Course Catalog / Subject / NIST

NIST

We offer a series of 5 courses aimed at guiding organizations seeking to architect and engineer a data security process for new IT Systems. This series is designed to help organizations implement a unified information security program by aligning with enterprise architecture through the selection of security controls to protect against resources, assets, and operational risk. With over 125+ courses mapped to the National Institute of Standards and Technology Special Publications, our compliance mapping displays courses that meet multiple compliance mandates.

View All Courses     Download Course Catalog

API 210 – Mitigating APIs Lack of Resources & Rate Limiting

15 Minutes
Advanced

API 211 – Mitigating APIs Broken Object Level Authorization

15 Minutes
Advanced

API 213 – Mitigating APIs Mass Assignment

15 Minutes
Advanced

API 214 – Mitigating APIs Improper Asset Management

15 Minutes
Advanced

API 250 – Controlling Access to the Kubernetes API

20 Minutes
Advanced

API 251 – Implementing Web Application and API Protection (WAAP)

35 Minutes
Advanced

ATK 201 – Using the MITRE ATT&CK Framework

15 Minutes
Advanced

COD 104 – Designing Secure Software

15 Minutes
Core

COD 105 – Secure Software Development

20 Minutes
Core

COD 106 – The Importance of Software Integration and Testing

15 Minutes
Core

COD 107 – Secure Software Deployment

10 Minutes
Core

COD 108 – Software Operations and Maintenance

10 Minutes
Core

COD 215 – Mitigating .NET Application Vulnerabilities (NEW)

25 Minutes
Advanced

COD 252 – Securing Google Platform Applications & Data

25 Minutes
Advanced

COD 288 – Java Public Key Cryptography

20 Minutes
Advanced

COD 309 – Securing ASP.NET MVC Applications (UPDATED)

20 Minutes
Advanced

CYB 210 – Cybersecurity Incident Response

12 Minutes
Advanced

CYB 211 – Identifying and Protecting Assets Against Ransomware

12 Minutes
Advanced

CYB 212 – Fundamentals of Security Information & Event Management (SIEM)

15 Minutes
Advanced

CYB 213 – Generative AI Privacy & Cybersecurity Risk (NEW)

30 Minutes
Advanced

CYB 250 – Cyber Threat Hunting: Tactics, Techniques, and Procedures (TTP)

20 Minutes
Advanced

CYB 301 – Fundamentals of Ethical Hacking

15 Minutes
Elite

CYB 310 – Using Cyber Supply Chain Risk Management (C-SCRM) to Mitigate Threats to IT/OT

40 Minutes
Elite

CYB 311 – Threat Analysis with AI

20 Minutes
Elite

DES 207 – Mitigating OWASP API Security Top 10

15 Minutes
Advanced

DES 208 – Defending Against the CSA Top 11 Threats to Cloud Computing

15 Minutes
Advanced

DES 209 – Authentication and Lifecycle Management

15 Minutes
Advanced

DES 214 – Securing Infrastructure Architecture

30 Minutes
Advanced

DES 215 – Defending Infrastructure

30 Minutes
Advanced

DES 216 – Protecting Cloud Infrastructure

40 Minutes
Advanced

DES 217 – Securing Terraform Infrastructure and Resources

20 Minutes
Advanced

DES 218 – Protecting Microservices, Containers, and Orchestration

30 Minutes
Advanced

DES 219 – Securing Google’s Firebase Platform

60 Minutes
Advanced

DES 232 – Mitigating OWASP 2021 Injection

12 Minutes
Advanced

DES 233 – Mitigating OWASP 2021 Identification and Authentication Failures

12 Minutes
Advanced

DES 234 – Mitigating OWASP 2021 Cryptographic Failures

12 Minutes
Advanced

DES 235 – Mitigating OWASP 2021 Insecure Design

12 Minutes
Advanced

DES 236 – Mitigating OWASP 2021 Broken Access Control

12 Minutes
Advanced

DES 237 – Mitigating OWASP 2021 Security Misconfiguration

12 Minutes
Advanced

DES 238 – Mitigating OWASP 2021 Server-Side Request Forgery (SSRF)

12 Minutes
Advanced

DES 239 – Mitigating OWASP 2021 Software and Data Integrity Failures

12 Minutes
Advanced

DES 240 – Mitigating OWASP 2021 Vulnerable and Outdated Components

12 Minutes
Advanced

DES 241 – Mitigating OWASP 2021 Security Logging and Monitoring Failures

12 Minutes
Advanced

DES 261 – Securing Serverless Environments

20 Minutes
Advanced

DES 262 – Securing Enterprise Low-Code Applications Platforms

20 Minutes
Advanced

DES 313 – Hardening a Kubernetes Cluster

20 Minutes
Elite

DES 314 – Hardening the Docker Engine

15 Minutes
Elite

DES 361 – Mitigating LCNC (Low-Code/No-Code) Account Impersonation

20 Minutes
Elite

DES 362 – Mitigating LCNC (Low-Code/No-Code) Authorization Misuse

20 Minutes
Elite

DSO 201 – Fundamentals of Secure DevOps

30 Minutes
Advanced

DSO 212 – Fundamentals of Zero Trust Security

15 Minutes
Advanced

DSO 256 – DevSecOps in the Google Cloud Platform

20 Minutes
Advanced

ENG 110 – Essential Account Management Security

15 Minutes
Core

ENG 111 – Essential Session Management Security

15 Minutes
Core

ENG 112 – Essential Access Control for Mobile Devices

15 Minutes
Core

ENG 113 – Essential Secure Configuration Management

15 Minutes
Core

ENG 114 – Essential Risk Assessment

15 Minutes
Core

ENG 115 – Essential System & Information Integrity

15 Minutes
Core

ENG 116 – Essential Security Planning Policy & Procedures

15 Minutes
Core

ENG 117 – Essential Information Security Program Planning

15 Minutes
Core

ENG 118 – Essential Incident Response

15 Minutes
Core

ENG 119 – Essential Security Audit & Accountability

15 Minutes
Core

ENG 120 – Essential Security Assessment & Authorization

15 Minutes
Core

ENG 121 – Essential Identification & Authentication

15 Minutes
Core

ENG 122 – Essential Physical & Environmental Protection

15 Minutes
Core

ENG 123 – Essential Security Engineering Principles

15 Minutes
Core

ENG 124 – Essential Application Protection

15 Minutes
Core

ENG 125 – Essential Data Protection

15 Minutes
Core

ENG 126 – Essential Security Maintenance Policies

15 Minutes
Core

ENG 127 – Essential Media Protection

15 Minutes
Core

ENG 251 – Risk Management Foundations

20 Minutes
Advanced

ENG 320 – Using Software Composition Analysis (SCA) to Secure Open-Source Components

20 Minutes
Elite

ENG 351 – Preparing the Risk Management Framework

20 Minutes
Elite

ENG 352 – Categorizing Systems and Information within the RMF

10 Minutes
Elite

ENG 353 – Selecting, Implementing and Assessing Controls within the RMF

20 Minutes
Elite

ENG 354 – Authorizing and Monitoring System Controls within the RMF

20 Minutes
Elite

ICS 210 – ICS/SCADA Security Essentials

12 Minutes
Advanced

ICS 310 – Protecting Information and System Integrity in Industrial Control System Environments

15 Minutes
Elite

LAB 131 – Identifying Improper Restriction of XML External Entity Reference

5 Minutes
Elective

LAB 132 – Identifying Exposed Services

5 Minutes
Elective

LAB 133 – Identifying Exposure of Sensitive Information Through Environmental Variables

5 Minutes
Advanced

LAB 134 – Identifying Plaintext Storage of a Password

5 Minutes
Advanced

LAB 135 – Identifying URL Redirection to Untrusted Site

5 Minutes

LAB 136 – Identifying Improper Neutralization of Script in Attributes in a Web Page

5 Minutes

LAB 137 – Identifying Improper Authorization

5 Minutes
Advanced

LAB 138 – Identifying Authorization Bypass Through User-Controlled Key

5 Minutes
Advanced

LAB 139 – Identifying Use of a Key Past its Expiration Date

5 Minutes
Advanced

LAB 201 – Defending Java Applications Against Canonicalization (NEW)

5 Minutes
Advanced

LAB 202 – Defending Python Applications Against Canonicalization (NEW)

5 Minutes
Advanced

LAB 203 – Defending C# Applications Against Canonicalization (NEW)

5 Minutes
Advanced

LAB 204 – Defending Node.js Applications Against Canonicalization (NEW)

5 Minutes
Advanced

LAB 205 – Defending Java Applications Against XPath Injection (NEW)

5 Minutes
Advanced

LAB 206 – Defending Python Applications Against XPath Injection (NEW)

5 Minutes
Advanced

LAB 207 – Defending Node.js Applications Against XPath Injection (NEW)

5 Minutes
Advanced

LAB 208 – Defending C# Applications Against XPath Injection (NEW)

5 Minutes
Advanced

LAB 263 – Defending Java Applications Against Sensitive Information in Log Files

10 Minutes
Advanced

LAB 264 – Defending Python Applications Against Sensitive Information in Log Files

10 Minutes
Advanced

LAB 265 – Defending Node.js Applications Against Sensitive Information in Log Files

10 Minutes
Advanced

LAB 266 – Defending C# Applications Against Sensitive Information in Log Files

10 Minutes
Advanced

LAB 267 – Defending Java Applications Against Deserialization of Untrusted Data

10 Minutes
Advanced

LAB 268 – Defending Python Applications Against Deserialization of Untrusted Data

10 Minutes
Advanced

LAB 269 – Defending Node.js Applications Against Deserialization of Untrusted Data

10 Minutes
Advanced

LAB 270 – Defending C# Applications Against Deserialization of Untrusted Data

10 Minutes
Advanced

LAB 271 – Defending Java Applications Against SSRF

10 Minutes
Advanced

LAB 272 – Defending Python Applications Against SSRF

10 Minutes
Advanced

LAB 273 – Defending Node.js Applications Against SSRF

10 Minutes
Advanced

LAB 274 – Defending C# Applications Against SSRF

10 Minutes
Advanced

LAB 275 – Defending Java Applications Against Command Injection

10 Minutes
Advanced

LAB 276 – Defending Python Applications Against Command Injection

10 Minutes
Advanced

LAB 277 – Defending Node.js Applications Against Command Injection

10 Minutes
Advanced

LAB 278 – Defending C# Applications Against Command Injection

10 Minutes
Advanced

LAB 279 – Defending Java Applications Against Dangerous File Upload

10 Minutes
Advanced

LAB 280 – Defending Python Applications Against Dangerous File Upload

10 Minutes
Advanced

LAB 281 – Defending Node.js Applications Against Dangerous File Upload

10 Minutes
Advanced

LAB 282 – Defending C# Applications Against Dangerous File Upload

10 Minutes
Advanced

LAB 283 – Defending Java Applications Against RegEx DoS

10 Minutes
Advanced

LAB 284 – Defending Python Applications Against RegEx DoS

10 Minutes
Advanced

LAB 285 – Defending Node.js Applications Against RegEx DoS

10 Minutes
Advanced

LAB 286 – Defending C# Applications Against RegEx DoS

10 Minutes
Advanced

LAB 287 – Defending Java Applications Against Null Pointer Dereference

10 Minutes
Advanced

LAB 288 – Defending C# Applications Against Null Pointer Dereference

10 Minutes
Advanced

LAB 289 – Defending Java Applications Against Path Traversal

10 Minutes
Advanced

LAB 290 – Defending Python Applications Against Path Traversal

10 Minutes
Advanced

LAB 291 – Defending Node.js Applications Against Path Traversal

10 Minutes
Advanced

LAB 292 – Defending C# Applications Against Path Traversal

10 Minutes
Advanced

LAB 293 – Defending Java Applications Against Integer Overflow

10 Minutes
Advanced

LAB 294 – Defending C# Applications Against Integer Overflow

10 Minutes
Advanced

LAB 312 – ATT&CK: Testing for Network Services Identification

12 Minutes
Elite

LAB 313 – ATT&CK: Testing for Vulnerability Identification Using Vulnerability Databases

12 Minutes
Elite

LAB 317 – ATT&CK: Testing for Plaintext Secrets in Files

12 Minutes
Elite

LAB 318 – ATT&CK: Log Analysis

12 Minutes
Elite

LAB 319 – ATT&CK: Exfiltration Over C2 Channel (NEW)

30 Minutes
Elite

LAB 336 – ATT&CK: Data from Local System

12 Minutes
Elite

LAB 337 – ATT&CK: Valid Accounts

12 Minutes
Elite

SDT 301 – Testing for Injection

10 Minutes
Elite

SDT 302 – Testing for Identification and Authentication Failures

10 Minutes
Elite

SDT 303 – Testing for Cryptographic Failures

10 Minutes
Elite

SDT 304 – Testing for Insecure Design

10 Minutes
Elite

SDT 305 – Testing for Broken Access Control

10 Minutes
Elite

SDT 306 – Testing for Security Misconfiguration

10 Minutes
Elite

SDT 307 – Testing for Server-Side Request Forgery (SSRF)

10 Minutes
Elite

SDT 308 – Testing for Software and Data Integrity Failures

10 Minutes
Elite

SDT 309 – Testing for Vulnerable and Outdated Components

10 Minutes
Elite

SDT 310 – Testing for Security Logging and Monitoring Failures

10 Minutes
Elite

SDT 311 – Testing for Integer Overflow or Wraparound

15 Minutes
Elite

TST 303 – Penetration Testing for Google Cloud Platform

20 Minutes
Elite

TST 304 – Penetration Testing for AWS Cloud

20 Minutes
Elite

TST 305 – Penetration Testing for Azure Cloud

20 Minutes
Elite