Course Catalog / Subject / Standard

Standard

The Courses

View All Courses Download Course Catalog

ENG 354 – Authorizing and Monitoring System Controls within the RMF (Coming Soon)

.20 Minutes

ENG 353 – Selecting, Implementing and Assessing Controls within the RMF (Coming Soon)

ENG 352 – Categorizing Systems and Information within the RMF (Coming Soon)

TST 360 – Penetration Testing for Authentication Vulnerabilities (Coming Soon)

TST 359 – Penetration Testing Network Infrastructure (Coming Soon)

TST 358 – Penetration Testing Wireless Networks (Coming Soon)

TST 357 – Penetration Testing for Hardcoded Secrets (Coming Soon)

TST 356 – Penetration Testing for Cross-Site Scripting (XSS) (Coming Soon)

TST 355 – Penetration Testing for Authorization Vulnerabilities (Coming Soon)

TST 354 – Penetration Testing for Memory Corruption Vulnerabilities (Coming Soon)

TST 353 – Penetration Testing for SQL Injection

TST 352 – Penetration Testing for Injection Vulnerabilities (Coming Soon)

TST 351 – Penetration Testing for TLS Vulnerabilities (Coming Soon)

TST 202 – Penetration Testing Fundamentals (Coming Soon)

DS0 201 – Fundamentals of Secure DevOps (Coming Soon)

DES 255 – Securing the IoT Update Process (Coming Soon)

DES 151 – Fundamentals of the PCI Secure SLC Standard (Coming Soon)

TST 201 – Testing for CWE SANS Top 25 Software Errors

DES 216 – Protecting Cloud Infrastructure (New)

COD 258 – Creating Secure PHP Web Applications (NEW)

COD 251 – Defending AJAX-Enabled Web Applications (NEW)

TST 205 – Performing Vulnerability Scans (New)

ENG 351 – Preparing the Risk Management Framework (New)

ENG 251 – Risk Management Foundations (New)

COD 383 – Protecting Java Backend Services (New)

COD 267 – Securing Python Microservices (New)

COD 309 – Securing ASP.NET MVC Applications (New)

COD 308 – Common ASP.NET MVC Vulnerabilities and Attacks (New)

DES 218 – Protecting Microservices, Containers, and Orchestration (New)

COD 214 – Creating Secure GO Applications (NEW)

DES 214 – Securing Infrastructure Architecture (NEW)

DES 215 – Defending Infrastructure (NEW)

ENG 150 – Meeting Confidentiality, Integrity, and Availability (NEW)

COD 284 – Secure Java Coding (NEW)

COD 266 – Secure Ruby Scripting (NEW)

COD 265 – Secure Python Scripting (NEW)

COD 249 – PCI DSS 11: Regularly Test Security Systems and Processes (NEW)

COD 248 – PCI DSS 6: Develop and Maintain Secure Systems and Applications (NEW)

COD 247 – PCI DSS 4: Encrypting Transmission of Cardholder Data (NEW)

COD 246 – PCI DSS 3: Protecting Stored Cardholder Data (NEW)

COD 108 – Software Operations and Maintenance (NEW)

COD 107 – Secure Software Deployment (NEW)

COD 106 – The Importance of Software Integration and Testing (NEW)

COD 105 – Secure Software Development (NEW)

COD 104 – Designing Secure Software (NEW)

COD 103 – Creating Software Security Requirements (NEW)

COD 102 – The Role of Software Security (NEW)

Protecting Sensitive Data while Scripting

TST 275 – Testing for Use of a One-way Hash without a Salt (CWE-759)

TST 274 – Testing for Integer Overflow or Wraparound (CWE-190)

TST 273 – Testing for Uncontrolled Format String (CWE-134)

TST 272 – Testing for Open Redirect (CWE-601)

TST 271 – Testing for Improper Restriction of Excessive Authentication Attempts (CWE-307)

TST 270 – Testing for Incorrect Calculation of Buffer Size (CWE-131)

TST 269 – Testing for Use of a Broken or Risky Cryptographic Algorithm (CWE-327)

TST 268 – Testing for Use of a Potentially Dangerous Function (CWE-676)

TST 267 – Testing for Incorrect Permission Assignment for Critical Resource (CWE-732)

TST 266 – Testing for Inclusion of Functionality from Untrusted Control Sphere (CWE-829)

TST 265 – Testing for Incorrect Authorization (CWE-863)

TST 264 – Testing for Download of Code without Integrity Check (CWE-494)

TST 263 – Testing for Path Traversal (CWE-22)

TST 262 – Testing for Cross Site Request Forgery (CSRF): CWE-352

TST 261 – Testing for Execution with Unnecessary Privileges (CWE-250)

TST 260 – Testing for Reliance on Untrusted Inputs in a Security Decision (CWE-807)

TST 259 – Testing for Unrestricted Upload of File with Dangerous Type (CWE-434)

TST 258 – Testing for Missing Encryption of Sensitive Data (CWE-311)

TST 257 – Testing for Use of Hard-Coded Credentials (CWE-798)

TST 256 – Testing for Missing Authorization (CWE-862)

TST 255 – Testing for Missing Authentication for Critical Function (CWE-306)

TST 254 – Testing for Cross-site Scripting (CWE-79)

TST 253 – Testing for Classic Buffer Overflow (CWE-120)

TST 252 – Testing for OS Command Injection (CWE-78)

TST 251 – Testing for SQL Injection (CWE-89)

TST 231 – Testing for OWASP 2017: Insufficient Logging & Monitoring

TST 230 – Testing for OWASP 2017: Use of Components with Known Vulnerabilities

TST 229 – Testing for OWASP 2017: Insecure Deserialization

TST 228 – Testing for OWASP 2017: Cross Site Scripting (XSS)

TST 227 – Testing for OWASP 2017: Security Misconfiguration

TST 226 – Testing for OWASP 2017: Broken Access Control

TST 225 – Testing for OWASP 2017: XML External Entities

TST 224 – Testing for OWASP 2017: Sensitive Data Exposure

TST 223 – Testing for OWASP 2017: Broken Authentication

TST 222 – Testing for OWASP 2017: Injection

TST 101 – Fundamentals of Security Testing (UPDATED)

ENG 312 – How to Perform a Security Code Review (Updated)

ENG 311 – Attack Surface Analysis & Reduction (Updated)

ENG 211 – How to Create Application Security Design Requirements (Updated)

ENG 205 – Fundamentals of Threat Modeling (Updated)

ENG 195 – Implementing the Microsoft SDL Threat Modeling Tool

ENG 194 – Implementing Microsoft SDL Line of Business

ENG 193 – Implementing the Microsoft SDL Optimization Model

ENG 192- Implementing the Agile Microsoft SDL

ENG 191 – Introduction to the Microsoft SDL

ENG 127 – Essential Media Protection

ENG 126 – Essential Security Maintenance Policies

ENG 125 – Essential Data Protection

ENG 124 – Essential Application Protection

ENG 123 – Essential Security Engineering Principles

ENG 122 – Essential Physical & Environmental Protection

ENG 121 – Essential Identification & Authentication

ENG 120 – Essential Security Assessment & Authorization

ENG 119 – Essential Security Audit & Accountability

ENG 118 – Essential Incident Response

ENG 117 – Essential Information Security Program Planning

ENG 116 – Essential Security Planning Policy & Procedures

ENG 115 – Essential System & Information Integrity

ENG 114 – Essential Risk Assessment

ENG 113 – Essential Secure Configuration Management

ENG 112 – Essential Access Control for Mobile Devices

ENG 111 Essential Session Management Security

ENG 110 – Essential Account Management Securitiy

DES 352 – Creating Secure Over the Air (OTA) Updates

DES 311 – Creating Secure Application Architecture (Updated)

DES 260 – Fundamentals of IoT Architecture & Design

DES 231 – Applying OWASP 2017: Mitigating Insufficient Logging & Monitoring Vulnerabilities

DES 230 – Applying OWASP 2017: Mitigating Use of Components with Known Vulnerabilities

DES 229 – Applying OWASP 2017: Mitigating Insecure Deserialization

DES 228 – Applying OWASP 2017: Mitigating Cross Site Scripting (XSS)

DES 227 – Applying OWASP 2017: Mitigating Security Misconfiguration

DES 226 – Applying OWASP 2017: Mitigating Broken Access Control

DES 225 – Applying OWASP 2017: Mitigating XML External Entities

DES 224 – Applying OWASP 2017: Mitigating Sensitive Data Exposure

DES 223 – Applying OWASP 2017: Mitigating Broken Authentication

DES 222 – Applying OWASP 2017: Mitigating Injection

DES 217 – Application, Technical & Physical Access Controls

DES 212 – Architecture Risk Analysis & Remediation (Updated)

DES 205 – Message Integrity Cryptographic Functions

DES 204 – Role of Cryptography in Application Development

DES 203 – Cryptographic Components: Randomness, Algorithms, and Key Management

DES 202 – Cryptographic Suite Services: Encoding, Encrypting & Hashing

DES 101 – Fundamentals of Secure Architecture (Updated)

COD 382 – Protecting Data in Java

COD 381 – Protecting Java Code: Canonicalization, Information Disclosure and TOCTOU

COD 380 – Protecting Java Code: SQLi & Integer Overflows

COD 364 – Securing HTML5 Connectivity

COD 363- Securing HTML5 Data

COD 362 – HTML5 Built in Security Features

COD 361 – HTML5 Secure Threats

COD 352 – Creating Secure JavaScript and jQuery Code (Updated)

COD 323 – Protecting Data in C#

COD 322 – Protecting C# from SQL & XML Injection

COD 321 – Protecting C# from Integer Overflows & Canonicalization

COD 318 – Creating Secure Android Code in Java (Updated)

COD 317 – Creating Secure iOS Code in Swift (Updated)

COD 316 – Creating Secure iOS Code in Objective C

COD 307 – Protecting Data in C++

COD 303 – Common C Vulnerabilities & Attacks

COD 302 -Secure C Memory Management

COD 301 – Secure C Buffer Overflow Mitigations

COD 283 – Java Cryptography (UPDATED)

COD 282 – Java Authentication & Authorization

COD 281 – Java Security Model

COD 270 – Creating Secure COBOL & Mainframe Applications

COD 264 – Secure Perl Scripting (NEW)

COD 263 – Secure Bash Scripting (NEW)

COD 262 – Fundamentals of Shell and Interpreted Language Security (UPDATED)

COD 261 – Threats to Scripts (UPDATED)

COD 259 – Node.js Threats & Vulnerabilities

COD 257 – Creating Secure Python Web Applications (Updated)

COD 256 – Creating Secure Code: Ruby on Rails Foundations (Updated)

COD 255 – Creating Secure Code: Web API Foundations

120 Minutes

COD 254 – Creating Secure Azure Applications (Updated)

COD 253 – Creating Secure AWS Cloud Applications (Updated)

COD 242 – Creating Secure SQL Server & Azure SQL DB Applications (Updated)

COD 241 – Creating Secure Oracle DB Applications

COD 237 – Defending Mobile App Code

COD 236 – Mobile App Authentication & Authorization

COD 235 – Defending Mobile Data with Cryptography

COD 234 – Mobile Threats & Mitigations

COD 230 – Insecure IoT Firmware (UPDATED)

COD 229 – Insecure IoT Mobile Interface (UPDATED)

COD 228 – Insecure IoT Communications (UPDATED)

COD 227 – Insecure IoT Network Services (UPDATED)

COD 226 – Insecure IoT Authentication & Authorization (UPDATED)

COD 225 – Insecure IoT Web Interfaces (UPDATED)

COD 222 – PCI DSS v3.2 Best Practices for Developers

COD 219 – Creating Secure Code: SAP ABAP Foundations

COD 217 – Mitigating .NET Security Threats

COD 216 – Leveraging .NET Framework Code Access Security (CAS)

COD 207 – Communication Security in C++

COD 206 – Creating Secure C++ Code

COD 202 – Secure C Runtime Protection

COD 201 – Secure C Encrypted Network Communications

COD 170 – Identifying Threats to Mainframe COBOL Applications & Data

COD 160 -Fundamentals of Secure Embedded Software Development (Updated)

COD 152 – Fundamentals of Secure Cloud Development (Updated)

COD 141 – Fundamentals of Database Security (Updated)

COD 110 – Fundamentals of Secure Mobile Development (Updated)

AWA 102 – Secure Software Concepts

AWA 019 – Travel Security

AWA 018 – Social Engineering Awareness

AWA 017 – Physical Security

AWA 016 – Phishing Awareness

AWA 015 – PCI Compliance

AWA 014 – Password Security

AWA 013 – Mobile Security

AWA 012 – Malware Awareness

AWA 101 – Fundamentals of Application Security (UPDATED)

AWA 010 – Email Security

AWA 009 – Information Privacy: Protecting Data

AWA 008 – Information Privacy: Classifying Data

AWA 007 – Information Privacy & Security Awareness for Executives