitigating OWASP 2021 Vulnerable and Outdated Components

DES 239 – Mitigating OWASP 2021 Software and Data Integrity Failures

DES 238 – Mitigating OWASP 2021 Server-Side Request Forgery (SSRF)

DES 237 – Mitigating OWASP 2021 Security Misconfiguration

DES 236 – Mitigating OWASP 2021 Broken Access Control

DES 235 – Mitigating OWASP 2021 Insecure Design

DES 234 – Mitigating OWASP 2021 Cryptographic Failures

DES 233 – Mitigating OWASP 2021 Identification and Authentication Failures

DES 232 – Mitigating OWASP 2021 Injection

LAB 330 ATT&CK: Exploiting Java SQL Injection to Extract Password Hashes

LAB 322 ATT&CK: Exploiting Windows File Sharing Server with External Remote Services

LAB 321 ATT&CK: Password Cracking

LAB 237 – Defending Java Applications Against SQL Injection

LAB 233 – Defending Node.js Applications Against XSS

LAB 232 – Defending C# Applications Against XSS

LAB 231 – Defending Python Applications Against XSS

LAB 230 – Defending Java Applications Against XSS

LAB 220 – Defending Against Hard-Coded Secrets

LAB 120 – Identifying XML Injection

LAB 119 – Identifying Persistent XSS

LAB 118 – Identifying Weak File Upload Validation

LAB 117 – Identifying Hidden Form Field

LAB 116 – Identifying Forceful Browsing

LAB 115 – Identifying Reflective XSS

LAB 114 – Identifying Cookie Tampering

LAB 110 – Identifying Sensitive Data Exposure Vulnerability Identification

LAB 109 – Identifying Security Misconfiguration Vulnerabilities

LAB 108 – Identifying Reverse Engineering Vulnerabilities

LAB 107 – Identifying Injection Vulnerabilities

LAB 106 – Identifying Cross-Site Scripting Vulnerabilities

LAB 105 – Identifying Credential Dumping: Vulnerability Identification

LAB 104 – Identifying Business Logic Flaw Vulnerabilities

LAB 103 – Identifying Broken User Authentication Vulnerabilities

LAB 102 – Identifying Broken Object-Level Authorization Vulnerabilities

LAB 101 – Identifying Broken Access Control Vulnerabilities

DES 208 – Defending Against the CSA Top 11 Threats to Cloud Computing

DES 207 – Mitigating OWASP API Security Top 10

COD 386 – Preventing Integer Overflows in Java Code

COD 385 – Preventing Race Conditions in Java Code

COD 384 – Protecting Java from Information Disclosure

COD 324 – Protecting C# from XML Injection

COD 287 – Java Application Server Hardening

TST 206 – ASVS Requirements for Developers

ENG 354 – Authorizing and Monitoring System Controls within the RMF

ENG 353 – Selecting, Implementing and Assessing Controls within the RMF

DSO 254 – DevSecOps in the Azure Cloud

DSO 253 – DevSecOps in the AWS Cloud

DSO 205 – Securing the COTS Supply Chain

DES 306 – Creating a Secure Blockchain Network

DES 305 – Protecting Existing Blockchain Assets

DES 210 – Hardening Linux/Unix Systems

TST 356 – Penetration Testing for Cross-Site Scripting (XSS)

TST 355 – Penetration Testing for Authorization Vulnerabilities

TST 353 – Penetration Testing for SQL Injection

TST 352 – Penetration Testing for Injection Vulnerabilities

TST 351 – Penetration Testing for TLS Vulnerabilities

TST 202 – Penetration Testing Fundamentals

DES 216 – Protecting Cloud Infrastructure (UPDATED)

COD 258 – Creating Secure PHP Web Applications

COD 251 – Defending AJAX-Enabled Web Applications

COD 309 – Securing ASP.NET MVC Applications

COD 308 – Common ASP.NET MVC Vulnerabilities and Attacks

ENG 150 – Meeting Confidentiality, Integrity, and Availability

COD 284 – Secure Java Coding

COD 249 – PCI DSS 11: Regularly Test Security Systems and Processes

COD 248 – PCI DSS 6: Develop and Maintain Secure Systems and Applications

COD 247 – PCI DSS 4: Encrypting Transmission of Cardholder Data

COD 246 – PCI DSS 3: Protecting Stored Cardholder Data

SDT 314 – Testing for Unrestricted Upload of File with Dangerous Type

ENG 195 – Implementing the Microsoft SDL Threat Modeling Tool

ENG 194 – Implementing Microsoft SDL Line of Business

ENG 193 – Implementing the Microsoft SDL Optimization Model

ENG 192 – Implementing the Agile Microsoft SDL

ENG 191 – Introduction to the Microsoft SDL

COD 382 – Protecting Data in Java

COD 381 – Preventing Path Traversal Attacks in Java

COD 380 – Preventing SQL Injection in Java

COD 364 – Securing HTML5 Connectivity

COD 363 – Securing HTML5 Data

COD 362 – HTML5 Built in Security Features

COD 361 – HTML5 Secure Threats

COD 322 – Protecting C# from SQL Injection

COD 283 – Java Cryptography

COD 281 – Java Security Model

COD 257 – Creating Secure Python Web Applications

COD 256 – Creating Secure Code: Ruby on Rails Foundations

COD 255 – Creating Secure Code: Web API Foundations

COD 217 – Mitigating .NET Security Threats

COD 216 – Leveraging .NET Framework Code Access Security (CAS)

COD 202 – Secure C Runtime Protection