The Courses

Course Title Course # Course Duration
AWA 007 – Information Privacy & Security Awareness for Executives AWA 007 45 minutes
AWA 008 – Information Privacy: Classifying Data AWA 008 15 minutes
AWA 009 – Information Privacy: Protecting Data AWA 009 20 minutes
AWA 010 – Email Security AWA 010 10 minutes
AWA 012 – Malware Awareness AWA 012 10 minutes
AWA 013 – Mobile Security AWA 013 15 minutes
AWA 014 – Password Security AWA 014 10 minutes
AWA 015 – PCI Compliance AWA 015 15 minutes
AWA 016 – Phishing Awareness AWA 016 10 minutes
AWA 017 – Physical Security AWA 017 10 minutes
AWA 018 – Social Engineering Awareness AWA 018 15 minutes
AWA 019 – Travel Security AWA 019 15 minutes
AWA 101 – Fundamentals of Application Security AWA 101 30 minutes
AWA 102 – Secure Software Concepts AWA 102 30 minutes
COD 102 – The Role of Software Security COD 102 10 minutes
COD 103 – Creating Software Security Requirements COD 103 10 minutes
COD 104 – Designing Secure Software COD 104 15 minutes
COD 105 – Secure Software Development COD 105 20 minutes
COD 106 – The Importance of Software Integration and Testing COD 106 15 minutes
COD 107 – Secure Software Deployment COD 107 10 minutes
COD 108 – Software Operations and Maintenance COD 108 10 minutes
COD 110 – Fundamentals of Secure Mobile Development COD 110 45 minutes
COD 141 – Fundamentals of Database Security COD 141 30 minutes
COD 152 – Fundamentals of Secure Cloud Development COD 152 20 minutes
COD 160 -Fundamentals of Secure Embedded Software Development COD 160 45 minutes
COD 170 – Identifying Threats to Mainframe COBOL Applications & Data COD 170 20 minutes
COD 201 – Secure C Encrypted Network Communications (UPDATED) COD 201 15 minutes
COD 202 – Secure C Runtime Protection (UPDATED) COD 202 15 minutes
COD 206 – Creating Secure C++ Code COD 206 15 minutes
COD 207 – Communication Security in C++ COD 207 15 minutes
COD 214 – Creating Secure GO Applications COD 214 30 minutes
COD 216 – Leveraging .NET Framework Code Access Security (CAS) COD 216 30 minutes
COD 217 – Mitigating .NET Security Threats COD 217 45 minutes
COD 219 – Creating Secure Code: SAP ABAP Foundations COD 219 90 minutes
COD 241 – Creating Secure Oracle DB Applications COD 241 45 minutes
COD 242 – Creating Secure SQL Server & Azure SQL DB Applications COD 242 40 minutes
COD 246 – PCI DSS 3: Protecting Stored Cardholder Data COD 246 15 minutes
COD 247 – PCI DSS 4: Encrypting Transmission of Cardholder Data COD 247 15 minutes
COD 248 – PCI DSS 6: Develop and Maintain Secure Systems and Applications COD 248 15 minutes
COD 249 – PCI DSS 11: Regularly Test Security Systems and Processes COD 249 15 minutes
COD 251 – Defending AJAX-Enabled Web Applications COD 251 25 minutes
COD 253 – Creating Secure AWS Cloud Applications COD 253 45 minutes
COD 254 – Creating Secure Azure Applications COD 254 45 minutes
COD 255 – Creating Secure Code: Web API Foundations (UPDATED) COD 255 20 minutes
COD 256 – Creating Secure Code: Ruby on Rails Foundations COD 256 45 minutes
COD 257 – Creating Secure Python Web Applications COD 257 45 minutes
COD 258 – Creating Secure PHP Web Applications COD 258 30 minutes
COD 259 – Node.js Threats & Vulnerabilities COD 259 30 minutes
COD 261 – Threats to Scripts COD 261 30 minutes
COD 262 – Fundamentals of Shell and Interpreted Language Security COD 262 30 minutes
COD 263 – Secure Bash Scripting COD 263 15 minutes
COD 264 – Secure Perl Scripting COD 264 15 minutes
COD 265 – Secure Python Scripting COD 265 15 minutes
COD 266 – Secure Ruby Scripting COD 266 15 minutes
COD 267 – Securing Python Microservices COD 267 30 minutes
COD 270 – Creating Secure COBOL & Mainframe Applications COD 270 25 minutes
COD 281 – Java Security Model COD 281 20 minutes
COD 283 – Java Cryptography COD 283 45 minutes
COD 284 – Secure Java Coding COD 284 30 minutes
COD 285 – Developing Secure Angular Applications COD 285 30 minutes
COD 286 – Creating Secure React User Interfaces (NEW) COD 286 10 minutes
COD 287 – Java Application Server Hardening (NEW) COD 287 20 minutes
COD 301 – Secure C Buffer Overflow Mitigations COD 301 45 minutes
COD 302 -Secure C Memory Management (UPDATED) COD 302 20 minutes
COD 303 – Common C Vulnerabilities & Attacks (UPDATED) COD 303 20 minutes
COD 307 – Protecting Data in C++ (UPDATED) COD 307 25 minutes
COD 308 – Common ASP.NET MVC Vulnerabilities and Attacks COD 308 45 minutes
COD 309 – Securing ASP.NET MVC Applications COD 309 30 minutes
COD 315 – Preventing Vulnerabilities in iOS Code in Swift (NEW) COD 315 20 minutes
COD 316 – Creating Secure iOS Code in Objective C COD 316 30 minutes
COD 317 – Protecting Data on iOS in Swift (UPDATED) COD 317 20 minutes
COD 318 – Protecting Data on Android in Java (UPDATED) COD 318 20 minutes
COD 319 – Preventing Vulnerabilities in Android Code in Java (NEW) COD 319 20 minutes
COD 321 – Protecting C# from Integer Overflows & Canonicalization COD 321 30 minutes
COD 322 – Protecting C# from SQL Injection (UPDATED) COD 322 8 minutes
COD 323 – Using Encryption with C# (UPDATED) COD 323 20 minutes
COD 324 – Protecting C# from XML Injection (NEW) COD 324 8 minutes
COD 326 – Testing for SQL Injection (CWE-89) COD 326 15 minutes
COD 327 – Testing for OS Command Injection (CWE-78) COD 327 15 minutes
COD 328 – Testing for Classic Buffer Overflow (CWE-120) COD 328 15 minutes
COD 329 – Testing for Cross-site Scripting (CWE-79) COD 329 15 minutes
COD 330 – Testing for Missing Authentication for Critical Function (CWE-306) COD 330 15 minutes
COD 331 – Testing for Missing Authorization (CWE-862) COD 331 15 minutes
COD 332 – Testing for Use of Hard-Coded Credentials (CWE-798) COD 332 15 minutes
COD 333 – Testing for Missing Encryption of Sensitive Data (CWE-311) COD 333 15 minutes
COD 334 – Testing for Unrestricted Upload of File with Dangerous Type (CWE-434) COD 334 15 minutes
COD 335 – Testing for Reliance on Untrusted Inputs in a Security Decision (CWE-807) COD 335 15 minutes
COD 336 – Testing for Execution with Unnecessary Privileges (CWE-250) COD 336 15 minutes
COD 337 – Testing for Cross Site Request Forgery (CSRF): CWE-352 COD 337 15 minutes
COD 338 – Testing for Path Traversal (CWE-22) COD 338 15 minutes
COD 339 – Testing for Download of Code without Integrity Check (CWE-494) COD 339 15 minutes
COD 340 – Testing for Incorrect Authorization (CWE-863) COD 340 15 minutes
COD 341 – Testing for Inclusion of Functionality from Untrusted Control Sphere (CWE-829) COD 341 15 minutes
COD 342 – Testing for Incorrect Permission Assignment for Critical Resource (CWE-732) COD 342 15 minutes
COD 343 – Testing for Use of a Potentially Dangerous Function (CWE-676) COD 343 15 minutes
COD 344 – Testing for Use of a Broken or Risky Cryptographic Algorithm (CWE-327) COD 344 15 minutes
COD 345 – Testing for Incorrect Calculation of Buffer Size (CWE-131) COD 345 15 minutes
COD 346 – Testing for Improper Restriction of Excessive Authentication Attempts (CWE-307) COD 346 15 minutes
COD 347 – Testing for Open Redirect (CWE-601) COD 347 15 minutes
COD 348 – Testing for Uncontrolled Format String (CWE-134) COD 348 15 minutes
COD 349 – Testing for Integer Overflow or Wraparound (CWE-190) COD 349 15 minutes
COD 350 – Testing for Use of a One-way Hash without a Salt (CWE-759) COD 350 15 minutes
COD 352 – Creating Secure JavaScript and jQuery Code COD 352 45 minutes
COD 361 – HTML5 Secure Threats COD 361 15 minutes
COD 362 – HTML5 Built in Security Features COD 362 20 minutes
COD 363- Securing HTML5 Data COD 363 20 minutes
COD 364 – Securing HTML5 Connectivity COD 364 20 minutes
COD 366 – Creating Secure Kotlin Applications COD 366 20 minutes
COD 370- Testing for OWASP 2017: Injection COD 370 15 minutes
COD 371 – Testing for OWASP 2017: Broken Authentication COD 371 12 minutes
COD 372 – Testing for OWASP 2017: Sensitive Data Exposure COD 372 12 minutes
COD 373 – Testing for OWASP 2017: XML External Entities COD 373 10 minutes
COD 374 – Testing for OWASP 2017: Broken Access Control COD 374 10 minutes
COD 375 – Testing for OWASP 2017: Security Misconfiguration COD 375 10 minutes
COD 376 – Testing for OWASP 2017: Cross Site Scripting (XSS) COD 376 15 minutes
COD 377 – Testing for OWASP 2017: Insecure Deserialization COD 377 10 minutes
COD 378 – Testing for OWASP 2017: Use of Components with Known Vulnerabilities COD 378 10 minutes
COD 379 – Testing for OWASP 2017: Insufficient Logging & Monitoring COD 379 10 minutes
COD 380 – Preventing SQL Injection in Java (UPDATED) COD 380 8 minutes
COD 381 – Preventing Path Traversal Attacks in Java (UPDATED) COD 381 8 minutes
COD 382 – Protecting Data in Java COD 382 30 minutes
COD 383 – Protecting Java Backend Services COD 383 30 minutes
COD 384 – Protecting Java from Information Disclosure (NEW) COD 384 8 minutes
COD 385 – Preventing Race Conditions in Java Code (NEW) COD 385 8 minutes
COD 386 – Preventing Integer Overflows in Java Code (NEW) COD 386 8 minutes
DES 101 – Fundamentals of Secure Architecture DES 101 20 minutes
DES 151 – Fundamentals of the PCI Secure SLC Standard DES 151 25 minutes
DES 202 – Cryptographic Suite Services: Encoding, Encrypting & Hashing DES 202 45 minutes
DES 203 – Cryptographic Components: Randomness, Algorithms, and Key Management DES 203 15 minutes
DES 204 – Role of Cryptography in Application Development DES 204 15 minutes
DES 205 – Message Integrity Cryptographic Functions DES 205 45 minutes
DES 206 – Meeting Cloud Governance and Compliance Requirements (NEW) DES 206 15 minutes
DES 210 – Hardening Linux/Unix Systems DES 210 30 minutes
DES 212 – Architecture Risk Analysis & Remediation DES 212 30 minutes
DES 214 – Securing Infrastructure Architecture DES 214 30 minutes
DES 215 – Defending Infrastructure DES 215 30 minutes
DES 216 – Protecting Cloud Infrastructure DES 216 40 minutes
DES 218 – Protecting Microservices, Containers, and Orchestration DES 218 30 minutes
DES 222 – Applying OWASP 2017: Mitigating Injection DES 222 12 minutes
DES 223 – Applying OWASP 2017: Mitigating Broken Authentication DES 223 12 minutes
DES 224 – Applying OWASP 2017: Mitigating Sensitive Data Exposure DES 224 12 minutes
DES 225 – Applying OWASP 2017: Mitigating XML External Entities DES 225 12 minutes
DES 226 – Applying OWASP 2017: Mitigating Broken Access Control DES 226 12 minutes
DES 227 – Applying OWASP 2017: Mitigating Security Misconfiguration DES 227 12 minutes
DES 228 – Applying OWASP 2017: Mitigating Cross Site Scripting (XSS) DES 228 12 minutes
DES 229 – Applying OWASP 2017: Mitigating Insecure Deserialization DES 229 12 minutes
DES 230 – Applying OWASP 2017: Mitigating Use of Components with Known Vulnerabilities DES 230 12 minutes
DES 231 – Applying OWASP 2017: Mitigating Insufficient Logging & Monitoring Vulnerabilities DES 231 12 minutes
DES 255 – Securing the IoT Update Process DES 255 30 minutes
DES 260 – Fundamentals of IoT Architecture & Design DES 260 30 minutes
DES 271 – OWASP M1: Mitigating Improper Platform Usage DES 271 12 minutes
DES 272 – OWASP M2: Mitigating Insecure Data Storage DES 272 12 minutes
DES 273 – OWASP M3: Mitigating Insecure Communication DES 273 12 minutes
DES 274 – OWASP M4: Mitigating Insecure Authentication DES 274 12 minutes
DES 275 – OWASP M5: Mitigating Insufficient Cryptography DES 275 12 minutes
DES 276 – OWASP M6: Mitigating Insecure Authorization DES 276 12 minutes
DES 277 – OWASP M7: Mitigating Client Code Quality DES 277 12 minutes
DES 278 – OWASP M8: Mitigating Code Tampering DES 278 12 minutes
DES 279 – OWASP M9: Mitigating Reverse Engineering DES 279 12 minutes
DES 280 – OWASP M10: Mitigating Extraneous Functionality DES 280 12 minutes
DES 281 – OWASP IoT1: Mitigating Weak, Guessable or Hardcoded Passwords DES 281 12 minutes
DES 282 – OWASP IoT2: Mitigating Insecure Network Services DES 282 12 minutes
DES 283 – OWASP IoT3: Mitigating Insecure Ecosystem Interfaces DES 283 12 minutes
DES 284 – OWASP IoT4: Mitigating Lack of Secure Update Mechanism DES 284 12 minutes
DES 285 – OWASP IoT5: Mitigating Use of Insecure or Outdated Components DES 285 12 minutes
DES 286 – OWASP IoT6: Mitigating Insufficient Privacy Protection DES 286 12 minutes
DES 287 – OWASP IoT7: Mitigating Insecure Data Transfer and Storage DES 287 12 minutes
DES 288 – OWASP IoT8: Mitigating Lack of Device Management DES 288 12 minutes
DES 289 – OWASP IoT9: Mitigating Insecure Default Settings DES 289 12 minutes
DES 290 – OWASP IoT10 Mitigating Lack of Physical Hardening DES 290 12 minutes
DES 305 – Protecting Existing Blockchain Assets DES 305 20 minutes
DES 306 – Creating a Secure Blockchain Network DES 306 20 minutes
DES 311 – Creating Secure Application Architecture DES 311 45 minutes
DES 312 – Protecting Cardholder Data (NEW) DES 312 20 minutes
DSO 201 – Fundamentals of Secure DevOps DSO 201 30 minutes
DSO 205 – Securing the COTS Supply Chain DSO 205 15 minutes
DSO 206 – Securing the Open Source Supply Chain DSO 206 15 minutes
DSO 211 – Identifying Threats to Containers in a DevSecOps Framework DSO 211 20 minutes
DSO 253 – DevSecOps in the AWS Cloud DSO 253 20 minutes
DSO 254 – DevSecOps in the Azure Cloud DSO 254 20 minutes
DSO 301 – Orchestrating Secure System and Service Configuration DSO 301 20 minutes
DSO 302- Automated Security Testing DSO 302 20 minutes
DSO 303 – Automating Security Updates DSO 303 20 minutes
DSO 304 – Securing API Gateways in a DevSecOps Framework DSO 304 20 minutes
DSO 305 – Automating CI/CD Pipeline Compliance DSO 305 20 minutes
DSO 306 – Implementing Infrastructure as Code (NEW) DSO 306 20 minutes
DSO 307 – Secure Secrets Management DSO 307 20 minutes
ENG 110 – Essential Account Management Security ENG 110 15 minutes
ENG 111 – Essential Session Management Security ENG 111 15 minutes
ENG 112 – Essential Access Control for Mobile Devices ENG 112 15 minutes
ENG 113 – Essential Secure Configuration Management ENG 113 15 minutes
ENG 114 – Essential Risk Assessment ENG 114 15 minutes
ENG 115 – Essential System & Information Integrity ENG 115 15 minutes
ENG 116 – Essential Security Planning Policy & Procedures ENG 116 15 minutes
ENG 117 – Essential Information Security Program Planning ENG 117 15 minutes
ENG 118 – Essential Incident Response ENG 118 15 minutes
ENG 119 – Essential Security Audit & Accountability ENG 119 15 minutes
ENG 120 – Essential Security Assessment & Authorization ENG 120 15 minutes
ENG 121 – Essential Identification & Authentication ENG 121 15 minutes
ENG 122 – Essential Physical & Environmental Protection ENG 122 15 minutes
ENG 123 – Essential Security Engineering Principles ENG 123 15 minutes
ENG 124 – Essential Application Protection ENG 124 15 minutes
ENG 125 – Essential Data Protection ENG 125 15 minutes
ENG 126 – Essential Security Maintenance Policies ENG 126 15 minutes
ENG 127 – Essential Media Protection ENG 127 15 minutes
ENG 150 – Meeting Confidentiality, Integrity, and Availability ENG 150 30 minutes
ENG 151 – Fundamentals of Privacy Protection ENG 151 10 minutes
ENG 191 – Introduction to the Microsoft SDL ENG 191 25 minutes
ENG 192- Implementing the Agile Microsoft SDL ENG 192 20 minutes
ENG 193 – Implementing the Microsoft SDL Optimization Model ENG 193 12 minutes
ENG 194 – Implementing Microsoft SDL Line of Business ENG 194 20 minutes
ENG 195 – Implementing the Microsoft SDL Threat Modeling Tool ENG 195 20 minutes
ENG 205 – Fundamentals of Threat Modeling ENG 205 45 minutes
ENG 211 – How to Create Application Security Design Requirements ENG 211 15 minutes
ENG 212 – Implementing Secure Software Operations (NEW) ENG 212 20 minutes
ENG 251 – Risk Management Foundations ENG 251 20 minutes
ENG 311 – Attack Surface Analysis & Reduction ENG 311 25 minutes
ENG 312 – How to Perform a Security Code Review ENG 312 30 minutes
ENG 351 – Preparing the Risk Management Framework ENG 351 20 minutes
ENG 352 – Categorizing Systems and Information within the RMF ENG 352 10 minutes
ENG 353 – Selecting, Implementing and Assessing Controls within the RMF ENG 353 20 minutes
ENG 354 – Authorizing and Monitoring System Controls within the RMF ENG 354 20 minutes
TST 101 – Fundamentals of Security Testing TST 101 20 minutes
TST 202 – Penetration Testing Fundamentals TST 202 25 minutes
TST 205 – Performing Vulnerability Scans TST 205 45 minutes
TST 206 – ASVS Requirements for Developers TST 206 20 minutes
TST 301 – Infrastructure Penetration Testing TST 301 45 minutes
TST 302 – Application Penetration Testing TST 302 45 minutes
TST 351 – Penetration Testing for TLS Vulnerabilities (New) TST 351 12 minutes
TST 352 – Penetration Testing for Injection Vulnerabilities TST 352 12 minutes
TST 353 – Penetration Testing for SQL Injection TST 353 12 minutes
TST 354 – Penetration Testing for Memory Corruption Vulnerabilities TST 354 12 minutes
TST 355 – Penetration Testing for Authorization Vulnerabilities TST 355 12 minutes
TST 356 – Penetration Testing for Cross-Site Scripting (XSS) TST 356 12 minutes
TST 357 – Penetration Testing for Hardcoded Secrets TST 357 12 minutes
TST 358 – Penetration Testing Wireless Networks TST 358 12 minutes
TST 359 – Penetration Testing Network Infrastructure TST 359 12 minutes
TST 360 – Penetration Testing for Authentication Vulnerabilities TST 360 12 minutes