| AWA 007 – Information Privacy & Security Awareness for Executives |
AWA 007 |
45 minutes |
| AWA 008 – Information Privacy: Classifying Data |
AWA 008 |
15 minutes |
| AWA 009 – Information Privacy: Protecting Data |
AWA 009 |
20 minutes |
| AWA 010 – Email Security |
AWA 010 |
10 minutes |
| AWA 012 – Malware Awareness |
AWA 012 |
10 minutes |
| AWA 013 – Mobile Security |
AWA 013 |
15 minutes |
| AWA 014 – Password Security |
AWA 014 |
10 minutes |
| AWA 015 – PCI Compliance |
AWA 015 |
15 minutes |
| AWA 016 – Phishing Awareness |
AWA 016 |
10 minutes |
| AWA 017 – Physical Security |
AWA 017 |
10 minutes |
| AWA 018 – Social Engineering Awareness |
AWA 018 |
15 minutes |
| AWA 019 – Travel Security |
AWA 019 |
15 minutes |
| AWA 101 – Fundamentals of Application Security (UPDATED) |
AWA 101 |
30 minutes |
| AWA 102 – Secure Software Concepts |
AWA 102 |
30 minutes |
| COD 102 – The Role of Software Security (NEW) |
COD 102 |
10 minutes |
| COD 103 – Creating Software Security Requirements (NEW) |
COD 103 |
10 minutes |
| COD 104 – Designing Secure Software (NEW) |
COD 104 |
15 minutes |
| COD 105 – Secure Software Development (NEW) |
COD 105 |
20 minutes |
| COD 106 – The Importance of Software Integration and Testing (NEW) |
COD 106 |
15 minutes |
| COD 107 – Secure Software Deployment (NEW) |
COD 107 |
10 minutes |
| COD 108 – Software Operations and Maintenance (NEW) |
COD 108 |
10 minutes |
| COD 110 – Fundamentals of Secure Mobile Development (Updated) |
COD 110 |
45 minutes |
| COD 141 – Fundamentals of Database Security (Updated) |
COD 141 |
30 minutes |
| COD 152 – Fundamentals of Secure Cloud Development (Updated) |
COD 152 |
20 minutes |
| COD 160 -Fundamentals of Secure Embedded Software Development (Updated) |
COD 160 |
45 minutes |
| COD 170 – Identifying Threats to Mainframe COBOL Applications & Data |
COD 170 |
20 minutes |
| COD 201 – Secure C Encrypted Network Communications |
COD 201 |
15 minutes |
| COD 202 – Secure C Runtime Protection |
COD 202 |
15 minutes |
| COD 206 – Creating Secure C++ Code |
COD 206 |
15 minutes |
| COD 207 – Communication Security in C++ |
COD 207 |
15 minutes |
| COD 214 – Creating Secure GO Applications (NEW) |
COD 214 |
30 minutes |
| COD 216 – Leveraging .NET Framework Code Access Security (CAS) |
COD 216 |
30 minutes |
| COD 217 – Mitigating .NET Security Threats |
COD 217 |
45 minutes |
| COD 219 – Creating Secure Code: SAP ABAP Foundations |
COD 219 |
90 minutes |
| COD 222 – PCI DSS v3.2 Best Practices for Developers |
COD 222 |
60 minutes |
| COD 225 – Insecure IoT Web Interfaces (UPDATED) |
COD 225 |
10 minutes |
| COD 226 – Insecure IoT Authentication & Authorization (UPDATED) |
COD 226 |
10 minutes |
| COD 227 – Insecure IoT Network Services (UPDATED) |
COD 227 |
10 minutes |
| COD 228 – Insecure IoT Communications (UPDATED) |
COD 228 |
10 minutes |
| COD 229 – Insecure IoT Mobile Interface (UPDATED) |
COD 229 |
10 minutes |
| COD 230 – Insecure IoT Firmware (UPDATED) |
COD 230 |
10 minutes |
| COD 234 – Mobile Threats & Mitigations |
COD 234 |
20 minutes |
| COD 235 – Defending Mobile Data with Cryptography |
COD 235 |
20 minutes |
| COD 236 – Mobile App Authentication & Authorization |
COD 236 |
20 minutes |
| COD 237 – Defending Mobile App Code |
COD 237 |
20 minutes |
| COD 241 – Creating Secure Oracle DB Applications |
COD 241 |
45 minutes |
| COD 242 – Creating Secure SQL Server & Azure SQL DB Applications (Updated) |
COD 242 |
40 minutes |
| COD 246 – PCI DSS 3: Protecting Stored Cardholder Data (NEW) |
COD 246 |
15 minutes |
| COD 247 – PCI DSS 4: Encrypting Transmission of Cardholder Data (NEW) |
COD 247 |
15 minutes |
| COD 248 – PCI DSS 6: Develop and Maintain Secure Systems and Applications (NEW) |
COD 248 |
15 minutes |
| COD 249 – PCI DSS 11: Regularly Test Security Systems and Processes (NEW) |
COD 249 |
15 minutes |
| COD 251 – Defending AJAX-Enabled Web Applications (NEW) |
COD 251 |
25 minutes |
| COD 253 – Creating Secure AWS Cloud Applications (Updated) |
COD 253 |
45 minutes |
| COD 254 – Creating Secure Azure Applications (Updated) |
COD 254 |
45 minutes |
| COD 255 – Creating Secure Code: Web API Foundations |
COD 255 |
120 minutes |
| COD 256 – Creating Secure Code: Ruby on Rails Foundations (Updated) |
COD 256 |
45 minutes |
| COD 257 – Creating Secure Python Web Applications (Updated) |
COD 257 |
45 minutes |
| COD 258 – Creating Secure PHP Web Applications (NEW) |
COD 258 |
30 minutes |
| COD 259 – Node.js Threats & Vulnerabilities |
COD 259 |
30 minutes |
| COD 261 – Threats to Scripts (UPDATED) |
COD 261 |
30 minutes |
| COD 262 – Fundamentals of Shell and Interpreted Language Security (UPDATED) |
COD 262 |
30 minutes |
| COD 263 – Secure Bash Scripting (NEW) |
COD 263 |
15 minutes |
| COD 264 – Secure Perl Scripting (NEW) |
COD 264 |
15 minutes |
| COD 265 – Secure Python Scripting (NEW) |
COD 265 |
15 minutes |
| COD 266 – Secure Ruby Scripting (NEW) |
COD 266 |
15 minutes |
| COD 267 – Securing Python Microservices (New) |
COD 267 |
30 minutes |
| COD 270 – Creating Secure COBOL & Mainframe Applications |
COD 270 |
25 minutes |
| COD 281 – Java Security Model |
COD 281 |
20 minutes |
| COD 282 – Java Authentication & Authorization |
COD 282 |
20 minutes |
| COD 283 – Java Cryptography (UPDATED) |
COD 283 |
45 minutes |
| COD 284 – Secure Java Coding (NEW) |
COD 284 |
30 minutes |
| COD 301 – Secure C Buffer Overflow Mitigations |
COD 301 |
45 minutes |
| COD 302 -Secure C Memory Management |
COD 302 |
30 minutes |
| COD 303 – Common C Vulnerabilities & Attacks |
COD 303 |
20 minutes |
| COD 307 – Protecting Data in C++ |
COD 307 |
25 minutes |
| COD 308 – Common ASP.NET MVC Vulnerabilities and Attacks (New) |
COD 308 |
45 minutes |
| COD 309 – Securing ASP.NET MVC Applications (New) |
COD 309 |
30 minutes |
| COD 316 – Creating Secure iOS Code in Objective C |
COD 316 |
30 minutes |
| COD 317 – Creating Secure iOS Code in Swift (Updated) |
COD 317 |
45 minutes |
| COD 318 – Creating Secure Android Code in Java (Updated) |
COD 318 |
45 minutes |
| COD 321 – Protecting C# from Integer Overflows & Canonicalization |
COD 321 |
30 minutes |
| COD 322 – Protecting C# from SQL & XML Injection |
COD 322 |
35 minutes |
| COD 323 – Protecting Data in C# |
COD 323 |
25 minutes |
| COD 352 – Creating Secure JavaScript and jQuery Code (Updated) |
COD 352 |
45 minutes |
| COD 361 – HTML5 Secure Threats |
COD 361 |
15 minutes |
| COD 362 – HTML5 Built in Security Features |
COD 362 |
20 minutes |
| COD 363- Securing HTML5 Data |
COD 363 |
20 minutes |
| COD 364 – Securing HTML5 Connectivity |
COD 364 |
20 minutes |
| COD 380 – Protecting Java Code: SQLi & Integer Overflows |
COD 380 |
10 minutes |
| COD 381 – Protecting Java Code: Canonicalization, Information Disclosure and TOCTOU |
COD 381 |
25 minutes |
| COD 382 – Protecting Data in Java |
COD 382 |
30 minutes |
| COD 383 – Protecting Java Backend Services (New) |
COD 383 |
30 minutes |
| DES 101 – Fundamentals of Secure Architecture (Updated) |
DES 101 |
20 minutes |
| DES 151 – Fundamentals of the PCI Secure SLC Standard (New) |
DES 151 |
25 minutes |
| DES 202 – Cryptographic Suite Services: Encoding, Encrypting & Hashing |
DES 202 |
45 minutes |
| DES 203 – Cryptographic Components: Randomness, Algorithms, and Key Management |
DES 203 |
15 minutes |
| DES 204 – Role of Cryptography in Application Development |
DES 204 |
15 minutes |
| DES 205 – Message Integrity Cryptographic Functions |
DES 205 |
45 minutes |
| DES 210 – Hardening Linux/Unix Systems (Coming Soon) |
DES 210 |
30 minutes |
| DES 212 – Architecture Risk Analysis & Remediation (Updated) |
DES 212 |
30 minutes |
| DES 214 – Securing Infrastructure Architecture (NEW) |
DES 214 |
30 minutes |
| DES 215 – Defending Infrastructure (NEW) |
DES 215 |
30 minutes |
| DES 216 – Protecting Cloud Infrastructure (New) |
DES 216 |
40 minutes |
| DES 217 – Application, Technical & Physical Access Controls |
DES 217 |
30 minutes |
| DES 218 – Protecting Microservices, Containers, and Orchestration (New) |
DES 218 |
30 minutes |
| DES 222 – Applying OWASP 2017: Mitigating Injection |
DES 222 |
12 minutes |
| DES 223 – Applying OWASP 2017: Mitigating Broken Authentication |
DES 223 |
12 minutes |
| DES 224 – Applying OWASP 2017: Mitigating Sensitive Data Exposure |
DES 224 |
12 minutes |
| DES 225 – Applying OWASP 2017: Mitigating XML External Entities |
DES 225 |
12 minutes |
| DES 226 – Applying OWASP 2017: Mitigating Broken Access Control |
DES 226 |
12 minutes |
| DES 227 – Applying OWASP 2017: Mitigating Security Misconfiguration |
DES 227 |
12 minutes |
| DES 228 – Applying OWASP 2017: Mitigating Cross Site Scripting (XSS) |
DES 228 |
12 minutes |
| DES 229 – Applying OWASP 2017: Mitigating Insecure Deserialization |
DES 229 |
12 minutes |
| DES 230 – Applying OWASP 2017: Mitigating Use of Components with Known Vulnerabilities |
DES 230 |
12 minutes |
| DES 231 – Applying OWASP 2017: Mitigating Insufficient Logging & Monitoring Vulnerabilities |
DES 231 |
12 minutes |
| DES 255 – Securing the IoT Update Process (New) |
DES 255 |
30 minutes |
| DES 260 – Fundamentals of IoT Architecture & Design |
DES 260 |
30 minutes |
| DES 305 – Protecting Existing Blockchain Assets (Coming Soon) |
DES 305 |
20 minutes |
| DES 306 – Creating a Secure Blockchain Network (Coming Soon) |
DES 306 |
20 minutes |
| DES 311 – Creating Secure Application Architecture (Updated) |
DES 311 |
45 minutes |
| DES 352 – Creating Secure Over the Air (OTA) Updates |
DES 352 |
90 minutes |
| DS0 201 – Fundamentals of Secure DevOps (New) |
DSO 201 |
30 minutes |
| DSO 205 – Securing the COTS Supply Chain (Coming Soon) |
DSO 205 |
15 minutes |
| DSO 253 – DevSecOps in the AWS Cloud (Coming Soon) |
DSO 253 |
20 minutes |
| DSO 254 – DevSecOps in the Azure Cloud (Coming Soon) |
DSO 254 |
20 minutes |
| ENG 110 – Essential Account Management Securitiy |
ENG 110 |
15 minutes |
| ENG 111 Essential Session Management Security |
ENG 111 |
15 minutes |
| ENG 112 – Essential Access Control for Mobile Devices |
ENG 112 |
15 minutes |
| ENG 113 – Essential Secure Configuration Management |
ENG 113 |
15 minutes |
| ENG 114 – Essential Risk Assessment |
ENG 114 |
15 minutes |
| ENG 115 – Essential System & Information Integrity |
ENG 115 |
15 minutes |
| ENG 116 – Essential Security Planning Policy & Procedures |
ENG 116 |
15 minutes |
| ENG 117 – Essential Information Security Program Planning |
ENG 117 |
15 minutes |
| ENG 118 – Essential Incident Response |
ENG 118 |
15 minutes |
| ENG 119 – Essential Security Audit & Accountability |
ENG 119 |
15 minutes |
| ENG 120 – Essential Security Assessment & Authorization |
ENG 120 |
15 minutes |
| ENG 121 – Essential Identification & Authentication |
ENG 121 |
15 minutes |
| ENG 122 – Essential Physical & Environmental Protection |
ENG 122 |
15 minutes |
| ENG 123 – Essential Security Engineering Principles |
ENG 123 |
15 minutes |
| ENG 124 – Essential Application Protection |
ENG 124 |
15 minutes |
| ENG 125 – Essential Data Protection |
ENG 125 |
15 minutes |
| ENG 126 – Essential Security Maintenance Policies |
ENG 126 |
15 minutes |
| ENG 127 – Essential Media Protection |
ENG 127 |
15 minutes |
| ENG 150 – Meeting Confidentiality, Integrity, and Availability (NEW) |
ENG 150 |
30 minutes |
| ENG 191 – Introduction to the Microsoft SDL |
ENG 191 |
25 minutes |
| ENG 192- Implementing the Agile Microsoft SDL |
ENG 192 |
20 minutes |
| ENG 193 – Implementing the Microsoft SDL Optimization Model |
ENG 193 |
12 minutes |
| ENG 194 – Implementing Microsoft SDL Line of Business |
ENG 194 |
20 minutes |
| ENG 195 – Implementing the Microsoft SDL Threat Modeling Tool |
ENG 195 |
20 minutes |
| ENG 205 – Fundamentals of Threat Modeling (Updated) |
ENG 205 |
45 minutes |
| ENG 211 – How to Create Application Security Design Requirements (Updated) |
ENG 211 |
15 minutes |
| ENG 251 – Risk Management Foundations (New) |
ENG 251 |
20 minutes |
| ENG 311 – Attack Surface Analysis & Reduction (Updated) |
ENG 311 |
25 minutes |
| ENG 312 – How to Perform a Security Code Review (Updated) |
ENG 312 |
30 minutes |
| ENG 351 – Preparing the Risk Management Framework (New) |
ENG 351 |
20 minutes |
| ENG 352 – Categorizing Systems and Information within the RMF (Coming Soon) |
ENG 352 |
10 minutes |
| ENG 353 – Selecting, Implementing and Assessing Controls within the RMF (Coming Soon) |
ENG 353 |
20 minutes |
| ENG 354 – Authorizing and Monitoring System Controls within the RMF (Coming Soon) |
ENG 354 |
.20 minutes |
| TST 101 – Fundamentals of Security Testing (UPDATED) |
TST 101 |
20 minutes |
| TST 201 – Testing for CWE SANS Top 25 Software Errors |
TST 201 |
60 minutes |
| TST 202 – Penetration Testing Fundamentals (New) |
TST 202 |
25 minutes |
| TST 205 – Performing Vulnerability Scans (New) |
TST 205 |
45 minutes |
| TST 222 – Testing for OWASP 2017: Injection |
TST 222 |
15 minutes |
| TST 223 – Testing for OWASP 2017: Broken Authentication |
TST 223 |
12 minutes |
| TST 224 – Testing for OWASP 2017: Sensitive Data Exposure |
TST 224 |
12 minutes |
| TST 225 – Testing for OWASP 2017: XML External Entities |
TST 225 |
10 minutes |
| TST 226 – Testing for OWASP 2017: Broken Access Control |
TST 226 |
10 minutes |
| TST 227 – Testing for OWASP 2017: Security Misconfiguration |
TST 227 |
10 minutes |
| TST 228 – Testing for OWASP 2017: Cross Site Scripting (XSS) |
TST 228 |
15 minutes |
| TST 229 – Testing for OWASP 2017: Insecure Deserialization |
TST 229 |
10 minutes |
| TST 230 – Testing for OWASP 2017: Use of Components with Known Vulnerabilities |
TST 230 |
10 minutes |
| TST 231 – Testing for OWASP 2017: Insufficient Logging & Monitoring |
TST 231 |
10 minutes |
| TST 251 – Testing for SQL Injection (CWE-89) |
TST 251 |
15 minutes |
| TST 252 – Testing for OS Command Injection (CWE-78) |
TST 252 |
15 minutes |
| TST 253 – Testing for Classic Buffer Overflow (CWE-120) |
TST 253 |
15 minutes |
| TST 254 – Testing for Cross-site Scripting (CWE-79) |
TST 254 |
15 minutes |
| TST 255 – Testing for Missing Authentication for Critical Function (CWE-306) |
TST 255 |
15 minutes |
| TST 256 – Testing for Missing Authorization (CWE-862) |
TST 256 |
15 minutes |
| TST 257 – Testing for Use of Hard-Coded Credentials (CWE-798) |
TST 257 |
15 minutes |
| TST 258 – Testing for Missing Encryption of Sensitive Data (CWE-311) |
TST 258 |
15 minutes |
| TST 259 – Testing for Unrestricted Upload of File with Dangerous Type (CWE-434) |
TST 259 |
15 minutes |
| TST 260 – Testing for Reliance on Untrusted Inputs in a Security Decision (CWE-807) |
TST 260 |
15 minutes |
| TST 261 – Testing for Execution with Unnecessary Privileges (CWE-250) |
TST 261 |
15 minutes |
| TST 262 – Testing for Cross Site Request Forgery (CSRF): CWE-352 |
TST 262 |
15 minutes |
| TST 263 – Testing for Path Traversal (CWE-22) |
TST 263 |
15 minutes |
| TST 264 – Testing for Download of Code without Integrity Check (CWE-494) |
TST 264 |
15 minutes |
| TST 265 – Testing for Incorrect Authorization (CWE-863) |
TST 265 |
15 minutes |
| TST 266 – Testing for Inclusion of Functionality from Untrusted Control Sphere (CWE-829) |
TST 266 |
15 minutes |
| TST 267 – Testing for Incorrect Permission Assignment for Critical Resource (CWE-732) |
TST 267 |
15 minutes |
| TST 268 – Testing for Use of a Potentially Dangerous Function (CWE-676) |
TST 268 |
15 minutes |
| TST 269 – Testing for Use of a Broken or Risky Cryptographic Algorithm (CWE-327) |
TST 269 |
15 minutes |
| TST 270 – Testing for Incorrect Calculation of Buffer Size (CWE-131) |
TST 270 |
15 minutes |
| TST 271 – Testing for Improper Restriction of Excessive Authentication Attempts (CWE-307) |
TST 271 |
15 minutes |
| TST 272 – Testing for Open Redirect (CWE-601) |
TST 272 |
15 minutes |
| TST 273 – Testing for Uncontrolled Format String (CWE-134) |
TST 273 |
15 minutes |
| TST 274 – Testing for Integer Overflow or Wraparound (CWE-190) |
TST 274 |
15 minutes |
| TST 275 – Testing for Use of a One-way Hash without a Salt (CWE-759) |
TST 275 |
15 minutes |
| TST 301 – Infrastructure Penetration Testing (Coming Soon) |
TST 301 |
45 minutes |
| TST 302 – Application Penetration Testing (Coming Soon) |
TST 302 |
45 minutes |
| TST 351 – Penetration Testing for TLS Vulnerabilities (New) |
TST 351 |
12 minutes |
| TST 352 – Penetration Testing for Injection Vulnerabilities (New) |
TST 352 |
12 minutes |
| TST 353 – Penetration Testing for SQL Injection (New) |
TST 353 |
12 minutes |
| TST 354 – Penetration Testing for Memory Corruption Vulnerabilities (New) |
TST 354 |
12 minutes |
| TST 355 – Penetration Testing for Authorization Vulnerabilities (New) |
TST 355 |
12 minutes |
| TST 356 – Penetration Testing for Cross-Site Scripting (XSS) (New) |
TST 356 |
12 minutes |
| TST 357 – Penetration Testing for Hardcoded Secrets (New) |
TST 357 |
12 minutes |
| TST 358 – Penetration Testing Wireless Networks (New) |
TST 358 |
12 minutes |
| TST 359 – Penetration Testing Network Infrastructure (New) |
TST 359 |
12 minutes |
| TST 360 – Penetration Testing for Authentication Vulnerabilities (New) |
TST 360 |
12 minutes |