| ATK 201 – Using the MITRE ATT&CK Framework |
ATK 201 |
15 minutes |
| AWA 101 – Fundamentals of Application Security |
AWA 101 |
30 minutes |
| AWA 102 – Secure Software Concepts |
AWA 102 |
30 minutes |
| COD 102 – The Role of Software Security |
COD 102 |
10 minutes |
| COD 103 – Creating Software Security Requirements |
COD 103 |
10 minutes |
| COD 104 – Designing Secure Software |
COD 104 |
15 minutes |
| COD 105 – Secure Software Development |
COD 105 |
20 minutes |
| COD 106 – The Importance of Software Integration and Testing |
COD 106 |
15 minutes |
| COD 107 – Secure Software Deployment |
COD 107 |
10 minutes |
| COD 108 – Software Operations and Maintenance |
COD 108 |
10 minutes |
| COD 110 – Fundamentals of Secure Mobile Development |
COD 110 |
45 minutes |
| COD 141 – Fundamentals of Database Security |
COD 141 |
30 minutes |
| COD 152 – Fundamentals of Secure Cloud Development |
COD 152 |
20 minutes |
| COD 160 -Fundamentals of Secure Embedded Software Development |
COD 160 |
45 minutes |
| COD 170 – Identifying Threats to Mainframe COBOL Applications & Data |
COD 170 |
20 minutes |
| COD 201 – Secure C Encrypted Network Communications |
COD 201 |
15 minutes |
| COD 202 – Secure C Runtime Protection |
COD 202 |
15 minutes |
| COD 206 – Creating Secure C++ Code |
COD 206 |
15 minutes |
| COD 207 – Communication Security in C++ |
COD 207 |
15 minutes |
| COD 214 – Creating Secure GO Applications |
COD 214 |
30 minutes |
| COD 216 – Leveraging .NET Framework Code Access Security (CAS) |
COD 216 |
30 minutes |
| COD 217 – Mitigating .NET Security Threats |
COD 217 |
45 minutes |
| COD 219 – Creating Secure Code: SAP ABAP Foundations |
COD 219 |
90 minutes |
| COD 241 – Creating Secure Oracle DB Applications |
COD 241 |
45 minutes |
| COD 242 – Creating Secure SQL Server & Azure SQL DB Applications |
COD 242 |
40 minutes |
| COD 246 – PCI DSS 3: Protecting Stored Cardholder Data |
COD 246 |
15 minutes |
| COD 247 – PCI DSS 4: Encrypting Transmission of Cardholder Data |
COD 247 |
15 minutes |
| COD 248 – PCI DSS 6: Develop and Maintain Secure Systems and Applications |
COD 248 |
15 minutes |
| COD 249 – PCI DSS 11: Regularly Test Security Systems and Processes |
COD 249 |
15 minutes |
| COD 251 – Defending AJAX-Enabled Web Applications |
COD 251 |
25 minutes |
| COD 252 – Securing Google Platform Applications & Data |
COD 252 |
25 minutes |
| COD 253 – Creating Secure AWS Cloud Applications |
COD 253 |
45 minutes |
| COD 254 – Creating Secure Azure Applications |
COD 254 |
45 minutes |
| COD 255 – Creating Secure Code: Web API Foundations |
COD 255 |
20 minutes |
| COD 256 – Creating Secure Code: Ruby on Rails Foundations |
COD 256 |
45 minutes |
| COD 257 – Creating Secure Python Web Applications |
COD 257 |
45 minutes |
| COD 258 – Creating Secure PHP Web Applications |
COD 258 |
30 minutes |
| COD 259 – Node.js Threats & Vulnerabilities |
COD 259 |
30 minutes |
| COD 261 – Threats to Scripts |
COD 261 |
30 minutes |
| COD 262 – Fundamentals of Shell and Interpreted Language Security |
COD 262 |
30 minutes |
| COD 263 – Secure Bash Scripting |
COD 263 |
15 minutes |
| COD 264 – Secure Perl Scripting |
COD 264 |
15 minutes |
| COD 265 – Secure Python Scripting |
COD 265 |
15 minutes |
| COD 266 – Secure Ruby Scripting |
COD 266 |
15 minutes |
| COD 267 – Securing Python Microservices |
COD 267 |
30 minutes |
| COD 270 – Creating Secure COBOL & Mainframe Applications |
COD 270 |
25 minutes |
| COD 281 – Java Security Model |
COD 281 |
20 minutes |
| COD 283 – Java Cryptography |
COD 283 |
45 minutes |
| COD 284 – Secure Java Coding |
COD 284 |
30 minutes |
| COD 285 – Developing Secure Angular Applications |
COD 285 |
30 minutes |
| COD 286 – Creating Secure React User Interfaces |
COD 286 |
10 minutes |
| COD 287 – Java Application Server Hardening |
COD 287 |
20 minutes |
| COD 301 – Secure C Buffer Overflow Mitigations |
COD 301 |
45 minutes |
| COD 302 -Secure C Memory Management |
COD 302 |
20 minutes |
| COD 303 – Common C Vulnerabilities & Attacks |
COD 303 |
20 minutes |
| COD 307 – Protecting Data in C++ |
COD 307 |
25 minutes |
| COD 308 – Common ASP.NET MVC Vulnerabilities and Attacks |
COD 308 |
45 minutes |
| COD 309 – Securing ASP.NET MVC Applications |
COD 309 |
30 minutes |
| COD 315 – Preventing Vulnerabilities in iOS Code in Swift |
COD 315 |
20 minutes |
| COD 316 – Creating Secure iOS Code in Objective C |
COD 316 |
30 minutes |
| COD 317 – Protecting Data on iOS in Swift |
COD 317 |
20 minutes |
| COD 318 – Protecting Data on Android in Java |
COD 318 |
20 minutes |
| COD 319 – Preventing Vulnerabilities in Android Code in Java |
COD 319 |
20 minutes |
| COD 321 – Protecting C# from Integer Overflows & Canonicalization |
COD 321 |
30 minutes |
| COD 322 – Protecting C# from SQL Injection |
COD 322 |
8 minutes |
| COD 323 – Using Encryption with C# |
COD 323 |
20 minutes |
| COD 324 – Protecting C# from XML Injection |
COD 324 |
8 minutes |
| COD 352 – Creating Secure JavaScript and jQuery Code |
COD 352 |
45 minutes |
| COD 361 – HTML5 Secure Threats |
COD 361 |
15 minutes |
| COD 362 – HTML5 Built in Security Features |
COD 362 |
20 minutes |
| COD 363- Securing HTML5 Data |
COD 363 |
20 minutes |
| COD 364 – Securing HTML5 Connectivity |
COD 364 |
20 minutes |
| COD 366 – Creating Secure Kotlin Applications |
COD 366 |
20 minutes |
| COD 370- Testing for OWASP 2017: Injection |
COD 370 |
15 minutes |
| COD 371 – Testing for OWASP 2017: Broken Authentication |
COD 371 |
12 minutes |
| COD 372 – Testing for OWASP 2017: Sensitive Data Exposure |
COD 372 |
12 minutes |
| COD 373 – Testing for OWASP 2017: XML External Entities |
COD 373 |
10 minutes |
| COD 374 – Testing for OWASP 2017: Broken Access Control |
COD 374 |
10 minutes |
| COD 375 – Testing for OWASP 2017: Security Misconfiguration |
COD 375 |
10 minutes |
| COD 376 – Testing for OWASP 2017: Cross Site Scripting (XSS) |
COD 376 |
15 minutes |
| COD 377 – Testing for OWASP 2017: Insecure Deserialization |
COD 377 |
10 minutes |
| COD 378 – Testing for OWASP 2017: Use of Components with Known Vulnerabilities |
COD 378 |
10 minutes |
| COD 379 – Testing for OWASP 2017: Insufficient Logging & Monitoring |
COD 379 |
10 minutes |
| COD 380 – Preventing SQL Injection in Java |
COD 380 |
8 minutes |
| COD 381 – Preventing Path Traversal Attacks in Java |
COD 381 |
8 minutes |
| COD 382 – Protecting Data in Java |
COD 382 |
30 minutes |
| COD 383 – Protecting Java Backend Services |
COD 383 |
30 minutes |
| COD 384 – Protecting Java from Information Disclosure |
COD 384 |
8 minutes |
| COD 385 – Preventing Race Conditions in Java Code |
COD 385 |
8 minutes |
| COD 386 – Preventing Integer Overflows in Java Code |
COD 386 |
8 minutes |
| CYB 301 – Fundamentals of Ethical Hacking |
CYB 301 |
15 minutes |
| DES 101 – Fundamentals of Secure Architecture |
DES 101 |
20 minutes |
| DES 151 – Fundamentals of the PCI Secure SLC Standard |
DES 151 |
25 minutes |
| DES 202 – Cryptographic Suite Services: Encoding, Encrypting & Hashing |
DES 202 |
45 minutes |
| DES 203 – Cryptographic Components: Randomness, Algorithms, and Key Management |
DES 203 |
15 minutes |
| DES 204 – Role of Cryptography in Application Development |
DES 204 |
15 minutes |
| DES 205 – Message Integrity Cryptographic Functions |
DES 205 |
45 minutes |
| DES 206 – Meeting Cloud Governance and Compliance Requirements |
DES 206 |
15 minutes |
| DES 207 – Mitigating OWASP API Security Top 10 (NEW) |
DES 207 |
15 minutes |
| DES 208 – Defending Against the CSA Top 11 Threats to Cloud Computing (NEW) |
DES 208 |
15 minutes |
| DES 210 – Hardening Linux/Unix Systems |
DES 210 |
30 minutes |
| DES 212 – Architecture Risk Analysis & Remediation |
DES 212 |
30 minutes |
| DES 214 – Securing Infrastructure Architecture |
DES 214 |
30 minutes |
| DES 215 – Defending Infrastructure |
DES 215 |
30 minutes |
| DES 216 – Protecting Cloud Infrastructure |
DES 216 |
40 minutes |
| DES 217 – Securing Terraform Infrastructure and Resources (NEW) |
DES 217 |
20 minutes |
| DES 218 – Protecting Microservices, Containers, and Orchestration |
DES 218 |
30 minutes |
| DES 222 – Applying OWASP 2017: Mitigating Injection |
DES 222 |
12 minutes |
| DES 223 – Applying OWASP 2017: Mitigating Broken Authentication |
DES 223 |
12 minutes |
| DES 224 – Applying OWASP 2017: Mitigating Sensitive Data Exposure |
DES 224 |
12 minutes |
| DES 225 – Applying OWASP 2017: Mitigating XML External Entities |
DES 225 |
12 minutes |
| DES 226 – Applying OWASP 2017: Mitigating Broken Access Control |
DES 226 |
12 minutes |
| DES 227 – Applying OWASP 2017: Mitigating Security Misconfiguration |
DES 227 |
12 minutes |
| DES 228 – Applying OWASP 2017: Mitigating Cross Site Scripting (XSS) |
DES 228 |
12 minutes |
| DES 229 – Applying OWASP 2017: Mitigating Insecure Deserialization |
DES 229 |
12 minutes |
| DES 230 – Applying OWASP 2017: Mitigating Use of Components with Known Vulnerabilities |
DES 230 |
12 minutes |
| DES 231 – Applying OWASP 2017: Mitigating Insufficient Logging & Monitoring Vulnerabilities |
DES 231 |
12 minutes |
| DES 255 – Securing the IoT Update Process |
DES 255 |
30 minutes |
| DES 260 – Fundamentals of IoT Architecture & Design |
DES 260 |
30 minutes |
| DES 271 – OWASP M1: Mitigating Improper Platform Usage |
DES 271 |
12 minutes |
| DES 272 – OWASP M2: Mitigating Insecure Data Storage |
DES 272 |
12 minutes |
| DES 273 – OWASP M3: Mitigating Insecure Communication |
DES 273 |
12 minutes |
| DES 274 – OWASP M4: Mitigating Insecure Authentication |
DES 274 |
12 minutes |
| DES 275 – OWASP M5: Mitigating Insufficient Cryptography |
DES 275 |
12 minutes |
| DES 276 – OWASP M6: Mitigating Insecure Authorization |
DES 276 |
12 minutes |
| DES 277 – OWASP M7: Mitigating Client Code Quality |
DES 277 |
12 minutes |
| DES 278 – OWASP M8: Mitigating Code Tampering |
DES 278 |
12 minutes |
| DES 279 – OWASP M9: Mitigating Reverse Engineering |
DES 279 |
12 minutes |
| DES 280 – OWASP M10: Mitigating Extraneous Functionality |
DES 280 |
12 minutes |
| DES 281 – OWASP IoT1: Mitigating Weak, Guessable or Hardcoded Passwords |
DES 281 |
12 minutes |
| DES 282 – OWASP IoT2: Mitigating Insecure Network Services |
DES 282 |
12 minutes |
| DES 283 – OWASP IoT3: Mitigating Insecure Ecosystem Interfaces |
DES 283 |
12 minutes |
| DES 284 – OWASP IoT4: Mitigating Lack of Secure Update Mechanism |
DES 284 |
12 minutes |
| DES 285 – OWASP IoT5: Mitigating Use of Insecure or Outdated Components |
DES 285 |
12 minutes |
| DES 286 – OWASP IoT6: Mitigating Insufficient Privacy Protection |
DES 286 |
12 minutes |
| DES 287 – OWASP IoT7: Mitigating Insecure Data Transfer and Storage |
DES 287 |
12 minutes |
| DES 288 – OWASP IoT8: Mitigating Lack of Device Management |
DES 288 |
12 minutes |
| DES 289 – OWASP IoT9: Mitigating Insecure Default Settings |
DES 289 |
12 minutes |
| DES 290 – OWASP IoT10 Mitigating Lack of Physical Hardening |
DES 290 |
12 minutes |
| DES 305 – Protecting Existing Blockchain Assets |
DES 305 |
20 minutes |
| DES 306 – Creating a Secure Blockchain Network |
DES 306 |
20 minutes |
| DES 311 – Creating Secure Application Architecture |
DES 311 |
45 minutes |
| DES 312 – Protecting Cardholder Data |
DES 312 |
20 minutes |
| DSO 201 – Fundamentals of Secure DevOps |
DSO 201 |
30 minutes |
| DSO 205 – Securing the COTS Supply Chain |
DSO 205 |
15 minutes |
| DSO 206 – Securing the Open Source Supply Chain |
DSO 206 |
15 minutes |
| DSO 211 – Identifying Threats to Containers in a DevSecOps Framework |
DSO 211 |
20 minutes |
| DSO 253 – DevSecOps in the AWS Cloud |
DSO 253 |
20 minutes |
| DSO 254 – DevSecOps in the Azure Cloud |
DSO 254 |
20 minutes |
| DSO 256 – DevSecOps in the Google Cloud Platform |
DSO 256 |
20 minutes |
| DSO 301 – Orchestrating Secure System and Service Configuration |
DSO 301 |
20 minutes |
| DSO 302- Automated Security Testing |
DSO 302 |
20 minutes |
| DSO 303 – Automating Security Updates |
DSO 303 |
20 minutes |
| DSO 304 – Securing API Gateways in a DevSecOps Framework |
DSO 304 |
20 minutes |
| DSO 305 – Automating CI/CD Pipeline Compliance |
DSO 305 |
20 minutes |
| DSO 306 – Implementing Infrastructure as Code |
DSO 306 |
20 minutes |
| DSO 307 – Secure Secrets Management |
DSO 307 |
20 minutes |
| ENG 110 – Essential Account Management Security |
ENG 110 |
15 minutes |
| ENG 111 – Essential Session Management Security |
ENG 111 |
15 minutes |
| ENG 112 – Essential Access Control for Mobile Devices |
ENG 112 |
15 minutes |
| ENG 113 – Essential Secure Configuration Management |
ENG 113 |
15 minutes |
| ENG 114 – Essential Risk Assessment |
ENG 114 |
15 minutes |
| ENG 115 – Essential System & Information Integrity |
ENG 115 |
15 minutes |
| ENG 116 – Essential Security Planning Policy & Procedures |
ENG 116 |
15 minutes |
| ENG 117 – Essential Information Security Program Planning |
ENG 117 |
15 minutes |
| ENG 118 – Essential Incident Response |
ENG 118 |
15 minutes |
| ENG 119 – Essential Security Audit & Accountability |
ENG 119 |
15 minutes |
| ENG 120 – Essential Security Assessment & Authorization |
ENG 120 |
15 minutes |
| ENG 121 – Essential Identification & Authentication |
ENG 121 |
15 minutes |
| ENG 122 – Essential Physical & Environmental Protection |
ENG 122 |
15 minutes |
| ENG 123 – Essential Security Engineering Principles |
ENG 123 |
15 minutes |
| ENG 124 – Essential Application Protection |
ENG 124 |
15 minutes |
| ENG 125 – Essential Data Protection |
ENG 125 |
15 minutes |
| ENG 126 – Essential Security Maintenance Policies |
ENG 126 |
15 minutes |
| ENG 127 – Essential Media Protection |
ENG 127 |
15 minutes |
| ENG 150 – Meeting Confidentiality, Integrity, and Availability |
ENG 150 |
30 minutes |
| ENG 151 – Fundamentals of Privacy Protection |
ENG 151 |
10 minutes |
| ENG 191 – Introduction to the Microsoft SDL |
ENG 191 |
25 minutes |
| ENG 192- Implementing the Agile Microsoft SDL |
ENG 192 |
20 minutes |
| ENG 193 – Implementing the Microsoft SDL Optimization Model |
ENG 193 |
12 minutes |
| ENG 194 – Implementing Microsoft SDL Line of Business |
ENG 194 |
20 minutes |
| ENG 195 – Implementing the Microsoft SDL Threat Modeling Tool |
ENG 195 |
20 minutes |
| ENG 205 – Fundamentals of Threat Modeling |
ENG 205 |
45 minutes |
| ENG 211 – How to Create Application Security Design Requirements |
ENG 211 |
15 minutes |
| ENG 212 – Implementing Secure Software Operations |
ENG 212 |
20 minutes |
| ENG 251 – Risk Management Foundations |
ENG 251 |
20 minutes |
| ENG 311 – Attack Surface Analysis & Reduction |
ENG 311 |
25 minutes |
| ENG 312 – How to Perform a Security Code Review |
ENG 312 |
30 minutes |
| ENG 351 – Preparing the Risk Management Framework |
ENG 351 |
20 minutes |
| ENG 352 – Categorizing Systems and Information within the RMF |
ENG 352 |
10 minutes |
| ENG 353 – Selecting, Implementing and Assessing Controls within the RMF |
ENG 353 |
20 minutes |
| ENG 354 – Authorizing and Monitoring System Controls within the RMF |
ENG 354 |
20 minutes |
| LAB 101 – Identifying Broken Access Control Vulnerabilities (NEW) |
LAB 101 |
5 minutes |
| LAB 102 – Identifying Broken Object-Level Authorization Vulnerabilities (NEW) |
LAB 102 |
5 minutes |
| LAB 103 – Identifying Broken User Authentication Vulnerabilities (NEW) |
LAB 103 |
7 minutes |
| LAB 104 – Identifying Business Logic Flaw Vulnerabilities (NEW) |
LAB 104 |
7 minutes |
| LAB 105 – Identifying Credential Dumping: Vulnerability Identification (NEW) |
LAB 105 |
7 minutes |
| LAB 106 – Identifying Cross-Site Scripting Vulnerabilities (NEW) |
LAB 106 |
7 minutes |
| LAB 107 – Identifying Injection Vulnerabilities (NEW) |
LAB 107 |
7 minutes |
| LAB 108 – Identifying Reverse Engineering Vulnerabilities (NEW) |
LAB 108 |
8 minutes |
| LAB 109 – Identifying Security Misconfiguration Vulnerabilities (NEW) |
LAB 109 |
5 minutes |
| LAB 110 – Identifying Sensitive Data Exposure Vulnerability Identification (NEW) |
LAB 110 |
7 minutes |
| SDT 311 – Testing for Integer Overflow or Wraparound |
SDT 311 |
15 minutes |
| SDT 312 – Testing for (Path Traversal) Improper Limitation of a Pathname to a Restricted Directory |
SDT 312 |
15 minutes |
| SDT 313 – Testing for (CSRF) Cross Site Request Forgery |
SDT 313 |
15 minutes |
| SDT 314 – Testing for Unrestricted Upload of File with Dangerous Type |
SDT 314 |
15 minutes |
| SDT 315 – Testing for Incorrect Permission Assignment for Critical Resource |
SDT 315 |
15 minutes |
| SDT 316- Testing for Use of Hard-Coded Credentials |
SDT 316 |
15 minutes |
| SDT 317 – Testing for Improper Control of Generation of Code |
SDT 317 |
10 minutes |
| SDT 318 – Testing for Insufficiently Protected Credentials |
SDT 318 |
10 minutes |
| SDT 319 – Testing for Out-of-bounds Read |
SDT 319 |
10 minutes |
| SDT 320 – Testing for Out-of-bounds Write |
SDT 320 |
10 minutes |
| SDT 321 – Testing for Uncontrolled Resource Consumption |
SDT 321 |
10 minutes |
| SDT 322 – Testing for Improper Privilege Management |
SDT 322 |
10 minutes |
| SDT 323 – Testing for Improper Input Validation |
SDT 323 |
10 minutes |
| SDT 324 – Testing for Improper Restriction of Operations within the Bounds of a Memory Buffer |
SDT 324 |
10 minutes |
| SDT 325 – Testing for NULL Pointer Dereference |
SDT 325 |
10 minutes |
| SDT 326 – Testing for Use After Free |
SDT 326 |
10 minutes |
| TST 101 – Fundamentals of Security Testing |
TST 101 |
20 minutes |
| TST 202 – Penetration Testing Fundamentals |
TST 202 |
25 minutes |
| TST 205 – Performing Vulnerability Scans |
TST 205 |
45 minutes |
| TST 206 – ASVS Requirements for Developers |
TST 206 |
20 minutes |
| TST 301 – Infrastructure Penetration Testing |
TST 301 |
45 minutes |
| TST 302 – Application Penetration Testing |
TST 302 |
45 minutes |
| TST 303 – Penetration Testing for Google Cloud Platform (NEW) |
TST 303 |
20 minutes |
| TST 304 – Penetration Testing for AWS Cloud (NEW) |
TST 304 |
20 minutes |
| TST 305 – Penetration Testing for Azure Cloud (NEW) |
TST 305 |
20 minutes |
| TST 351 – Penetration Testing for TLS Vulnerabilities |
TST 351 |
12 minutes |
| TST 352 – Penetration Testing for Injection Vulnerabilities |
TST 352 |
12 minutes |
| TST 353 – Penetration Testing for SQL Injection |
TST 353 |
12 minutes |
| TST 354 – Penetration Testing for Memory Corruption Vulnerabilities |
TST 354 |
12 minutes |
| TST 355 – Penetration Testing for Authorization Vulnerabilities |
TST 355 |
12 minutes |
| TST 356 – Penetration Testing for Cross-Site Scripting (XSS) |
TST 356 |
12 minutes |
| TST 357 – Penetration Testing for Hardcoded Secrets |
TST 357 |
12 minutes |
| TST 358 – Penetration Testing Wireless Networks |
TST 358 |
12 minutes |
| TST 359 – Penetration Testing Network Infrastructure |
TST 359 |
12 minutes |
| TST 360 – Penetration Testing for Authentication Vulnerabilities |
TST 360 |
12 minutes |