| API 210 – Mitigating APIs Lack of Resources & Rate Limiting |
API 210 |
15 minutes |
| API 211 – Mitigating APIs Broken Object Level Authorization |
API 211 |
15 minutes |
| API 213 – Mitigating APIs Mass Assignment |
API 213 |
15 minutes |
| API 214 – Mitigating APIs Improper Asset Management |
API 214 |
15 minutes |
| API 250 – Controlling Access to the Kubernetes API |
API 250 |
20 minutes |
| ATK 201 – Using the MITRE ATT&CK Framework |
ATK 201 |
15 minutes |
| AWA 101 – Fundamentals of Application Security (UPDATED) |
AWA 101 |
20 minutes |
| AWA 102 – Secure Software Concepts (UPDATED) |
AWA 102 |
20 minutes |
| COD 102 – The Role of Software Security |
COD 102 |
10 minutes |
| COD 103 – Creating Software Security Requirements |
COD 103 |
10 minutes |
| COD 104 – Designing Secure Software |
COD 104 |
15 minutes |
| COD 105 – Secure Software Development |
COD 105 |
20 minutes |
| COD 106 – The Importance of Software Integration and Testing |
COD 106 |
15 minutes |
| COD 107 – Secure Software Deployment |
COD 107 |
10 minutes |
| COD 108 – Software Operations and Maintenance |
COD 108 |
10 minutes |
| COD 110 – Fundamentals of Secure Mobile Development |
COD 110 |
45 minutes |
| COD 141 – Fundamentals of Database Security |
COD 141 |
30 minutes |
| COD 152 – Fundamentals of Secure Cloud Development |
COD 152 |
20 minutes |
| COD 160 – Fundamentals of Secure Embedded Software Development |
COD 160 |
45 minutes |
| COD 170 – Identifying Threats to Mainframe COBOL Applications & Data |
COD 170 |
20 minutes |
| COD 201 – Secure C Encrypted Network Communications |
COD 201 |
15 minutes |
| COD 202 – Secure C Runtime Protection |
COD 202 |
15 minutes |
| COD 206 – Creating Secure C++ Code |
COD 206 |
15 minutes |
| COD 207 – Communication Security in C++ |
COD 207 |
15 minutes |
| COD 214 – Creating Secure GO Applications |
COD 214 |
30 minutes |
| COD 216 – Leveraging .NET Framework Code Access Security (CAS) |
COD 216 |
60 minutes |
| COD 217 – Mitigating .NET Security Threats |
COD 217 |
45 minutes |
| COD 219 – Creating Secure Code: SAP ABAP Foundations |
COD 219 |
90 minutes |
| COD 241 – Creating Secure Oracle DB Applications |
COD 241 |
45 minutes |
| COD 242 – Creating Secure SQL Server & Azure SQL DB Applications |
COD 242 |
40 minutes |
| COD 246 – PCI DSS Requirement 3: Protecting Stored Cardholder Data (UPDATED) |
COD 246 |
20 minutes |
| COD 247 – PCI DSS Requirement 4: Encrypting Transmission of Cardholder Data (UPDATED) |
COD 247 |
15 minutes |
| COD 248 – PCI DSS Requirement 6: Develop and Maintain Secure Systems and Applications (UPDATED) |
COD 248 |
15 minutes |
| COD 249 – PCI DSS Requirement 11: Regularly Test Security Systems and Processes (UPDATED) |
COD 249 |
15 minutes |
| COD 251 – Defending AJAX-Enabled Web Applications |
COD 251 |
25 minutes |
| COD 252 – Securing Google Platform Applications & Data |
COD 252 |
25 minutes |
| COD 253 – Creating Secure AWS Cloud Applications |
COD 253 |
45 minutes |
| COD 254 – Creating Secure Azure Applications |
COD 254 |
45 minutes |
| COD 255 – Creating Secure Code: Web API Foundations |
COD 255 |
20 minutes |
| COD 256 – Creating Secure Code: Ruby on Rails Foundations |
COD 256 |
90 minutes |
| COD 257 – Creating Secure Python Web Applications |
COD 257 |
45 minutes |
| COD 258 – Creating Secure PHP Web Applications |
COD 258 |
30 minutes |
| COD 259 – Node.js Threats & Vulnerabilities |
COD 259 |
30 minutes |
| COD 261 – Threats to Scripts |
COD 261 |
30 minutes |
| COD 262 – Fundamentals of Shell and Interpreted Language Security |
COD 262 |
30 minutes |
| COD 263 – Secure Bash Scripting |
COD 263 |
15 minutes |
| COD 264 – Secure Perl Scripting |
COD 264 |
15 minutes |
| COD 265 – Secure Python Scripting |
COD 265 |
15 minutes |
| COD 266 – Secure Ruby Scripting |
COD 266 |
15 minutes |
| COD 267 – Securing Python Microservices |
COD 267 |
30 minutes |
| COD 270 – Creating Secure COBOL & Mainframe Applications |
COD 270 |
25 minutes |
| COD 281 – Java Security Model |
COD 281 |
20 minutes |
| COD 283 – Java Cryptography |
COD 283 |
45 minutes |
| COD 284 – Secure Java Coding |
COD 284 |
30 minutes |
| COD 285 – Developing Secure Angular Applications |
COD 285 |
30 minutes |
| COD 286 – Creating Secure React User Interfaces |
COD 286 |
10 minutes |
| COD 287 – Java Application Server Hardening |
COD 287 |
20 minutes |
| COD 301 – Secure C Buffer Overflow Mitigations |
COD 301 |
45 minutes |
| COD 302 – Secure C Memory Management |
COD 302 |
20 minutes |
| COD 303 – Common C Vulnerabilities & Attacks |
COD 303 |
20 minutes |
| COD 307 – Protecting Data in C++ |
COD 307 |
25 minutes |
| COD 308 – Common ASP.NET MVC Vulnerabilities and Attacks |
COD 308 |
45 minutes |
| COD 309 – Securing ASP.NET MVC Applications |
COD 309 |
30 minutes |
| COD 315 – Preventing Vulnerabilities in iOS Code in Swift |
COD 315 |
20 minutes |
| COD 316 – Creating Secure iOS Code in Objective C |
COD 316 |
30 minutes |
| COD 317 – Protecting Data on iOS in Swift |
COD 317 |
20 minutes |
| COD 318 – Protecting Data on Android in Java |
COD 318 |
20 minutes |
| COD 319 – Preventing Vulnerabilities in Android Code in Java |
COD 319 |
20 minutes |
| COD 321 – Protecting C# from Integer Overflows & Canonicalization |
COD 321 |
30 minutes |
| COD 322 – Protecting C# from SQL Injection |
COD 322 |
8 minutes |
| COD 323 – Using Encryption with C# |
COD 323 |
20 minutes |
| COD 324 – Protecting C# from XML Injection |
COD 324 |
8 minutes |
| COD 352 – Creating Secure JavaScript and jQuery Code |
COD 352 |
45 minutes |
| COD 361 – HTML5 Secure Threats |
COD 361 |
15 minutes |
| COD 362 – HTML5 Built in Security Features |
COD 362 |
20 minutes |
| COD 363 – Securing HTML5 Data |
COD 363 |
20 minutes |
| COD 364 – Securing HTML5 Connectivity |
COD 364 |
20 minutes |
| COD 366 – Creating Secure Kotlin Applications |
COD 366 |
20 minutes |
| COD 380 – Preventing SQL Injection in Java |
COD 380 |
8 minutes |
| COD 381 – Preventing Path Traversal Attacks in Java |
COD 381 |
8 minutes |
| COD 382 – Protecting Data in Java |
COD 382 |
30 minutes |
| COD 383 – Protecting Java Backend Services |
COD 383 |
30 minutes |
| COD 384 – Protecting Java from Information Disclosure |
COD 384 |
8 minutes |
| COD 385 – Preventing Race Conditions in Java Code |
COD 385 |
8 minutes |
| COD 386 – Preventing Integer Overflows in Java Code |
COD 386 |
8 minutes |
| CYB 210 – Cybersecurity Incident Response |
CYB 210 |
12 minutes |
| CYB 211 – Identifying and Protecting Assets Against Ransomware |
CYB 211 |
12 minutes |
| CYB 212 – Fundamentals of Security Information & Event Management (SIEM) |
CYB 212 |
15 minutes |
| CYB 250 – Cyber Threat Hunting: Tactics, Techniques, and Procedures (TTP) |
CYB 250 |
20 minutes |
| CYB 301 – Fundamentals of Ethical Hacking |
CYB 301 |
15 minutes |
| DES 101 – Fundamentals of Secure Architecture |
DES 101 |
20 minutes |
| DES 151 – Fundamentals of the PCI Secure SLC Standard |
DES 151 |
25 minutes |
| DES 202 – Cryptographic Suite Services: Encoding, Encrypting & Hashing |
DES 202 |
45 minutes |
| DES 203 – Cryptographic Components: Randomness, Algorithms, and Key Management |
DES 203 |
15 minutes |
| DES 204 – Role of Cryptography in Application Development |
DES 204 |
15 minutes |
| DES 205 – Message Integrity Cryptographic Functions |
DES 205 |
45 minutes |
| DES 206 – Meeting Cloud Governance and Compliance Requirements |
DES 206 |
15 minutes |
| DES 207 – Mitigating OWASP API Security Top 10 |
DES 207 |
15 minutes |
| DES 208 – Defending Against the CSA Top 11 Threats to Cloud Computing |
DES 208 |
15 minutes |
| DES 209 – Authentication and Lifecycle Management |
DES 209 |
15 minutes |
| DES 210 – Hardening Linux/Unix Systems |
DES 210 |
30 minutes |
| DES 212 – Architecture Risk Analysis & Remediation |
DES 212 |
30 minutes |
| DES 214 – Securing Infrastructure Architecture |
DES 214 |
30 minutes |
| DES 215 – Defending Infrastructure |
DES 215 |
30 minutes |
| DES 216 – Protecting Cloud Infrastructure |
DES 216 |
40 minutes |
| DES 217 – Securing Terraform Infrastructure and Resources |
DES 217 |
20 minutes |
| DES 218 – Protecting Microservices, Containers, and Orchestration |
DES 218 |
30 minutes |
| DES 219 – Securing Google’s Firebase Platform (NEW) |
DES 219 |
60 minutes |
| DES 232 – Mitigating OWASP 2021 Injection |
DES 232 |
12 minutes |
| DES 233 – Mitigating OWASP 2021 Identification and Authentication Failures |
DES 233 |
12 minutes |
| DES 234 – Mitigating OWASP 2021 Cryptographic Failures |
DES 234 |
12 minutes |
| DES 235 – Mitigating OWASP 2021 Insecure Design |
DES 235 |
12 minutes |
| DES 236 – Mitigating OWASP 2021 Broken Access Control |
DES 236 |
12 minutes |
| DES 237 – Mitigating OWASP 2021 Security Misconfiguration |
DES 237 |
12 minutes |
| DES 238 – Mitigating OWASP 2021 Server-Side Request Forgery (SSRF) |
DES 238 |
12 minutes |
| DES 239 – Mitigating OWASP 2021 Software and Data Integrity Failures |
DES 239 |
12 minutes |
| DES 240 – Mitigating OWASP 2021 Vulnerable and Outdated Components |
DES 240 |
12 minutes |
| DES 241 – Mitigating OWASP 2021 Security Logging and Monitoring Failures |
DES 241 |
12 minutes |
| DES 255 – Securing the IoT Update Process |
DES 255 |
30 minutes |
| DES 260 – Fundamentals of IoT Architecture & Design |
DES 260 |
30 minutes |
| DES 261 – Securing Serverless Environments (NEW) |
DES 261 |
20 minutes |
| DES 262 – Securing Enterprise Low-Code Applications Platforms (NEW) |
DES 262 |
20 minutes |
| DES 271 – OWASP M1: Mitigating Improper Platform Usage |
DES 271 |
12 minutes |
| DES 272 – OWASP M2: Mitigating Insecure Data Storage |
DES 272 |
12 minutes |
| DES 273 – OWASP M3: Mitigating Insecure Communication |
DES 273 |
12 minutes |
| DES 274 – OWASP M4: Mitigating Insecure Authentication |
DES 274 |
12 minutes |
| DES 275 – OWASP M5: Mitigating Insufficient Cryptography |
DES 275 |
12 minutes |
| DES 276 – OWASP M6: Mitigating Insecure Authorization |
DES 276 |
12 minutes |
| DES 277 – OWASP M7: Mitigating Client Code Quality |
DES 277 |
12 minutes |
| DES 278 – OWASP M8: Mitigating Code Tampering |
DES 278 |
12 minutes |
| DES 279 – OWASP M9: Mitigating Reverse Engineering |
DES 279 |
12 minutes |
| DES 280 – OWASP M10: Mitigating Extraneous Functionality |
DES 280 |
12 minutes |
| DES 281 – OWASP IoT1: Mitigating Weak, Guessable or Hardcoded Passwords |
DES 281 |
12 minutes |
| DES 282 – OWASP IoT2: Mitigating Insecure Network Services |
DES 282 |
12 minutes |
| DES 283 – OWASP IoT3: Mitigating Insecure Ecosystem Interfaces |
DES 283 |
12 minutes |
| DES 284 – OWASP IoT4: Mitigating Lack of Secure Update Mechanism |
DES 284 |
12 minutes |
| DES 285 – OWASP IoT5: Mitigating Use of Insecure or Outdated Components |
DES 285 |
12 minutes |
| DES 286 – OWASP IoT6: Mitigating Insufficient Privacy Protection |
DES 286 |
12 minutes |
| DES 287 – OWASP IoT7: Mitigating Insecure Data Transfer and Storage |
DES 287 |
12 minutes |
| DES 288 – OWASP IoT8: Mitigating Lack of Device Management |
DES 288 |
12 minutes |
| DES 289 – OWASP IoT9: Mitigating Insecure Default Settings |
DES 289 |
12 minutes |
| DES 290 – OWASP IoT10 Mitigating Lack of Physical Hardening |
DES 290 |
12 minutes |
| DES 305 – Protecting Existing Blockchain Assets |
DES 305 |
20 minutes |
| DES 306 – Creating a Secure Blockchain Network |
DES 306 |
20 minutes |
| DES 311 – Creating Secure Application Architecture |
DES 311 |
45 minutes |
| DES 312 – Protecting Cardholder Data |
DES 312 |
20 minutes |
| DES 313 – Hardening a Kubernetes Cluster |
DES 313 |
20 minutes |
| DES 314 – Hardening the Docker Engine |
DES 314 |
15 minutes |
| DSO 201 – Fundamentals of Secure DevOps |
DSO 201 |
30 minutes |
| DSO 205 – Securing the COTS Supply Chain |
DSO 205 |
15 minutes |
| DSO 206 – Securing the Open Source Supply Chain |
DSO 206 |
15 minutes |
| DSO 211 – Identifying Threats to Containers in a DevSecOps Framework |
DSO 211 |
20 minutes |
| DSO 212 – Fundamentals of Zero Trust Security |
DSO 212 |
15 minutes |
| DSO 253 – DevSecOps in the AWS Cloud |
DSO 253 |
20 minutes |
| DSO 254 – DevSecOps in the Azure Cloud |
DSO 254 |
20 minutes |
| DSO 256 – DevSecOps in the Google Cloud Platform |
DSO 256 |
20 minutes |
| DSO 301 – Orchestrating Secure System and Service Configuration |
DSO 301 |
20 minutes |
| DSO 302 – Automated Security Testing |
DSO 302 |
20 minutes |
| DSO 303 – Automating Security Updates |
DSO 303 |
20 minutes |
| DSO 304 – Securing API Gateways in a DevSecOps Framework |
DSO 304 |
20 minutes |
| DSO 305 – Automating CI/CD Pipeline Compliance |
DSO 305 |
20 minutes |
| DSO 306 – Implementing Infrastructure as Code |
DSO 306 |
20 minutes |
| DSO 307 – Secure Secrets Management |
DSO 307 |
20 minutes |
| ENG 110 – Essential Account Management Security |
ENG 110 |
15 minutes |
| ENG 111 – Essential Session Management Security |
ENG 111 |
15 minutes |
| ENG 112 – Essential Access Control for Mobile Devices |
ENG 112 |
15 minutes |
| ENG 113 – Essential Secure Configuration Management |
ENG 113 |
15 minutes |
| ENG 114 – Essential Risk Assessment |
ENG 114 |
15 minutes |
| ENG 115 – Essential System & Information Integrity |
ENG 115 |
15 minutes |
| ENG 116 – Essential Security Planning Policy & Procedures |
ENG 116 |
15 minutes |
| ENG 117 – Essential Information Security Program Planning |
ENG 117 |
15 minutes |
| ENG 118 – Essential Incident Response |
ENG 118 |
15 minutes |
| ENG 119 – Essential Security Audit & Accountability |
ENG 119 |
15 minutes |
| ENG 120 – Essential Security Assessment & Authorization |
ENG 120 |
15 minutes |
| ENG 121 – Essential Identification & Authentication |
ENG 121 |
15 minutes |
| ENG 122 – Essential Physical & Environmental Protection |
ENG 122 |
15 minutes |
| ENG 123 – Essential Security Engineering Principles |
ENG 123 |
15 minutes |
| ENG 124 – Essential Application Protection |
ENG 124 |
15 minutes |
| ENG 125 – Essential Data Protection |
ENG 125 |
15 minutes |
| ENG 126 – Essential Security Maintenance Policies |
ENG 126 |
15 minutes |
| ENG 127 – Essential Media Protection |
ENG 127 |
15 minutes |
| ENG 150 – Meeting Confidentiality, Integrity, and Availability |
ENG 150 |
30 minutes |
| ENG 151 – Fundamentals of Privacy Protection |
ENG 151 |
10 minutes |
| ENG 191 – Introduction to the Microsoft SDL |
ENG 191 |
25 minutes |
| ENG 192 – Implementing the Agile Microsoft SDL |
ENG 192 |
20 minutes |
| ENG 193 – Implementing the Microsoft SDL Optimization Model |
ENG 193 |
12 minutes |
| ENG 194 – Implementing Microsoft SDL Line of Business |
ENG 194 |
20 minutes |
| ENG 195 – Implementing the Microsoft SDL Threat Modeling Tool |
ENG 195 |
20 minutes |
| ENG 205 – Fundamentals of Threat Modeling |
ENG 205 |
45 minutes |
| ENG 211 – How to Create Application Security Design Requirements |
ENG 211 |
15 minutes |
| ENG 212 – Implementing Secure Software Operations |
ENG 212 |
20 minutes |
| ENG 251 – Risk Management Foundations |
ENG 251 |
20 minutes |
| ENG 311 – Attack Surface Analysis & Reduction |
ENG 311 |
25 minutes |
| ENG 312 – How to Perform a Security Code Review |
ENG 312 |
30 minutes |
| ENG 351 – Preparing the Risk Management Framework |
ENG 351 |
20 minutes |
| ENG 352 – Categorizing Systems and Information within the RMF |
ENG 352 |
10 minutes |
| ENG 353 – Selecting, Implementing and Assessing Controls within the RMF |
ENG 353 |
20 minutes |
| ENG 354 – Authorizing and Monitoring System Controls within the RMF |
ENG 354 |
20 minutes |
| ICS 210 – ICS/SCADA Security Essentials |
ICS 210 |
12 minutes |
| ICS 310 – Protecting Information and System Integrity in Industrial Control System Environments |
ICS 310 |
15 minutes |
| LAB 101 – Identifying Broken Access Control Vulnerabilities |
LAB 101 |
5 minutes |
| LAB 102 – Identifying Broken Object-Level Authorization Vulnerabilities |
LAB 102 |
5 minutes |
| LAB 103 – Identifying Broken User Authentication Vulnerabilities |
LAB 103 |
7 minutes |
| LAB 104 – Identifying Business Logic Flaw Vulnerabilities |
LAB 104 |
7 minutes |
| LAB 105 – Identifying Credential Dumping: Vulnerability Identification |
LAB 105 |
7 minutes |
| LAB 106 – Identifying Cross-Site Scripting Vulnerabilities |
LAB 106 |
7 minutes |
| LAB 107 – Identifying Injection Vulnerabilities |
LAB 107 |
7 minutes |
| LAB 108 – Identifying Reverse Engineering Vulnerabilities |
LAB 108 |
8 minutes |
| LAB 109 – Identifying Security Misconfiguration Vulnerabilities |
LAB 109 |
5 minutes |
| LAB 110 – Identifying Sensitive Data Exposure Vulnerability Identification |
LAB 110 |
7 minutes |
| LAB 111 – Identifying Server-Side Request Forgery |
LAB 111 |
5 minutes |
| LAB 113 – Identifying Cryptographic Failures |
LAB 113 |
5 minutes |
| LAB 114 – Identifying Cookie Tampering |
Lab 114 |
5 minutes |
| LAB 115 – Identifying Reflective XSS |
LAB 115 |
5 minutes |
| LAB 116 – Identifying Forceful Browsing |
LAB 116 |
5 minutes |
| LAB 117 – Identifying Hidden Form Field |
LAB 117 |
5 minutes |
| LAB 118 – Identifying Weak File Upload Validation |
LAB 118 |
5 minutes |
| LAB 119 – Identifying Persistent XSS |
LAB 119 |
5 minutes |
| LAB 120 – Identifying XML Injection |
LAB 120 |
5 minutes |
| LAB 121 – Identifying Vulnerable and Outdate Components |
LAB 121 |
5 minutes |
| LAB 122 – Identifying Insecure APIs |
LAB 122 |
5 minutes |
| LAB 123 – Identifying Vertical Privilege Escalation |
LAB 123 |
5 minutes |
| LAB 124 – Identifying Horizontal Privilege Escalation |
LAB 124 |
5 minutes |
| LAB 125 – Identifying Buffer Overflow |
LAB 125 |
5 minutes |
| LAB 126 – Identifying Information Leakage |
LAB 126 |
5 minutes |
| LAB 127 – Identifying Security Logging and Monitoring Failures |
LAB 127 |
5 minutes |
| LAB 128 – Identifying Unverified Password Change |
LAB 128 |
5 minutes |
| LAB 129 – Identifying Error Message Containing Sensitive Information |
LAB 129 |
5 minutes |
| LAB 130 – Identifying Generation of Predictable Numbers or Identifiers |
LAB 130 |
5 minutes |
| LAB 131 – Identifying Improper Restriction of XML External Entity Reference |
LAB 131 |
5 minutes |
| LAB 132 – Identifying Exposed Services |
LAB 132 |
5 minutes |
| LAB 133 – Identifying Exposure of Sensitive Information Through Environmental Variables (NEW) |
LAB 133 |
5 minutes |
| LAB 134 – Identifying Plaintext Storage of a Password (NEW) |
LAB 134 |
5 minutes |
| LAB 135 – Identifying URL Redirection to Untrusted Site (NEW) |
LAB 135 |
5 minutes |
| LAB 136 – Identifying Improper Neutralization of Script in Attributes in a Web Page (NEW) |
LAB 136 |
5 minutes |
| LAB 211 – Defending Java Applications Against Credentials in Code Medium (NEW) |
LAB 211 |
10 minutes |
| LAB 212 – Defending Python Applications Against Credentials in Code Medium (NEW) |
LAB 212 |
10 minutes |
| LAB 213 – Defending Node.js Applications Against Credentials in Code Medium (NEW) |
LAB 213 |
10 minutes |
| LAB 214 – Defending C# Applications Against Credentials in Code Medium (NEW) |
LAB 214 |
10 minutes |
| LAB 215 – Defending Java Applications Against Business Logic Error for Input Validation (NEW) |
LAB 215 |
10 minutes |
| LAB 216 – Defending Python Applications Against Business Logic Error for Input Validation (NEW) |
LAB 216 |
10 minutes |
| LAB 217 – Defending Node.js Applications Against Business Logic Error for Input Validation (NEW) |
LAB 217 |
10 minutes |
| LAB 218 – Defending C# Applications Against Business Logic Error for Input Validation (NEW) |
LAB 218 |
10 minutes |
| LAB 220 – Defending Against Hard-Coded Secrets |
LAB 220 |
5 minutes |
| LAB 221 – Defending C# Applications Against SQL Injection |
LAB 221 |
10 minutes |
| LAB 222 – Defending Python Applications Against SQL Injection |
LAB 222 |
10 minutes |
| LAB 223 – Defending Node.js Applications Against SQL Injection |
LAB 223 |
10 minutes |
| LAB 224 – Defending Java Applications Against Forceful Browsing (NEW) |
LAB 224 |
10 minutes |
| LAB 225 – Defending Python Applications Against Forceful Browsing (NEW) |
LAB 225 |
10 minutes |
| LAB 226 – Defending Node.js Applications Against Forceful Browsing (NEW) |
LAB 226 |
10 minutes |
| LAB 227 – Defending C# Applications Against Forceful Browsing (NEW) |
LAB 227 |
10 minutes |
| LAB 228 – Defending Java Applications Against Weak AES ECB Mode Encryption |
LAB 228 |
10 minutes |
| LAB 229 – Defending Java Applications Against Weak PRNG |
LAB 229 |
10 minutes |
| LAB 230 – Defending Java Applications Against XSS |
LAB 230 |
15 minutes |
| LAB 231 – Defending Python Applications Against XSS |
LAB 231 |
15 minutes |
| LAB 232 – Defending C# Applications Against XSS |
LAB 232 |
15 minutes |
| LAB 233 – Defending Node.js Applications Against XSS |
LAB 233 |
15 minutes |
| LAB 234 – Defending Java Applications Against Parameter Tampering |
LAB 234 |
10 minutes |
| LAB 235 – Defending Java Applications Against Plaintext Password Storage |
LAB 235 |
10 minutes |
| LAB 236 – Defending Java Applications Against Sensitive Information in Error Messages |
LAB 236 |
10 minutes |
| LAB 237 – Defending Java Applications Against SQL Injection |
LAB 237 |
20 minutes |
| LAB 238 – Defending C# Applications Against Weak AES ECB Mode Encryption |
LAB 238 |
10 minutes |
| LAB 239 – Defending C# Applications Against Weak PRNG |
LAB 239 |
10 minutes |
| LAB 240 – Defending Java Applications Against eXternal XML Entity (XXE) Vulnerabilities |
LAB 240 |
10 minutes |
| LAB 241 – Defending C# Applications Against eXternal XML Entity (XXE) Vulnerabilities |
LAB 241 |
10 minutes |
| LAB 242 – Defending Node.js Applications Against eXternal XML Entity (XXE) Vulnerabilities |
LAB 242 |
10 minutes |
| LAB 243 – Defending Python Applications Against eXternal XML Entity (XXE) Vulnerabilities |
LAB 243 |
10 minutes |
| LAB 244 – Defending Java Applications Against Security Misconfiguration |
LAB 244 |
12 minutes |
| LAB 245 – Defending Node.js Applications Against Plaintext Password Storage |
LAB 245 |
10 minutes |
| LAB 246 – Defending Node.js Applications Against Weak AES ECB Mode Encryption |
LAB 246 |
10 minutes |
| LAB 247 – Defending Node.js Applications Against Weak PRNG |
LAB 247 |
10 minutes |
| LAB 248 – Defending Node.js Applications Against Parameter Tampering |
LAB 248 |
10 minutes |
| LAB 249 – Defending Python Applications Against Plaintext Password Storage |
LAB 249 |
10 minutes |
| LAB 250 – Defending C# Applications Against Parameter Tampering |
LAB 250 |
10 minutes |
| LAB 251 – Defending C# Applications Against Plaintext Password Storage |
LAB 251 |
10 minutes |
| LAB 252 – Defending Python Applications Against Weak AES ECB Mode Encryption |
LAB 252 |
10 minutes |
| LAB 253 – Defending Python Applications Against Weak PRNG |
LAB 253 |
10 minutes |
| LAB 254 – Defending Python Applications Against Parameter Tampering |
LAB 254 |
10 minutes |
| LAB 260 – Defending C# Applications Against Sensitive Information in Error Messages |
LAB 260 |
10 minutes |
| LAB 261 – Defending Python Applications Against Sensitive Information in Error Messages |
LAB 261 |
10 minutes |
| LAB 262 – Defending Node.js Applications Against Sensitive Information in Error Messages |
LAB 262 |
10 minutes |
| LAB 263 – Defending Java Applications Against Sensitive Information in Log Files |
LAB 263 |
10 minutes |
| LAB 264 – Defending Python Applications Against Sensitive Information in Log Files |
LAB 264 |
10 minutes |
| LAB 265 – Defending Node.js Applications Against Sensitive Information in Log Files |
LAB 265 |
10 minutes |
| LAB 266 – Defending C# Applications Against Sensitive Information in Log Files |
LAB 266 |
10 minutes |
| LAB 267 – Defending Java Applications Against Deserialization of Untrusted Data |
LAB 267 |
10 minutes |
| LAB 268 – Defending Python Applications Against Deserialization of Untrusted Data |
LAB 268 |
10 minutes |
| LAB 269 – Defending Node.js Applications Against Deserialization of Untrusted Data |
LAB 269 |
10 minutes |
| LAB 270 – Defending C# Applications Against Deserialization of Untrusted Data |
LAB 270 |
10 minutes |
| LAB 271 – Defending Java Applications Against SSRF |
LAB 271 |
10 minutes |
| LAB 272 – Defending Python Applications Against SSRF |
LAB 272 |
10 minutes |
| LAB 273 – Defending Node.js Applications Against SSRF |
LAB 273 |
10 minutes |
| LAB 274 – Defending C# Applications Against SSRF |
LAB 274 |
10 minutes |
| LAB 310 ATT&CK: File and Directory Permissions Modification (NEW) |
LAB 310 |
12 minutes |
| LAB 311 ATT&CK: File and Directory Discovery (NEW) |
LAB 311 |
12 minutes |
| LAB 315 ATT&CK: Updating Vulnerable Java Web Application Server Software |
LAB 315 |
12 minutes |
| LAB 321 ATT&CK: Password Cracking |
LAB 321 |
5 minutes |
| LAB 322 ATT&CK: Exploiting Windows File Sharing Server with External Remote Services |
LAB 322 |
20 minutes |
| LAB 323 ATT&CK: Exploiting Vulnerable Java Web Application Server Software |
LAB 323 |
12 minutes |
| LAB 324 ATT&CK: Exploiting Java Web Application Server Misconfiguration |
LAB 324 |
12 minutes |
| LAB 330 ATT&CK: Exploiting Java SQL Injection to Extract Password Hashes |
LAB 330 |
15 minutes |
| LAB 331 ATT&CK: Network Service Discovery |
LAB 331 |
12 minutes |
| LAB 332 ATT&CK: Network Share Discovery |
LAB 332 |
12 minutes |
| LAB 334 ATT&CK: Create Account |
LAB 334 |
12 minutes |
| LAB 335 ATT&CK: Unsecured Credentials |
LAB 335 |
12 minutes |
| LAB 336 ATT&CK: Data from Local System |
LAB 336 |
12 minutes |
| LAB 337 ATT&CK: Valid Accounts |
LAB 337 |
12 minutes |
| SDT 301 – Testing for Injection |
SDT 301 |
10 minutes |
| SDT 302 – Testing for Identification and Authentication Failures |
SDT 302 |
10 minutes |
| SDT 303 – Testing for Cryptographic Failures |
SDT 303 |
10 minutes |
| SDT 304 – Testing for Insecure Design |
SDT 304 |
10 minutes |
| SDT 305 – Testing for Broken Access Control |
SDT 305 |
10 minutes |
| SDT 306 – Testing for Security Misconfiguration |
SDT 306 |
10 minutes |
| SDT 307 – Testing for Server-Side Request Forgery (SSRF) |
SDT 307 |
10 minutes |
| SDT 308 – Testing for Software and Data Integrity Failures |
SDT 308 |
10 minutes |
| SDT 309 – Testing for Vulnerable and Outdated Components |
SDT 309 |
10 minutes |
| SDT 310 – Testing for Security Logging and Monitoring Failures |
SDT 310 |
10 minutes |
| SDT 311 – Testing for Integer Overflow or Wraparound |
SDT 311 |
15 minutes |
| SDT 312 – Testing for (Path Traversal) Improper Limitation of a Pathname to a Restricted Directory |
SDT 312 |
15 minutes |
| SDT 313 – Testing for (CSRF) Cross Site Request Forgery |
SDT 313 |
15 minutes |
| SDT 314 – Testing for Unrestricted Upload of File with Dangerous Type |
SDT 314 |
15 minutes |
| SDT 315 – Testing for Incorrect Permission Assignment for Critical Resource |
SDT 315 |
15 minutes |
| SDT 316 – Testing for Use of Hard-Coded Credentials |
SDT 316 |
15 minutes |
| SDT 317 – Testing for Improper Control of Generation of Code |
SDT 317 |
10 minutes |
| SDT 318 – Testing for Insufficiently Protected Credentials |
SDT 318 |
10 minutes |
| SDT 319 – Testing for Out-of-bounds Read |
SDT 319 |
10 minutes |
| SDT 320 – Testing for Out-of-bounds Write |
SDT 320 |
10 minutes |
| SDT 321 – Testing for Uncontrolled Resource Consumption |
SDT 321 |
10 minutes |
| SDT 322 – Testing for Improper Privilege Management |
SDT 322 |
10 minutes |
| SDT 323 – Testing for Improper Input Validation |
SDT 323 |
10 minutes |
| SDT 324 – Testing for Improper Restriction of Operations within the Bounds of a Memory Buffer |
SDT 324 |
10 minutes |
| SDT 325 – Testing for NULL Pointer Dereference |
SDT 325 |
10 minutes |
| SDT 326 – Testing for Use After Free |
SDT 326 |
10 minutes |
| TST 101 – Fundamentals of Security Testing |
TST 101 |
20 minutes |
| TST 202 – Penetration Testing Fundamentals |
TST 202 |
25 minutes |
| TST 205 – Performing Vulnerability Scans |
TST 205 |
45 minutes |
| TST 206 – ASVS Requirements for Developers |
TST 206 |
20 minutes |
| TST 301 – Infrastructure Penetration Testing |
TST 301 |
45 minutes |
| TST 302 – Application Penetration Testing |
TST 302 |
45 minutes |
| TST 303 – Penetration Testing for Google Cloud Platform |
TST 303 |
20 minutes |
| TST 304 – Penetration Testing for AWS Cloud |
TST 304 |
20 minutes |
| TST 305 – Penetration Testing for Azure Cloud |
TST 305 |
20 minutes |
| TST 351 – Penetration Testing for TLS Vulnerabilities |
TST 351 |
12 minutes |
| TST 352 – Penetration Testing for Injection Vulnerabilities |
TST 352 |
12 minutes |
| TST 353 – Penetration Testing for SQL Injection |
TST 353 |
12 minutes |
| TST 354 – Penetration Testing for Memory Corruption Vulnerabilities |
TST 354 |
12 minutes |
| TST 355 – Penetration Testing for Authorization Vulnerabilities |
TST 355 |
12 minutes |
| TST 356 – Penetration Testing for Cross-Site Scripting (XSS) |
TST 356 |
12 minutes |
| TST 357 – Penetration Testing for Hardcoded Secrets |
TST 357 |
12 minutes |
| TST 358 – Penetration Testing Wireless Networks |
TST 358 |
12 minutes |
| TST 359 – Penetration Testing Network Infrastructure |
TST 359 |
12 minutes |
| TST 360 – Penetration Testing for Authentication Vulnerabilities |
TST 360 |
12 minutes |