Course Catalog / Subject / Standard

Standard

The Courses

View All Courses Download Course Catalog

ENG 151 – Fundamentals of Privacy Protection (Coming Soon)

DSO 305 – Automating CI/CD Pipeline Compliance (Coming Soon)

DSO 304 – Securing API Gateways in a DevSecOps Framework (Coming Soon)

DSO 303 – Automating Security Updates (Coming Soon)

DSO 302- Automated Security Testing (Coming Soon)

DSO 301 – Automating Secure Configuration Management (Coming Soon)

DSO 211 – Identifying Threats to Containers in a DevSecOps Framework (Coming Soon)

DSO 206 – Securing the Open Source Supply Chain (Coming Soon)

DES 282 – OWASP IoT2: Mitigating Insecure Network Services (NEW)

DES 271 – OWASP M1: Mitigating Improper Platform Usage (NEW)

DES 272 – OWASP M2: Mitigating Insecure Data Storage (NEW)

DES 273 – OWASP M3: Mitigating Insecure Communication (NEW)

DES 274 – OWASP M4: Mitigating Insecure Authentication (NEW)

DES 275 – OWASP M5: Mitigating Insufficient Cryptography (NEW)

DES 277 – OWASP M7: Mitigating Client Code Quality (NEW)

DES 278 – OWASP M8: Mitigating Code Tampering (NEW)

DES 279 – OWASP M9: Mitigating Reverse Engineering (NEW)

DES 280 – OWASP M10: Mitigating Extraneous Functionality (NEW)

DES 281 – OWASP IoT1: Mitigating Weak, Guessable or Hardcoded Passwords (NEW)

DES 283 – OWASP IoT3: Mitigating Insecure Ecosystem Interfaces (NEW)

DES 284 – OWASP IoT4: Mitigating Lack of Secure Update Mechanism (NEW)

DES 285 – OWASP IoT5: Mitigating Use of Insecure or Outdated Components (NEW)

DES 286 – OWASP IoT6: Mitigating Insufficient Privacy Protection (NEW)

DES 287 – OWASP IoT7: Mitigating Insecure Data Transfer and Storage (NEW)

DES 288 – OWASP IoT8: Mitigating Lack of Device Management (NEW)

DES 289 – OWASP IoT9: Mitigating Insecure Default Settings (NEW)

DES 276 – OWASP M6: Mitigating Insecure Authorization (NEW)

DES 290 – OWASP IoT10 Mitigating Lack of Physical Hardening (NEW)

TST 302 – Application Penetration Testing (NEW)

TST 301 – Infrastructure Penetration Testing (NEW)

ENG 354 – Authorizing and Monitoring System Controls within the RMF (NEW)

ENG 353 – Selecting, Implementing and Assessing Controls within the RMF (NEW)

ENG 352 – Categorizing Systems and Information within the RMF (NEW)

DSO 254 – DevSecOps in the Azure Cloud (NEW)

DSO 253 – DevSecOps in the AWS Cloud (NEW)

DSO 205 – Securing the COTS Supply Chain (NEW)

DES 306 – Creating a Secure Blockchain Network (NEW)

DES 305 – Protecting Existing Blockchain Assets (NEW)

DES 210 – Hardening Linux/Unix Systems (NEW)

TST 360 – Penetration Testing for Authentication Vulnerabilities

TST 359 – Penetration Testing Network Infrastructure

TST 358 – Penetration Testing Wireless Networks

TST 357 – Penetration Testing for Hardcoded Secrets

TST 356 – Penetration Testing for Cross-Site Scripting (XSS)

TST 355 – Penetration Testing for Authorization Vulnerabilities

TST 354 – Penetration Testing for Memory Corruption Vulnerabilities

TST 352 – Penetration Testing for Injection Vulnerabilities

TST 351 – Penetration Testing for TLS Vulnerabilities

TST 202 – Penetration Testing Fundamentals

DSO 201 – Fundamentals of Secure DevOps

DES 255 – Securing the IoT Update Process

DES 151 – Fundamentals of the PCI Secure SLC Standard

TST 201 – Testing for CWE SANS Top 25 Software Errors

DES 216 – Protecting Cloud Infrastructure

COD 258 – Creating Secure PHP Web Applications

COD 251 – Defending AJAX-Enabled Web Applications

TST 205 – Performing Vulnerability Scans

ENG 351 – Preparing the Risk Management Framework

ENG 251 – Risk Management Foundations

COD 383 – Protecting Java Backend Services

COD 267 – Securing Python Microservices

COD 309 – Securing ASP.NET MVC Applications

COD 308 – Common ASP.NET MVC Vulnerabilities and Attacks

DES 218 – Protecting Microservices, Containers, and Orchestration

COD 214 – Creating Secure GO Applications

DES 214 – Securing Infrastructure Architecture

DES 215 – Defending Infrastructure

ENG 150 – Meeting Confidentiality, Integrity, and Availability

COD 284 – Secure Java Coding

COD 266 – Secure Ruby Scripting

COD 265 – Secure Python Scripting

COD 249 – PCI DSS 11: Regularly Test Security Systems and Processes

COD 248 – PCI DSS 6: Develop and Maintain Secure Systems and Applications

COD 247 – PCI DSS 4: Encrypting Transmission of Cardholder Data

COD 246 – PCI DSS 3: Protecting Stored Cardholder Data

COD 108 – Software Operations and Maintenance

COD 107 – Secure Software Deployment

COD 106 – The Importance of Software Integration and Testing

COD 105 – Secure Software Development

COD 104 – Designing Secure Software

COD 103 – Creating Software Security Requirements

COD 102 – The Role of Software Security

COD 350 – Testing for Use of a One-way Hash without a Salt (CWE-759)

COD 349 – Testing for Integer Overflow or Wraparound (CWE-190)

COD 348 – Testing for Uncontrolled Format String (CWE-134)

COD 347 – Testing for Open Redirect (CWE-601)

COD 346 – Testing for Improper Restriction of Excessive Authentication Attempts (CWE-307)

COD 345 – Testing for Incorrect Calculation of Buffer Size (CWE-131)

COD 344 – Testing for Use of a Broken or Risky Cryptographic Algorithm (CWE-327)

COD 343 – Testing for Use of a Potentially Dangerous Function (CWE-676)

COD 342 – Testing for Incorrect Permission Assignment for Critical Resource (CWE-732)

COD 341 – Testing for Inclusion of Functionality from Untrusted Control Sphere (CWE-829)

COD 340 – Testing for Incorrect Authorization (CWE-863)

COD 339 – Testing for Download of Code without Integrity Check (CWE-494)

COD 338 – Testing for Path Traversal (CWE-22)

COD 337 – Testing for Cross Site Request Forgery (CSRF): CWE-352

COD 336 – Testing for Execution with Unnecessary Privileges (CWE-250)

COD 335 – Testing for Reliance on Untrusted Inputs in a Security Decision (CWE-807)

COD 334 – Testing for Unrestricted Upload of File with Dangerous Type (CWE-434)

COD 333 – Testing for Missing Encryption of Sensitive Data (CWE-311)

COD 332 – Testing for Use of Hard-Coded Credentials (CWE-798)

COD 331 – Testing for Missing Authorization (CWE-862)

COD 330 – Testing for Missing Authentication for Critical Function (CWE-306)

COD 329 – Testing for Cross-site Scripting (CWE-79)

COD 328 – Testing for Classic Buffer Overflow (CWE-120)

COD 327 – Testing for OS Command Injection (CWE-78)

COD 326 – Testing for SQL Injection (CWE-89)

COD 379 – Testing for OWASP 2017: Insufficient Logging & Monitoring

COD 378 – Testing for OWASP 2017: Use of Components with Known Vulnerabilities

COD 377 – Testing for OWASP 2017: Insecure Deserialization

COD 376 – Testing for OWASP 2017: Cross Site Scripting (XSS)

COD 375 – Testing for OWASP 2017: Security Misconfiguration

COD 374 – Testing for OWASP 2017: Broken Access Control

COD 373 – Testing for OWASP 2017: XML External Entities

COD 372 – Testing for OWASP 2017: Sensitive Data Exposure

COD 371 – Testing for OWASP 2017: Broken Authentication

COD 370- Testing for OWASP 2017: Injection

TST 101 – Fundamentals of Security Testing

ENG 312 – How to Perform a Security Code Review

ENG 311 – Attack Surface Analysis & Reduction

ENG 211 – How to Create Application Security Design Requirements

ENG 205 – Fundamentals of Threat Modeling

ENG 195 – Implementing the Microsoft SDL Threat Modeling Tool

ENG 194 – Implementing Microsoft SDL Line of Business

ENG 193 – Implementing the Microsoft SDL Optimization Model

ENG 192- Implementing the Agile Microsoft SDL

ENG 191 – Introduction to the Microsoft SDL

ENG 127 – Essential Media Protection

ENG 126 – Essential Security Maintenance Policies

ENG 125 – Essential Data Protection

ENG 124 – Essential Application Protection

ENG 123 – Essential Security Engineering Principles

ENG 122 – Essential Physical & Environmental Protection

ENG 121 – Essential Identification & Authentication

ENG 120 – Essential Security Assessment & Authorization

ENG 119 – Essential Security Audit & Accountability

ENG 118 – Essential Incident Response

ENG 117 – Essential Information Security Program Planning

ENG 116 – Essential Security Planning Policy & Procedures

ENG 115 – Essential System & Information Integrity

ENG 114 – Essential Risk Assessment

ENG 113 – Essential Secure Configuration Management

ENG 112 – Essential Access Control for Mobile Devices

ENG 111 – Essential Session Management Security

ENG 110 – Essential Account Management Security

DES 311 – Creating Secure Application Architecture

DES 260 – Fundamentals of IoT Architecture & Design

DES 231 – Applying OWASP 2017: Mitigating Insufficient Logging & Monitoring Vulnerabilities

DES 230 – Applying OWASP 2017: Mitigating Use of Components with Known Vulnerabilities

DES 229 – Applying OWASP 2017: Mitigating Insecure Deserialization

DES 228 – Applying OWASP 2017: Mitigating Cross Site Scripting (XSS)

DES 227 – Applying OWASP 2017: Mitigating Security Misconfiguration

DES 226 – Applying OWASP 2017: Mitigating Broken Access Control

DES 225 – Applying OWASP 2017: Mitigating XML External Entities

DES 224 – Applying OWASP 2017: Mitigating Sensitive Data Exposure

DES 223 – Applying OWASP 2017: Mitigating Broken Authentication

DES 222 – Applying OWASP 2017: Mitigating Injection

DES 212 – Architecture Risk Analysis & Remediation

DES 205 – Message Integrity Cryptographic Functions

DES 204 – Role of Cryptography in Application Development

DES 203 – Cryptographic Components: Randomness, Algorithms, and Key Management

DES 202 – Cryptographic Suite Services: Encoding, Encrypting & Hashing

DES 101 – Fundamentals of Secure Architecture

COD 382 – Protecting Data in Java

COD 381 – Protecting Java Code: Canonicalization, Information Disclosure and TOCTOU

COD 380 – Protecting Java Code: SQLi & Integer Overflows

COD 364 – Securing HTML5 Connectivity

COD 363- Securing HTML5 Data

COD 362 – HTML5 Built in Security Features

COD 361 – HTML5 Secure Threats

COD 352 – Creating Secure JavaScript and jQuery Code

COD 323 – Protecting Data in C#

COD 322 – Protecting C# from SQL & XML Injection

COD 321 – Protecting C# from Integer Overflows & Canonicalization

COD 318 – Creating Secure Android Code in Java

COD 317 – Creating Secure iOS Code in Swift

COD 316 – Creating Secure iOS Code in Objective C

COD 307 – Protecting Data in C++

COD 303 – Common C Vulnerabilities & Attacks

COD 302 -Secure C Memory Management

COD 301 – Secure C Buffer Overflow Mitigations

COD 283 – Java Cryptography

COD 282 – Java Authentication & Authorization

COD 281 – Java Security Model

COD 270 – Creating Secure COBOL & Mainframe Applications

COD 264 – Secure Perl Scripting

COD 263 – Secure Bash Scripting

COD 262 – Fundamentals of Shell and Interpreted Language Security

COD 261 – Threats to Scripts

COD 259 – Node.js Threats & Vulnerabilities

COD 257 – Creating Secure Python Web Applications

COD 256 – Creating Secure Code: Ruby on Rails Foundations

COD 255 – Creating Secure Code: Web API Foundations

120 Minutes

COD 254 – Creating Secure Azure Applications

COD 253 – Creating Secure AWS Cloud Applications

COD 242 – Creating Secure SQL Server & Azure SQL DB Applications

COD 241 – Creating Secure Oracle DB Applications

COD 219 – Creating Secure Code: SAP ABAP Foundations

COD 217 – Mitigating .NET Security Threats

COD 216 – Leveraging .NET Framework Code Access Security (CAS)

COD 207 – Communication Security in C++

COD 206 – Creating Secure C++ Code

COD 202 – Secure C Runtime Protection

COD 201 – Secure C Encrypted Network Communications

COD 170 – Identifying Threats to Mainframe COBOL Applications & Data

COD 160 -Fundamentals of Secure Embedded Software Development

COD 152 – Fundamentals of Secure Cloud Development

COD 141 – Fundamentals of Database Security

COD 110 – Fundamentals of Secure Mobile Development

AWA 102 – Secure Software Concepts

AWA 019 – Travel Security

AWA 018 – Social Engineering Awareness

AWA 017 – Physical Security

AWA 016 – Phishing Awareness

AWA 015 – PCI Compliance

AWA 014 – Password Security

AWA 013 – Mobile Security

AWA 012 – Malware Awareness

AWA 101 – Fundamentals of Application Security

AWA 010 – Email Security

AWA 009 – Information Privacy: Protecting Data

AWA 008 – Information Privacy: Classifying Data

AWA 007 – Information Privacy & Security Awareness for Executives