The Courses

Course Title Course # Course Duration
API 210 – Mitigating APIs Lack of Resources & Rate Limiting API 210 15 minutes
API 211 – Mitigating APIs Broken Object Level Authorization API 211 15 minutes
API 213 – Mitigating APIs Mass Assignment API 213 15 minutes
API 214 – Mitigating APIs Improper Asset Management API 214 15 minutes
API 250 – Controlling Access to the Kubernetes API API 250 20 minutes
API 251 – Implementing Web Application and API Protection (WAAP) API 251 35 minutes
ATK 201 – Using the MITRE ATT&CK Framework ATK 201 15 minutes
AWA 101 – Fundamentals of Application Security AWA 101 20 minutes
AWA 102 – Secure Software Concepts AWA 102 20 minutes
COD 102 – The Role of Software Security COD 102 10 minutes
COD 103 – Creating Software Security Requirements COD 103 10 minutes
COD 104 – Designing Secure Software COD 104 15 minutes
COD 105 – Secure Software Development COD 105 20 minutes
COD 106 – The Importance of Software Integration and Testing COD 106 15 minutes
COD 107 – Secure Software Deployment COD 107 10 minutes
COD 108 – Software Operations and Maintenance COD 108 10 minutes
COD 110 – Fundamentals of Secure Mobile Development COD 110 45 minutes
COD 141 – Fundamentals of Database Security COD 141 30 minutes
COD 152 – Fundamentals of Secure Cloud Development COD 152 20 minutes
COD 160 – Fundamentals of Secure Embedded Software Development COD 160 45 minutes
COD 170 – Identifying Threats to Mainframe COBOL Applications & Data COD 170 20 minutes
COD 201 – Secure C Encrypted Network Communications COD 201 15 minutes
COD 202 – Secure C Runtime Protection COD 202 15 minutes
COD 206 – Creating Secure C++ Code COD 206 15 minutes
COD 207 – Communication Security in C++ COD 207 15 minutes
COD 214 – Creating Secure GO Applications COD 214 30 minutes
COD 215 – Mitigating .NET Application Vulnerabilities (NEW) COD 215 25 minutes
COD 219 – Creating Secure Code: SAP ABAP Foundations COD 219 90 minutes
COD 241 – Creating Secure Oracle DB Applications COD 241 45 minutes
COD 242 – Creating Secure SQL Server & Azure SQL DB Applications COD 242 40 minutes
COD 246 – PCI DSS Requirement 3: Protecting Stored Cardholder Data COD 246 20 minutes
COD 247 – PCI DSS Requirement 4: Encrypting Transmission of Cardholder Data COD 247 15 minutes
COD 248 – PCI DSS Requirement 6: Develop and Maintain Secure Systems and Applications COD 248 15 minutes
COD 249 – PCI DSS Requirement 11: Regularly Test Security Systems and Processes COD 249 15 minutes
COD 251 – Defending AJAX-Enabled Web Applications COD 251 25 minutes
COD 252 – Securing Google Platform Applications & Data COD 252 25 minutes
COD 253 – Creating Secure AWS Cloud Applications COD 253 45 minutes
COD 254 – Creating Secure Azure Applications COD 254 45 minutes
COD 255 – Creating Secure Code: Web API Foundations COD 255 20 minutes
COD 256 – Creating Secure Ruby on Rails Foundations COD 256 45 minutes
COD 257 – Creating Secure Python Web Applications COD 257 45 minutes
COD 258 – Creating Secure PHP Web Applications COD 258 30 minutes
COD 259 – Node.js Threats & Vulnerabilities COD 259 30 minutes
COD 261 – Threats to Scripts COD 261 30 minutes
COD 262 – Fundamentals of Shell and Interpreted Language Security COD 262 30 minutes
COD 263 – Secure Bash Scripting COD 263 15 minutes
COD 264 – Secure Perl Scripting COD 264 15 minutes
COD 265 – Secure Python Scripting COD 265 15 minutes
COD 266 – Secure Ruby Scripting COD 266 15 minutes
COD 267 – Securing Python Microservices COD 267 30 minutes
COD 270 – Creating Secure COBOL & Mainframe Applications COD 270 25 minutes
COD 283 – Java Cryptography COD 283 45 minutes
COD 284 – Secure Java Coding COD 284 30 minutes
COD 285 – Developing Secure Angular Applications COD 285 30 minutes
COD 286 – Creating Secure React User Interfaces COD 286 10 minutes
COD 287 – Java Application Server Hardening COD 287 20 minutes
COD 288 – Java Public Key Cryptography COD 288 20 minutes
COD 301 – Secure C Buffer Overflow Mitigations COD 301 45 minutes
COD 302 – Secure C Memory Management COD 302 20 minutes
COD 303 – Common C Vulnerabilities & Attacks COD 303 20 minutes
COD 307 – Protecting Data in C++ COD 307 25 minutes
COD 308 – Common ASP.NET MVC Vulnerabilities and Attacks COD 308 45 minutes
COD 309 – Securing ASP.NET MVC Applications (UPDATED) COD 309 20 minutes
COD 315 – Preventing Vulnerabilities in iOS Code in Swift COD 315 20 minutes
COD 316 – Creating Secure iOS Code in Objective C COD 316 30 minutes
COD 317 – Protecting Data on iOS in Swift COD 317 20 minutes
COD 318 – Protecting Data on Android in Java (UPDATED) COD 318 30 minutes
COD 319 – Preventing Vulnerabilities in Android Code in Java (UPDATED) COD 319 30 minutes
COD 321 – Protecting C# from Integer Overflows & Canonicalization COD 321 30 minutes
COD 322 – Protecting C# from SQL Injection COD 322 8 minutes
COD 323 – Using Encryption with C# COD 323 20 minutes
COD 324 – Protecting C# from XML Injection COD 324 8 minutes
COD 352 – Creating Secure JavaScript and jQuery Code COD 352 45 minutes
COD 361 – HTML5 Secure Threats COD 361 15 minutes
COD 362 – HTML5 Built in Security Features COD 362 20 minutes
COD 363 – Securing HTML5 Data COD 363 20 minutes
COD 364 – Securing HTML5 Connectivity COD 364 20 minutes
COD 366 – Creating Secure Kotlin Applications COD 366 20 minutes
COD 380 – Preventing SQL Injection in Java COD 380 8 minutes
COD 381 – Preventing Path Traversal Attacks in Java COD 381 8 minutes
COD 382 – Protecting Data in Java COD 382 30 minutes
COD 383 – Protecting Java Backend Services COD 383 30 minutes
COD 384 – Protecting Java from Information Disclosure COD 384 8 minutes
COD 385 – Preventing Race Conditions in Java Code COD 385 8 minutes
COD 386 – Preventing Integer Overflows in Java Code COD 386 8 minutes
CYB 210 – Cybersecurity Incident Response CYB 210 12 minutes
CYB 211 – Identifying and Protecting Assets Against Ransomware CYB 211 12 minutes
CYB 212 – Fundamentals of Security Information & Event Management (SIEM) CYB 212 15 minutes
CYB 213 – Generative AI Privacy & Cybersecurity Risk (NEW) CYB 213 30 minutes
CYB 250 – Cyber Threat Hunting: Tactics, Techniques, and Procedures (TTP) CYB 250 20 minutes
CYB 301 – Fundamentals of Ethical Hacking CYB 301 15 minutes
CYB 310 – Using Cyber Supply Chain Risk Management (C-SCRM) to Mitigate Threats to IT/OT CYB 310 40 minutes
CYB 311 – Threat Analysis with AI CYB 311 20 minutes
DES 101 – Fundamentals of Secure Architecture DES 101 20 minutes
DES 151 – Fundamentals of the PCI Secure SLC Standard DES 151 25 minutes
DES 202 – Cryptographic Suite Services: Encoding, Encrypting & Hashing DES 202 45 minutes
DES 203 – Cryptographic Components: Randomness, Algorithms, and Key Management DES 203 15 minutes
DES 204 – Role of Cryptography in Application Development DES 204 15 minutes
DES 205 – Message Integrity Cryptographic Functions DES 205 45 minutes
DES 206 – Meeting Cloud Governance and Compliance Requirements DES 206 15 minutes
DES 207 – Mitigating OWASP API Security Top 10 DES 207 15 minutes
DES 208 – Defending Against the CSA Top 11 Threats to Cloud Computing DES 208 15 minutes
DES 209 – Authentication and Lifecycle Management DES 209 15 minutes
DES 210 – Hardening Linux/Unix Systems DES 210 30 minutes
DES 212 – Architecture Risk Analysis & Remediation DES 212 30 minutes
DES 214 – Securing Infrastructure Architecture DES 214 30 minutes
DES 215 – Defending Infrastructure DES 215 30 minutes
DES 216 – Protecting Cloud Infrastructure DES 216 40 minutes
DES 217 – Securing Terraform Infrastructure and Resources DES 217 20 minutes
DES 218 – Protecting Microservices, Containers, and Orchestration DES 218 30 minutes
DES 219 – Securing Google’s Firebase Platform DES 219 60 minutes
DES 232 – Mitigating OWASP 2021 Injection DES 232 12 minutes
DES 233 – Mitigating OWASP 2021 Identification and Authentication Failures DES 233 12 minutes
DES 234 – Mitigating OWASP 2021 Cryptographic Failures DES 234 12 minutes
DES 235 – Mitigating OWASP 2021 Insecure Design DES 235 12 minutes
DES 236 – Mitigating OWASP 2021 Broken Access Control DES 236 12 minutes
DES 237 – Mitigating OWASP 2021 Security Misconfiguration DES 237 12 minutes
DES 238 – Mitigating OWASP 2021 Server-Side Request Forgery (SSRF) DES 238 12 minutes
DES 239 – Mitigating OWASP 2021 Software and Data Integrity Failures DES 239 12 minutes
DES 240 – Mitigating OWASP 2021 Vulnerable and Outdated Components DES 240 12 minutes
DES 241 – Mitigating OWASP 2021 Security Logging and Monitoring Failures DES 241 12 minutes
DES 255 – Securing the IoT Update Process DES 255 30 minutes
DES 260 – Fundamentals of IoT Architecture & Design DES 260 30 minutes
DES 261 – Securing Serverless Environments DES 261 20 minutes
DES 262 – Securing Enterprise Low-Code Applications Platforms DES 262 20 minutes
DES 271 – OWASP M1: Mitigating Improper Platform Usage DES 271 12 minutes
DES 272 – OWASP M2: Mitigating Insecure Data Storage DES 272 12 minutes
DES 273 – OWASP M3: Mitigating Insecure Communication DES 273 12 minutes
DES 274 – OWASP M4: Mitigating Insecure Authentication DES 274 12 minutes
DES 275 – OWASP M5: Mitigating Insufficient Cryptography DES 275 12 minutes
DES 276 – OWASP M6: Mitigating Insecure Authorization DES 276 12 minutes
DES 277 – OWASP M7: Mitigating Client Code Quality DES 277 12 minutes
DES 278 – OWASP M8: Mitigating Code Tampering DES 278 12 minutes
DES 279 – OWASP M9: Mitigating Reverse Engineering DES 279 12 minutes
DES 280 – OWASP M10: Mitigating Extraneous Functionality DES 280 12 minutes
DES 281 – OWASP IoT1: Mitigating Weak, Guessable or Hardcoded Passwords DES 281 12 minutes
DES 282 – OWASP IoT2: Mitigating Insecure Network Services DES 282 12 minutes
DES 283 – OWASP IoT3: Mitigating Insecure Ecosystem Interfaces DES 283 12 minutes
DES 284 – OWASP IoT4: Mitigating Lack of Secure Update Mechanism DES 284 12 minutes
DES 285 – OWASP IoT5: Mitigating Use of Insecure or Outdated Components DES 285 12 minutes
DES 286 – OWASP IoT6: Mitigating Insufficient Privacy Protection DES 286 12 minutes
DES 287 – OWASP IoT7: Mitigating Insecure Data Transfer and Storage DES 287 12 minutes
DES 288 – OWASP IoT8: Mitigating Lack of Device Management DES 288 12 minutes
DES 289 – OWASP IoT9: Mitigating Insecure Default Settings DES 289 12 minutes
DES 290 – OWASP IoT10 Mitigating Lack of Physical Hardening DES 290 12 minutes
DES 305 – Protecting Existing Blockchain Assets DES 305 20 minutes
DES 306 – Creating a Secure Blockchain Network DES 306 20 minutes
DES 311 – Creating Secure Application Architecture DES 311 45 minutes
DES 312 – Protecting Cardholder Data DES 312 20 minutes
DES 313 – Hardening a Kubernetes Cluster DES 313 20 minutes
DES 314 – Hardening the Docker Engine DES 314 15 minutes
DES 361 – Mitigating LCNC (Low-Code/No-Code) Account Impersonation DES 361 20 minutes
DES 362 – Mitigating LCNC (Low-Code/No-Code) Authorization Misuse DES 362 20 minutes
DSO 201 – Fundamentals of Secure DevOps DSO 201 30 minutes
DSO 205 – Securing the COTS Supply Chain DSO 205 15 minutes
DSO 206 – Securing the Open Source Supply Chain DSO 206 15 minutes
DSO 211 – Identifying Threats to Containers in a DevSecOps Framework DSO 211 20 minutes
DSO 212 – Fundamentals of Zero Trust Security DSO 212 15 minutes
DSO 253 – DevSecOps in the AWS Cloud DSO 253 20 minutes
DSO 254 – DevSecOps in the Azure Cloud DSO 254 20 minutes
DSO 256 – DevSecOps in the Google Cloud Platform DSO 256 20 minutes
DSO 301 – Orchestrating Secure System and Service Configuration DSO 301 20 minutes
DSO 302 – Automated Security Testing DSO 302 20 minutes
DSO 303 – Automating Security Updates DSO 303 20 minutes
DSO 304 – Securing API Gateways in a DevSecOps Framework DSO 304 20 minutes
DSO 305 – Automating CI/CD Pipeline Compliance DSO 305 20 minutes
DSO 306 – Implementing Infrastructure as Code DSO 306 20 minutes
DSO 307 – Secure Secrets Management DSO 307 20 minutes
ENG 110 – Essential Account Management Security ENG 110 15 minutes
ENG 111 – Essential Session Management Security ENG 111 15 minutes
ENG 112 – Essential Access Control for Mobile Devices ENG 112 15 minutes
ENG 113 – Essential Secure Configuration Management ENG 113 15 minutes
ENG 114 – Essential Risk Assessment ENG 114 15 minutes
ENG 115 – Essential System & Information Integrity ENG 115 15 minutes
ENG 116 – Essential Security Planning Policy & Procedures ENG 116 15 minutes
ENG 117 – Essential Information Security Program Planning ENG 117 15 minutes
ENG 118 – Essential Incident Response ENG 118 15 minutes
ENG 119 – Essential Security Audit & Accountability ENG 119 15 minutes
ENG 120 – Essential Security Assessment & Authorization ENG 120 15 minutes
ENG 121 – Essential Identification & Authentication ENG 121 15 minutes
ENG 122 – Essential Physical & Environmental Protection ENG 122 15 minutes
ENG 123 – Essential Security Engineering Principles ENG 123 15 minutes
ENG 124 – Essential Application Protection ENG 124 15 minutes
ENG 125 – Essential Data Protection ENG 125 15 minutes
ENG 126 – Essential Security Maintenance Policies ENG 126 15 minutes
ENG 127 – Essential Media Protection ENG 127 15 minutes
ENG 150 – Meeting Confidentiality, Integrity, and Availability ENG 150 30 minutes
ENG 151 – Fundamentals of Privacy Protection ENG 151 10 minutes
ENG 191 – Introduction to the Microsoft SDL ENG 191 25 minutes
ENG 192 – Implementing the Agile Microsoft SDL ENG 192 20 minutes
ENG 193 – Implementing the Microsoft SDL Optimization Model ENG 193 12 minutes
ENG 194 – Implementing Microsoft SDL Line of Business ENG 194 20 minutes
ENG 195 – Implementing the Microsoft SDL Threat Modeling Tool ENG 195 20 minutes
ENG 205 – Fundamentals of Threat Modeling ENG 205 45 minutes
ENG 211 – How to Create Application Security Design Requirements ENG 211 15 minutes
ENG 212 – Implementing Secure Software Operations ENG 212 20 minutes
ENG 251 – Risk Management Foundations ENG 251 20 minutes
ENG 311 – Attack Surface Analysis & Reduction ENG 311 25 minutes
ENG 312 – How to Perform a Security Code Review ENG 312 30 minutes
ENG 320 – Using Software Composition Analysis (SCA) to Secure Open-Source Components ENG 320 20 minutes
ENG 351 – Preparing the Risk Management Framework ENG 351 20 minutes
ENG 352 – Categorizing Systems and Information within the RMF ENG 352 10 minutes
ENG 353 – Selecting, Implementing and Assessing Controls within the RMF ENG 353 20 minutes
ENG 354 – Authorizing and Monitoring System Controls within the RMF ENG 354 20 minutes
ICS 210 – ICS/SCADA Security Essentials ICS 210 12 minutes
ICS 310 – Protecting Information and System Integrity in Industrial Control System Environments ICS 310 15 minutes
LAB 111 – Identifying Server-Side Request Forgery LAB 111 5 minutes
LAB 113 – Identifying Cryptographic Failures LAB 113 5 minutes
LAB 114 – Identifying Cookie Tampering Lab 114 5 minutes
LAB 115 – Identifying Reflective XSS LAB 115 5 minutes
LAB 116 – Identifying Forceful Browsing LAB 116 5 minutes
LAB 117 – Identifying Hidden Form Field LAB 117 5 minutes
LAB 118 – Identifying Weak File Upload Validation LAB 118 5 minutes
LAB 119 – Identifying Persistent XSS LAB 119 5 minutes
LAB 120 – Identifying XML Injection LAB 120 5 minutes
LAB 121 – Identifying Vulnerable and Outdate Components LAB 121 5 minutes
LAB 122 – Identifying Insecure APIs LAB 122 5 minutes
LAB 123 – Identifying Vertical Privilege Escalation LAB 123 5 minutes
LAB 124 – Identifying Horizontal Privilege Escalation LAB 124 5 minutes
LAB 125 – Identifying Buffer Overflow LAB 125 5 minutes
LAB 126 – Identifying Information Leakage LAB 126 5 minutes
LAB 127 – Identifying Security Logging and Monitoring Failures LAB 127 5 minutes
LAB 128 – Identifying Unverified Password Change LAB 128 5 minutes
LAB 129 – Identifying Error Message Containing Sensitive Information LAB 129 5 minutes
LAB 130 – Identifying Generation of Predictable Numbers or Identifiers LAB 130 5 minutes
LAB 131 – Identifying Improper Restriction of XML External Entity Reference LAB 131 5 minutes
LAB 132 – Identifying Exposed Services LAB 132 5 minutes
LAB 133 – Identifying Exposure of Sensitive Information Through Environmental Variables LAB 133 5 minutes
LAB 134 – Identifying Plaintext Storage of a Password LAB 134 5 minutes
LAB 135 – Identifying URL Redirection to Untrusted Site LAB 135 5 minutes
LAB 136 – Identifying Improper Neutralization of Script in Attributes in a Web Page LAB 136 5 minutes
LAB 137 – Identifying Improper Authorization LAB 137 5 minutes
LAB 138 – Identifying Authorization Bypass Through User-Controlled Key LAB 138 5 minutes
LAB 139 – Identifying Use of a Key Past its Expiration Date LAB 139 5 minutes
LAB 201 – Defending Java Applications Against Canonicalization (NEW) LAB 201 5 minutes
LAB 202 – Defending Python Applications Against Canonicalization (NEW) LAB 202 5 minutes
LAB 203 – Defending C# Applications Against Canonicalization (NEW) LAB 203 5 minutes
LAB 204 – Defending Node.js Applications Against Canonicalization (NEW) LAB 204 5 minutes
LAB 205 – Defending Java Applications Against XPath Injection (NEW) LAB 205 5 minutes
LAB 206 – Defending Python Applications Against XPath Injection (NEW) LAB 206 5 minutes
LAB 207 – Defending Node.js Applications Against XPath Injection (NEW) LAB 207 5 minutes
LAB 208 – Defending C# Applications Against XPath Injection (NEW) LAB 208 5 minutes
LAB 211 – Defending Java Applications Against Credentials in Code Medium LAB 211 10 minutes
LAB 212 – Defending Python Applications Against Credentials in Code Medium LAB 212 10 minutes
LAB 213 – Defending Node.js Applications Against Credentials in Code Medium LAB 213 10 minutes
LAB 214 – Defending C# Applications Against Credentials in Code Medium LAB 214 10 minutes
LAB 215 – Defending Java Applications Against Business Logic Error for Input Validation LAB 215 10 minutes
LAB 216 – Defending Python Applications Against Business Logic Error for Input Validation LAB 216 10 minutes
LAB 217 – Defending Node.js Applications Against Business Logic Error for Input Validation LAB 217 10 minutes
LAB 218 – Defending C# Applications Against Business Logic Error for Input Validation LAB 218 10 minutes
LAB 220 – Defending Against Hard-Coded Secrets LAB 220 5 minutes
LAB 221 – Defending C# Applications Against SQL Injection LAB 221 10 minutes
LAB 222 – Defending Python Applications Against SQL Injection LAB 222 10 minutes
LAB 223 – Defending Node.js Applications Against SQL Injection LAB 223 10 minutes
LAB 224 – Defending Java Applications Against Forceful Browsing LAB 224 10 minutes
LAB 225 – Defending Python Applications Against Forceful Browsing LAB 225 10 minutes
LAB 226 – Defending Node.js Applications Against Forceful Browsing LAB 226 10 minutes
LAB 227 – Defending C# Applications Against Forceful Browsing LAB 227 10 minutes
LAB 228 – Defending Java Applications Against Weak AES ECB Mode Encryption LAB 228 10 minutes
LAB 229 – Defending Java Applications Against Weak PRNG LAB 229 10 minutes
LAB 230 – Defending Java Applications Against XSS LAB 230 15 minutes
LAB 231 – Defending Python Applications Against XSS LAB 231 15 minutes
LAB 232 – Defending C# Applications Against XSS LAB 232 15 minutes
LAB 233 – Defending Node.js Applications Against XSS LAB 233 15 minutes
LAB 234 – Defending Java Applications Against Parameter Tampering LAB 234 10 minutes
LAB 235 – Defending Java Applications Against Plaintext Password Storage LAB 235 10 minutes
LAB 236 – Defending Java Applications Against Sensitive Information in Error Messages LAB 236 10 minutes
LAB 237 – Defending Java Applications Against SQL Injection LAB 237 20 minutes
LAB 238 – Defending C# Applications Against Weak AES ECB Mode Encryption LAB 238 10 minutes
LAB 239 – Defending C# Applications Against Weak PRNG LAB 239 10 minutes
LAB 240 – Defending Java Applications Against eXternal XML Entity (XXE) Vulnerabilities LAB 240 10 minutes
LAB 241 – Defending C# Applications Against eXternal XML Entity (XXE) Vulnerabilities LAB 241 10 minutes
LAB 242 – Defending Node.js Applications Against eXternal XML Entity (XXE) Vulnerabilities LAB 242 10 minutes
LAB 243 – Defending Python Applications Against eXternal XML Entity (XXE) Vulnerabilities LAB 243 10 minutes
LAB 244 – Defending Java Applications Against Security Misconfiguration LAB 244 12 minutes
LAB 245 – Defending Node.js Applications Against Plaintext Password Storage LAB 245 10 minutes
LAB 246 – Defending Node.js Applications Against Weak AES ECB Mode Encryption LAB 246 10 minutes
LAB 247 – Defending Node.js Applications Against Weak PRNG LAB 247 10 minutes
LAB 248 – Defending Node.js Applications Against Parameter Tampering LAB 248 10 minutes
LAB 249 – Defending Python Applications Against Plaintext Password Storage LAB 249 10 minutes
LAB 250 – Defending C# Applications Against Parameter Tampering LAB 250 10 minutes
LAB 251 – Defending C# Applications Against Plaintext Password Storage LAB 251 10 minutes
LAB 252 – Defending Python Applications Against Weak AES ECB Mode Encryption LAB 252 10 minutes
LAB 253 – Defending Python Applications Against Weak PRNG LAB 253 10 minutes
LAB 254 – Defending Python Applications Against Parameter Tampering LAB 254 10 minutes
LAB 260 – Defending C# Applications Against Sensitive Information in Error Messages LAB 260 10 minutes
LAB 261 – Defending Python Applications Against Sensitive Information in Error Messages LAB 261 10 minutes
LAB 262 – Defending Node.js Applications Against Sensitive Information in Error Messages LAB 262 10 minutes
LAB 263 – Defending Java Applications Against Sensitive Information in Log Files LAB 263 10 minutes
LAB 264 – Defending Python Applications Against Sensitive Information in Log Files LAB 264 10 minutes
LAB 265 – Defending Node.js Applications Against Sensitive Information in Log Files LAB 265 10 minutes
LAB 266 – Defending C# Applications Against Sensitive Information in Log Files LAB 266 10 minutes
LAB 267 – Defending Java Applications Against Deserialization of Untrusted Data LAB 267 10 minutes
LAB 268 – Defending Python Applications Against Deserialization of Untrusted Data LAB 268 10 minutes
LAB 269 – Defending Node.js Applications Against Deserialization of Untrusted Data LAB 269 10 minutes
LAB 270 – Defending C# Applications Against Deserialization of Untrusted Data LAB 270 10 minutes
LAB 271 – Defending Java Applications Against SSRF LAB 271 10 minutes
LAB 272 – Defending Python Applications Against SSRF LAB 272 10 minutes
LAB 273 – Defending Node.js Applications Against SSRF LAB 273 10 minutes
LAB 274 – Defending C# Applications Against SSRF LAB 274 10 minutes
LAB 275 – Defending Java Applications Against Command Injection LAB 275 10 minutes
LAB 276 – Defending Python Applications Against Command Injection LAB 276 10 minutes
LAB 277 – Defending Node.js Applications Against Command Injection LAB 277 10 minutes
LAB 278 – Defending C# Applications Against Command Injection LAB 278 10 minutes
LAB 279 – Defending Java Applications Against Dangerous File Upload LAB 279 10 minutes
LAB 280 – Defending Python Applications Against Dangerous File Upload LAB 280 10 minutes
LAB 281 – Defending Node.js Applications Against Dangerous File Upload LAB 281 10 minutes
LAB 282 – Defending C# Applications Against Dangerous File Upload LAB 282 10 minutes
LAB 283 – Defending Java Applications Against RegEx DoS LAB 283 10 minutes
LAB 284 – Defending Python Applications Against RegEx DoS LAB 284 10 minutes
LAB 285 – Defending Node.js Applications Against RegEx DoS LAB 285 10 minutes
LAB 286 – Defending C# Applications Against RegEx DoS LAB 286 10 minutes
LAB 287 – Defending Java Applications Against Null Pointer Dereference LAB 287 10 minutes
LAB 288 – Defending C# Applications Against Null Pointer Dereference LAB 288 10 minutes
LAB 289 – Defending Java Applications Against Path Traversal LAB 289 10 minutes
LAB 290 – Defending Python Applications Against Path Traversal LAB 290 10 minutes
LAB 291 – Defending Node.js Applications Against Path Traversal LAB 291 10 minutes
LAB 292 – Defending C# Applications Against Path Traversal LAB 292 10 minutes
LAB 293 – Defending Java Applications Against Integer Overflow LAB 293 10 minutes
LAB 294 – Defending C# Applications Against Integer Overflow LAB 294 10 minutes
LAB 310 – ATT&CK: File and Directory Permissions Modification LAB 310 12 minutes
LAB 311 – ATT&CK: File and Directory Discovery LAB 311 12 minutes
LAB 312 – ATT&CK: Testing for Network Services Identification LAB 312 12 minutes
LAB 313 – ATT&CK: Testing for Vulnerability Identification Using Vulnerability Databases LAB 313 12 minutes
LAB 315 – ATT&CK: Updating Vulnerable Java Web Application Server Software LAB 315 12 minutes
LAB 317 – ATT&CK: Testing for Plaintext Secrets in Files LAB 317 12 minutes
LAB 318 – ATT&CK: Log Analysis LAB 318 12 minutes
LAB 319 – ATT&CK: Exfiltration Over C2 Channel (NEW) LAB 319 30 minutes
LAB 321 – ATT&CK: Password Cracking LAB 321 5 minutes
LAB 322 – ATT&CK: Exploiting Windows File Sharing Server with External Remote Services LAB 322 20 minutes
LAB 323 – ATT&CK: Exploiting Vulnerable Java Web Application Server Software LAB 323 12 minutes
LAB 324 – ATT&CK: Exploiting Java Web Application Server Misconfiguration LAB 324 12 minutes
LAB 330 – ATT&CK: Exploiting Java SQL Injection to Extract Password Hashes LAB 330 15 minutes
LAB 331 – ATT&CK: Network Service Discovery LAB 331 12 minutes
LAB 332 – ATT&CK: Network Share Discovery LAB 332 12 minutes
LAB 334 – ATT&CK: Create Account LAB 334 12 minutes
LAB 335 – ATT&CK: Unsecured Credentials LAB 335 12 minutes
LAB 336 – ATT&CK: Data from Local System LAB 336 12 minutes
LAB 337 – ATT&CK: Valid Accounts LAB 337 12 minutes
SDT 301 – Testing for Injection SDT 301 10 minutes
SDT 302 – Testing for Identification and Authentication Failures SDT 302 10 minutes
SDT 303 – Testing for Cryptographic Failures SDT 303 10 minutes
SDT 304 – Testing for Insecure Design SDT 304 10 minutes
SDT 305 – Testing for Broken Access Control SDT 305 10 minutes
SDT 306 – Testing for Security Misconfiguration SDT 306 10 minutes
SDT 307 – Testing for Server-Side Request Forgery (SSRF) SDT 307 10 minutes
SDT 308 – Testing for Software and Data Integrity Failures SDT 308 10 minutes
SDT 309 – Testing for Vulnerable and Outdated Components SDT 309 10 minutes
SDT 310 – Testing for Security Logging and Monitoring Failures SDT 310 10 minutes
SDT 311 – Testing for Integer Overflow or Wraparound SDT 311 15 minutes
SDT 312 – Testing for (Path Traversal) Improper Limitation of a Pathname to a Restricted Directory SDT 312 15 minutes
SDT 313 – Testing for (CSRF) Cross Site Request Forgery SDT 313 15 minutes
SDT 314 – Testing for Unrestricted Upload of File with Dangerous Type SDT 314 15 minutes
SDT 315 – Testing for Incorrect Permission Assignment for Critical Resource SDT 315 15 minutes
SDT 316 – Testing for Use of Hard-Coded Credentials SDT 316 15 minutes
SDT 317 – Testing for Improper Control of Generation of Code SDT 317 10 minutes
SDT 318 – Testing for Insufficiently Protected Credentials SDT 318 10 minutes
SDT 319 – Testing for Out-of-bounds Read SDT 319 10 minutes
SDT 320 – Testing for Out-of-bounds Write SDT 320 10 minutes
SDT 321 – Testing for Uncontrolled Resource Consumption SDT 321 10 minutes
SDT 322 – Testing for Improper Privilege Management SDT 322 10 minutes
SDT 323 – Testing for Improper Input Validation SDT 323 10 minutes
SDT 324 – Testing for Improper Restriction of Operations within the Bounds of a Memory Buffer SDT 324 10 minutes
SDT 325 – Testing for NULL Pointer Dereference SDT 325 10 minutes
SDT 326 – Testing for Use After Free SDT 326 10 minutes
TST 101 – Fundamentals of Security Testing TST 101 20 minutes
TST 202 – Penetration Testing Fundamentals TST 202 25 minutes
TST 205 – Performing Vulnerability Scans TST 205 45 minutes
TST 206 – ASVS Requirements for Developers TST 206 20 minutes
TST 301 – Infrastructure Penetration Testing TST 301 45 minutes
TST 302 – Application Penetration Testing TST 302 45 minutes
TST 303 – Penetration Testing for Google Cloud Platform TST 303 20 minutes
TST 304 – Penetration Testing for AWS Cloud TST 304 20 minutes
TST 305 – Penetration Testing for Azure Cloud TST 305 20 minutes
TST 351 – Penetration Testing for TLS Vulnerabilities TST 351 12 minutes
TST 352 – Penetration Testing for Injection Vulnerabilities TST 352 12 minutes
TST 353 – Penetration Testing for SQL Injection TST 353 12 minutes
TST 354 – Penetration Testing for Memory Corruption Vulnerabilities TST 354 12 minutes
TST 355 – Penetration Testing for Authorization Vulnerabilities TST 355 12 minutes
TST 356 – Penetration Testing for Cross-Site Scripting (XSS) TST 356 12 minutes
TST 357 – Penetration Testing for Hardcoded Secrets TST 357 12 minutes
TST 358 – Penetration Testing Wireless Networks TST 358 12 minutes
TST 359 – Penetration Testing Network Infrastructure TST 359 12 minutes
TST 360 – Penetration Testing for Authentication Vulnerabilities TST 360 12 minutes