Course Catalog / Subject / Standard

Standard

The Courses

View All Courses Download Course Catalog

LAB 247 Defending Against Weak PRNG (Node.js) (NEW)

LAB 229 Defending Against Weak PRNG (Java) (NEW)

LAB 239 Defending Against Weak PRNG (C#) (NEW)

LAB 246 Defending Against Weak AES ECB Mode Encryption (Node.js) (NEW)

LAB 228 Defending Against Weak AES ECB Mode Encryption (Java) (NEW)

LAB 238 Defending Against Weak AES ECB Mode Encryption (C#) (NEW)

LAB 249 Defending Against Plaintext Password Storage (Python) (NEW)

LAB 245 Defending Against Plaintext Password Storage (Node.js) (NEW)

LAB 235 Defending Against Plaintext Password Storage (Java) (NEW)

LAB 248 Defending Against Parameter Tampering (Node.js) (NEW)

LAB 234 Defending Against Parameter Tampering (Java) (NEW)

LAB 126 Identifying Information Leakage (NEW)

LAB 125 Identifying Buffer Overflow (NEW)

LAB 124 Identifying Horizontal Privilege Escalation (NEW)

LAB 111 Identifying Server-Side Request Forgery (NEW)

CYB 210 Cybersecurity Incident Response (NEW)

DES 313 Hardening a Kubernetes Cluster (NEW)

API 211 Mitigating APIs Broken Object Level Authorization (NEW)

DES 209 Authentication and Lifecycle Management (NEW)

API 210 Mitigating APIs Lack of Resources & Rate Limiting (NEW)

DSO 212 Fundamentals of Zero Trust Security (NEW)

LAB 324 ATT&CK: Exploiting Java Web Application Server Misconfiguration (NEW)

LAB 323 ATT&CK: Exploiting Vulnerable Java Web Application Server Software (NEW)

LAB 315 ATT&CK: Updating Vulnerable Java Web Application Server Software (NEW)

LAB 244 Defending Java Against Security Misconfiguration (NEW)

LAB 243 Defending Python Against eXternal XML Entity (XXE) Vulnerabilities (NEW)

LAB 242 Defending Node.js Against eXternal XML Entity (XXE) Vulnerabilities (NEW)

LAB 241 Defending C# Against eXternal XML Entity (XXE) Vulnerabilities (NEW)

LAB 240 Defending Java Against eXternal XML Entity (XXE) Vulnerabilities (NEW)

LAB 223 Defending Node.js Against SQL Injection (NEW)

LAB 222 Defending Python Against SQL Injection (NEW)

LAB 221 Defending C# Against SQL Injection (NEW)

LAB 123 Identifying Vertical Privilege Escalation (NEW)

LAB 122 Identifying Insecure APIs (NEW)

LAB 121 Identifying Vulnerable and Outdate Components (NEW)

LAB 113 Identifying Cryptographic Failures (NEW)

SDT 310 Testing for Security Logging and Monitoring Failures (NEW)

SDT 309 Testing for Vulnerable and Outdated Components (NEW)

SDT 308 Testing for Software and Data Integrity Failures (NEW)

SDT 307 Testing for Server-Side Request Forgery (SSRF) (NEW)

SDT 306 Testing for Security Misconfiguration (NEW)

SDT 305 Testing for Broken Access Control (NEW)

SDT 304 Testing for Insecure Design (NEW)

SDT 303 Testing for Cryptographic Failures (NEW)

SDT 302 Testing for Identification and Authentication Failures (NEW)

SDT 301 Testing for Injection (NEW)

DES 241 Mitigating OWASP 2021 Security Logging and Monitoring Failures (NEW)

DES 240 Mitigating OWASP 2021 Vulnerable and Outdated Components (NEW)

DES 239 Mitigating OWASP 2021 Software and Data Integrity Failures (NEW)

DES 238 Mitigating OWASP 2021 Server-Side Request Forgery (SSRF) (NEW)

DES 237 Mitigating OWASP 2021 Security Misconfiguration (NEW)

DES 236 Mitigating OWASP 2021 Broken Access Control (NEW)

DES 235 Mitigating OWASP 2021 Insecure Design (NEW)

DES 234 – Mitigating OWASP 2021 Cryptographic Failures (NEW)

DES 233 – Mitigating OWASP 2021 Identification and Authentication Failures (NEW)

DES 232 – Mitigating OWASP 2021 Injection (NEW)

LAB 330 ATT&CK: Exploiting Java SQL Injection to Extract Password Hashes (NEW)

LAB 322 ATT&CK: Exploiting Windows File Sharing Server with External Remote Services (NEW)

LAB 321 ATT&CK: Password Cracking (NEW)

LAB 237 Defending Java from SQL Injection (NEW)

LAB 233 Defending Node.js Against XSS (NEW)

LAB 232 Defending C# Against XSS (NEW)

LAB 231 Defending Python Against XSS (NEW)

LAB 230 Defending Java Against XSS (NEW)

LAB 220 Defending Against Hard-Coded Secrets (NEW)

LAB 120 Identifying XML Injection (NEW)

LAB 119 Identifying Persistent XSS (NEW)

LAB 118 Identifying Weak File Upload Validation (NEW)

LAB 117 Identifying Hidden Form Field (NEW)

LAB 116 Identifying Forceful Browsing (NEW)

LAB 115 Identifying Reflective XSS (NEW)

LAB 114 Identifying Cookie Tampering (NEW)

LAB 110 – Identifying Sensitive Data Exposure Vulnerability Identification

LAB 109 – Identifying Security Misconfiguration Vulnerabilities

LAB 108 – Identifying Reverse Engineering Vulnerabilities

LAB 107 – Identifying Injection Vulnerabilities

LAB 106 – Identifying Cross-Site Scripting Vulnerabilities

LAB 105 – Identifying Credential Dumping: Vulnerability Identification

LAB 104 – Identifying Business Logic Flaw Vulnerabilities

LAB 103 – Identifying Broken User Authentication Vulnerabilities

LAB 102 – Identifying Broken Object-Level Authorization Vulnerabilities

LAB 101 – Identifying Broken Access Control Vulnerabilities

TST 305 – Penetration Testing for Azure Cloud

DES 217 – Securing Terraform Infrastructure and Resources

DES 208 – Defending Against the CSA Top 11 Threats to Cloud Computing

DES 207 – Mitigating OWASP API Security Top 10

TST 304 – Penetration Testing for AWS Cloud

TST 303 – Penetration Testing for Google Cloud Platform

DSO 256 – DevSecOps in the Google Cloud Platform

COD 252 – Securing Google Platform Applications & Data

SDT 325 – Testing for NULL Pointer Dereference

SDT 324 – Testing for Improper Restriction of Operations within the Bounds of a Memory Buffer

SDT 323 – Testing for Improper Input Validation

SDT 322 – Testing for Improper Privilege Management

SDT 321 – Testing for Uncontrolled Resource Consumption

SDT 320 – Testing for Out-of-bounds Write

SDT 319 – Testing for Out-of-bounds Read

SDT 318 – Testing for Insufficiently Protected Credentials

SDT 317 – Testing for Improper Control of Generation of Code

CYB 301 – Fundamentals of Ethical Hacking

SDT 326 – Testing for Use After Free

ATK 201 – Using the MITRE ATT&CK Framework

COD 386 – Preventing Integer Overflows in Java Code

COD 385 – Preventing Race Conditions in Java Code

COD 384 – Protecting Java from Information Disclosure

COD 324 – Protecting C# from XML Injection

COD 319 – Preventing Vulnerabilities in Android Code in Java

COD 315 – Preventing Vulnerabilities in iOS Code in Swift

COD 287 – Java Application Server Hardening

TST 206 – ASVS Requirements for Developers

ENG 212 – Implementing Secure Software Operations

DSO 306 – Implementing Infrastructure as Code

DES 312 – Protecting Cardholder Data

DES 206 – Meeting Cloud Governance and Compliance Requirements

DSO 307 – Secure Secrets Management

COD 286 – Creating Secure React User Interfaces (UPDATED)

COD 285 – Developing Secure Angular Applications

ENG 151 – Fundamentals of Privacy Protection

DSO 305 – Automating CI/CD Pipeline Compliance

DSO 304 – Securing API Gateways in a DevSecOps Framework

DSO 303 – Automating Security Updates

DSO 302- Automated Security Testing

DSO 301 – Orchestrating Secure System and Service Configuration

DSO 211 – Identifying Threats to Containers in a DevSecOps Framework

DSO 206 – Securing the Open Source Supply Chain

DES 282 – OWASP IoT2: Mitigating Insecure Network Services

DES 271 – OWASP M1: Mitigating Improper Platform Usage

DES 272 – OWASP M2: Mitigating Insecure Data Storage

DES 273 – OWASP M3: Mitigating Insecure Communication

DES 274 – OWASP M4: Mitigating Insecure Authentication

DES 275 – OWASP M5: Mitigating Insufficient Cryptography

DES 277 – OWASP M7: Mitigating Client Code Quality

DES 278 – OWASP M8: Mitigating Code Tampering

DES 279 – OWASP M9: Mitigating Reverse Engineering

DES 280 – OWASP M10: Mitigating Extraneous Functionality

DES 281 – OWASP IoT1: Mitigating Weak, Guessable or Hardcoded Passwords

DES 283 – OWASP IoT3: Mitigating Insecure Ecosystem Interfaces

DES 284 – OWASP IoT4: Mitigating Lack of Secure Update Mechanism

DES 285 – OWASP IoT5: Mitigating Use of Insecure or Outdated Components

DES 286 – OWASP IoT6: Mitigating Insufficient Privacy Protection

DES 287 – OWASP IoT7: Mitigating Insecure Data Transfer and Storage

DES 288 – OWASP IoT8: Mitigating Lack of Device Management

DES 289 – OWASP IoT9: Mitigating Insecure Default Settings

DES 276 – OWASP M6: Mitigating Insecure Authorization

DES 290 – OWASP IoT10 Mitigating Lack of Physical Hardening

TST 302 – Application Penetration Testing

TST 301 – Infrastructure Penetration Testing

ENG 354 – Authorizing and Monitoring System Controls within the RMF

ENG 353 – Selecting, Implementing and Assessing Controls within the RMF

ENG 352 – Categorizing Systems and Information within the RMF

DSO 254 – DevSecOps in the Azure Cloud

DSO 253 – DevSecOps in the AWS Cloud

DSO 205 – Securing the COTS Supply Chain

DES 306 – Creating a Secure Blockchain Network

DES 305 – Protecting Existing Blockchain Assets

DES 210 – Hardening Linux/Unix Systems

TST 360 – Penetration Testing for Authentication Vulnerabilities

TST 359 – Penetration Testing Network Infrastructure

TST 358 – Penetration Testing Wireless Networks

TST 357 – Penetration Testing for Hardcoded Secrets

TST 356 – Penetration Testing for Cross-Site Scripting (XSS)

TST 355 – Penetration Testing for Authorization Vulnerabilities

TST 354 – Penetration Testing for Memory Corruption Vulnerabilities

TST 353 – Penetration Testing for SQL Injection

TST 352 – Penetration Testing for Injection Vulnerabilities

TST 351 – Penetration Testing for TLS Vulnerabilities

TST 202 – Penetration Testing Fundamentals

DSO 201 – Fundamentals of Secure DevOps

DES 255 – Securing the IoT Update Process

DES 151 – Fundamentals of the PCI Secure SLC Standard

DES 216 – Protecting Cloud Infrastructure

COD 258 – Creating Secure PHP Web Applications

COD 251 – Defending AJAX-Enabled Web Applications

TST 205 – Performing Vulnerability Scans

ENG 351 – Preparing the Risk Management Framework

ENG 251 – Risk Management Foundations

COD 383 – Protecting Java Backend Services

COD 267 – Securing Python Microservices

COD 309 – Securing ASP.NET MVC Applications

COD 308 – Common ASP.NET MVC Vulnerabilities and Attacks

DES 218 – Protecting Microservices, Containers, and Orchestration

COD 214 – Creating Secure GO Applications

DES 214 – Securing Infrastructure Architecture

DES 215 – Defending Infrastructure

ENG 150 – Meeting Confidentiality, Integrity, and Availability

COD 284 – Secure Java Coding

COD 266 – Secure Ruby Scripting

COD 265 – Secure Python Scripting

COD 249 – PCI DSS 11: Regularly Test Security Systems and Processes

COD 248 – PCI DSS 6: Develop and Maintain Secure Systems and Applications

COD 247 – PCI DSS 4: Encrypting Transmission of Cardholder Data

COD 246 – PCI DSS 3: Protecting Stored Cardholder Data

COD 108 – Software Operations and Maintenance

COD 107 – Secure Software Deployment

COD 106 – The Importance of Software Integration and Testing

COD 105 – Secure Software Development (UPDATED)

COD 104 – Designing Secure Software

COD 103 – Creating Software Security Requirements

COD 102 – The Role of Software Security

SDT 311 – Testing for Integer Overflow or Wraparound

SDT 315 – Testing for Incorrect Permission Assignment for Critical Resource

SDT 312 – Testing for (Path Traversal) Improper Limitation of a Pathname to a Restricted Directory

SDT 313 – Testing for (CSRF) Cross Site Request Forgery

SDT 314 – Testing for Unrestricted Upload of File with Dangerous Type

SDT 316- Testing for Use of Hard-Coded Credentials

TST 101 – Fundamentals of Security Testing

ENG 312 – How to Perform a Security Code Review

ENG 311 – Attack Surface Analysis & Reduction

ENG 211 – How to Create Application Security Design Requirements

ENG 205 – Fundamentals of Threat Modeling

ENG 195 – Implementing the Microsoft SDL Threat Modeling Tool

ENG 194 – Implementing Microsoft SDL Line of Business

ENG 193 – Implementing the Microsoft SDL Optimization Model

ENG 192- Implementing the Agile Microsoft SDL

ENG 191 – Introduction to the Microsoft SDL

ENG 127 – Essential Media Protection

ENG 126 – Essential Security Maintenance Policies

ENG 125 – Essential Data Protection

ENG 124 – Essential Application Protection

ENG 123 – Essential Security Engineering Principles

ENG 122 – Essential Physical & Environmental Protection

ENG 121 – Essential Identification & Authentication

ENG 120 – Essential Security Assessment & Authorization

ENG 119 – Essential Security Audit & Accountability

ENG 118 – Essential Incident Response

ENG 117 – Essential Information Security Program Planning

ENG 116 – Essential Security Planning Policy & Procedures

ENG 115 – Essential System & Information Integrity

ENG 114 – Essential Risk Assessment

ENG 113 – Essential Secure Configuration Management

ENG 112 – Essential Access Control for Mobile Devices

ENG 111 – Essential Session Management Security

ENG 110 – Essential Account Management Security

DES 311 – Creating Secure Application Architecture

DES 260 – Fundamentals of IoT Architecture & Design

DES 212 – Architecture Risk Analysis & Remediation

DES 205 – Message Integrity Cryptographic Functions

DES 204 – Role of Cryptography in Application Development

DES 203 – Cryptographic Components: Randomness, Algorithms, and Key Management

DES 202 – Cryptographic Suite Services: Encoding, Encrypting & Hashing

DES 101 – Fundamentals of Secure Architecture

COD 382 – Protecting Data in Java

COD 381 – Preventing Path Traversal Attacks in Java

COD 380 – Preventing SQL Injection in Java

COD 364 – Securing HTML5 Connectivity

COD 363- Securing HTML5 Data

COD 362 – HTML5 Built in Security Features

COD 361 – HTML5 Secure Threats

COD 352 – Creating Secure JavaScript and jQuery Code

COD 323 – Using Encryption with C#

COD 322 – Protecting C# from SQL Injection

COD 321 – Protecting C# from Integer Overflows & Canonicalization

COD 318 – Protecting Data on Android in Java

COD 317 – Protecting Data on iOS in Swift

COD 316 – Creating Secure iOS Code in Objective C

COD 307 – Protecting Data in C++

COD 303 – Common C Vulnerabilities & Attacks

COD 302 -Secure C Memory Management

COD 301 – Secure C Buffer Overflow Mitigations

COD 283 – Java Cryptography

COD 281 – Java Security Model

COD 270 – Creating Secure COBOL & Mainframe Applications

COD 264 – Secure Perl Scripting

COD 263 – Secure Bash Scripting

COD 262 – Fundamentals of Shell and Interpreted Language Security

COD 261 – Threats to Scripts

COD 259 – Node.js Threats & Vulnerabilities

COD 257 – Creating Secure Python Web Applications

COD 256 – Creating Secure Code: Ruby on Rails Foundations

COD 255 – Creating Secure Code: Web API Foundations

COD 254 – Creating Secure Azure Applications

COD 253 – Creating Secure AWS Cloud Applications

COD 242 – Creating Secure SQL Server & Azure SQL DB Applications

COD 241 – Creating Secure Oracle DB Applications

COD 219 – Creating Secure Code: SAP ABAP Foundations

COD 217 – Mitigating .NET Security Threats

COD 216 – Leveraging .NET Framework Code Access Security (CAS)

COD 207 – Communication Security in C++

COD 206 – Creating Secure C++ Code

COD 202 – Secure C Runtime Protection

COD 201 – Secure C Encrypted Network Communications

COD 170 – Identifying Threats to Mainframe COBOL Applications & Data

COD 160 -Fundamentals of Secure Embedded Software Development

COD 152 – Fundamentals of Secure Cloud Development

COD 141 – Fundamentals of Database Security

COD 110 – Fundamentals of Secure Mobile Development

AWA 102 – Secure Software Concepts (UPDATED)

AWA 101 – Fundamentals of Application Security