| AWA 007 – Information Privacy & Security Awareness for Executives |
AWA 007 |
45 minutes |
| AWA 008 – Information Privacy: Classifying Data |
AWA 008 |
15 minutes |
| AWA 009 – Information Privacy: Protecting Data |
AWA 009 |
20 minutes |
| AWA 010 – Email Security |
AWA 010 |
10 minutes |
| AWA 012 – Malware Awareness |
AWA 012 |
10 minutes |
| AWA 013 – Mobile Security |
AWA 013 |
15 minutes |
| AWA 014 – Password Security |
AWA 014 |
10 minutes |
| AWA 015 – PCI Compliance |
AWA 015 |
15 minutes |
| AWA 016 – Phishing Awareness |
AWA 016 |
10 minutes |
| AWA 017 – Physical Security |
AWA 017 |
10 minutes |
| AWA 018 – Social Engineering Awareness |
AWA 018 |
15 minutes |
| AWA 019 – Travel Security |
AWA 019 |
15 minutes |
| AWA 101 – Fundamentals of Application Security |
AWA 101 |
30 minutes |
| AWA 102 – Secure Software Concepts |
AWA 102 |
30 minutes |
| COD 102 – The Role of Software Security |
COD 102 |
10 minutes |
| COD 103 – Creating Software Security Requirements |
COD 103 |
10 minutes |
| COD 104 – Designing Secure Software |
COD 104 |
15 minutes |
| COD 105 – Secure Software Development |
COD 105 |
20 minutes |
| COD 106 – The Importance of Software Integration and Testing |
COD 106 |
15 minutes |
| COD 107 – Secure Software Deployment |
COD 107 |
10 minutes |
| COD 108 – Software Operations and Maintenance |
COD 108 |
10 minutes |
| COD 110 – Fundamentals of Secure Mobile Development |
COD 110 |
45 minutes |
| COD 141 – Fundamentals of Database Security |
COD 141 |
30 minutes |
| COD 152 – Fundamentals of Secure Cloud Development |
COD 152 |
20 minutes |
| COD 160 -Fundamentals of Secure Embedded Software Development |
COD 160 |
45 minutes |
| COD 170 – Identifying Threats to Mainframe COBOL Applications & Data |
COD 170 |
20 minutes |
| COD 201 – Secure C Encrypted Network Communications (UPDATED) |
COD 201 |
15 minutes |
| COD 202 – Secure C Runtime Protection (UPDATED) |
COD 202 |
15 minutes |
| COD 206 – Creating Secure C++ Code |
COD 206 |
15 minutes |
| COD 207 – Communication Security in C++ |
COD 207 |
15 minutes |
| COD 214 – Creating Secure GO Applications |
COD 214 |
30 minutes |
| COD 216 – Leveraging .NET Framework Code Access Security (CAS) |
COD 216 |
30 minutes |
| COD 217 – Mitigating .NET Security Threats |
COD 217 |
45 minutes |
| COD 219 – Creating Secure Code: SAP ABAP Foundations |
COD 219 |
90 minutes |
| COD 241 – Creating Secure Oracle DB Applications |
COD 241 |
45 minutes |
| COD 242 – Creating Secure SQL Server & Azure SQL DB Applications |
COD 242 |
40 minutes |
| COD 246 – PCI DSS 3: Protecting Stored Cardholder Data |
COD 246 |
15 minutes |
| COD 247 – PCI DSS 4: Encrypting Transmission of Cardholder Data |
COD 247 |
15 minutes |
| COD 248 – PCI DSS 6: Develop and Maintain Secure Systems and Applications |
COD 248 |
15 minutes |
| COD 249 – PCI DSS 11: Regularly Test Security Systems and Processes |
COD 249 |
15 minutes |
| COD 251 – Defending AJAX-Enabled Web Applications |
COD 251 |
25 minutes |
| COD 253 – Creating Secure AWS Cloud Applications |
COD 253 |
45 minutes |
| COD 254 – Creating Secure Azure Applications |
COD 254 |
45 minutes |
| COD 255 – Creating Secure Code: Web API Foundations (UPDATED) |
COD 255 |
20 minutes |
| COD 256 – Creating Secure Code: Ruby on Rails Foundations |
COD 256 |
45 minutes |
| COD 257 – Creating Secure Python Web Applications |
COD 257 |
45 minutes |
| COD 258 – Creating Secure PHP Web Applications |
COD 258 |
30 minutes |
| COD 259 – Node.js Threats & Vulnerabilities |
COD 259 |
30 minutes |
| COD 261 – Threats to Scripts |
COD 261 |
30 minutes |
| COD 262 – Fundamentals of Shell and Interpreted Language Security |
COD 262 |
30 minutes |
| COD 263 – Secure Bash Scripting |
COD 263 |
15 minutes |
| COD 264 – Secure Perl Scripting |
COD 264 |
15 minutes |
| COD 265 – Secure Python Scripting |
COD 265 |
15 minutes |
| COD 266 – Secure Ruby Scripting |
COD 266 |
15 minutes |
| COD 267 – Securing Python Microservices |
COD 267 |
30 minutes |
| COD 270 – Creating Secure COBOL & Mainframe Applications |
COD 270 |
25 minutes |
| COD 281 – Java Security Model |
COD 281 |
20 minutes |
| COD 283 – Java Cryptography |
COD 283 |
45 minutes |
| COD 284 – Secure Java Coding |
COD 284 |
30 minutes |
| COD 285 – Developing Secure Angular Applications |
COD 285 |
30 minutes |
| COD 286 – Creating Secure React User Interfaces (NEW) |
COD 286 |
10 minutes |
| COD 287 – Java Application Server Hardening (NEW) |
COD 287 |
20 minutes |
| COD 301 – Secure C Buffer Overflow Mitigations |
COD 301 |
45 minutes |
| COD 302 -Secure C Memory Management (UPDATED) |
COD 302 |
20 minutes |
| COD 303 – Common C Vulnerabilities & Attacks (UPDATED) |
COD 303 |
20 minutes |
| COD 307 – Protecting Data in C++ (UPDATED) |
COD 307 |
25 minutes |
| COD 308 – Common ASP.NET MVC Vulnerabilities and Attacks |
COD 308 |
45 minutes |
| COD 309 – Securing ASP.NET MVC Applications |
COD 309 |
30 minutes |
| COD 315 – Preventing Vulnerabilities in iOS Code in Swift (NEW) |
COD 315 |
20 minutes |
| COD 316 – Creating Secure iOS Code in Objective C |
COD 316 |
30 minutes |
| COD 317 – Protecting Data on iOS in Swift (UPDATED) |
COD 317 |
20 minutes |
| COD 318 – Protecting Data on Android in Java (UPDATED) |
COD 318 |
20 minutes |
| COD 319 – Preventing Vulnerabilities in Android Code in Java (NEW) |
COD 319 |
20 minutes |
| COD 321 – Protecting C# from Integer Overflows & Canonicalization |
COD 321 |
30 minutes |
| COD 322 – Protecting C# from SQL Injection (UPDATED) |
COD 322 |
8 minutes |
| COD 323 – Using Encryption with C# (UPDATED) |
COD 323 |
20 minutes |
| COD 324 – Protecting C# from XML Injection (NEW) |
COD 324 |
8 minutes |
| COD 326 – Testing for SQL Injection (CWE-89) |
COD 326 |
15 minutes |
| COD 327 – Testing for OS Command Injection (CWE-78) |
COD 327 |
15 minutes |
| COD 328 – Testing for Classic Buffer Overflow (CWE-120) |
COD 328 |
15 minutes |
| COD 329 – Testing for Cross-site Scripting (CWE-79) |
COD 329 |
15 minutes |
| COD 330 – Testing for Missing Authentication for Critical Function (CWE-306) |
COD 330 |
15 minutes |
| COD 331 – Testing for Missing Authorization (CWE-862) |
COD 331 |
15 minutes |
| COD 332 – Testing for Use of Hard-Coded Credentials (CWE-798) |
COD 332 |
15 minutes |
| COD 333 – Testing for Missing Encryption of Sensitive Data (CWE-311) |
COD 333 |
15 minutes |
| COD 334 – Testing for Unrestricted Upload of File with Dangerous Type (CWE-434) |
COD 334 |
15 minutes |
| COD 335 – Testing for Reliance on Untrusted Inputs in a Security Decision (CWE-807) |
COD 335 |
15 minutes |
| COD 336 – Testing for Execution with Unnecessary Privileges (CWE-250) |
COD 336 |
15 minutes |
| COD 337 – Testing for Cross Site Request Forgery (CSRF): CWE-352 |
COD 337 |
15 minutes |
| COD 338 – Testing for Path Traversal (CWE-22) |
COD 338 |
15 minutes |
| COD 339 – Testing for Download of Code without Integrity Check (CWE-494) |
COD 339 |
15 minutes |
| COD 340 – Testing for Incorrect Authorization (CWE-863) |
COD 340 |
15 minutes |
| COD 341 – Testing for Inclusion of Functionality from Untrusted Control Sphere (CWE-829) |
COD 341 |
15 minutes |
| COD 342 – Testing for Incorrect Permission Assignment for Critical Resource (CWE-732) |
COD 342 |
15 minutes |
| COD 343 – Testing for Use of a Potentially Dangerous Function (CWE-676) |
COD 343 |
15 minutes |
| COD 344 – Testing for Use of a Broken or Risky Cryptographic Algorithm (CWE-327) |
COD 344 |
15 minutes |
| COD 345 – Testing for Incorrect Calculation of Buffer Size (CWE-131) |
COD 345 |
15 minutes |
| COD 346 – Testing for Improper Restriction of Excessive Authentication Attempts (CWE-307) |
COD 346 |
15 minutes |
| COD 347 – Testing for Open Redirect (CWE-601) |
COD 347 |
15 minutes |
| COD 348 – Testing for Uncontrolled Format String (CWE-134) |
COD 348 |
15 minutes |
| COD 349 – Testing for Integer Overflow or Wraparound (CWE-190) |
COD 349 |
15 minutes |
| COD 350 – Testing for Use of a One-way Hash without a Salt (CWE-759) |
COD 350 |
15 minutes |
| COD 352 – Creating Secure JavaScript and jQuery Code |
COD 352 |
45 minutes |
| COD 361 – HTML5 Secure Threats |
COD 361 |
15 minutes |
| COD 362 – HTML5 Built in Security Features |
COD 362 |
20 minutes |
| COD 363- Securing HTML5 Data |
COD 363 |
20 minutes |
| COD 364 – Securing HTML5 Connectivity |
COD 364 |
20 minutes |
| COD 366 – Creating Secure Kotlin Applications |
COD 366 |
20 minutes |
| COD 370- Testing for OWASP 2017: Injection |
COD 370 |
15 minutes |
| COD 371 – Testing for OWASP 2017: Broken Authentication |
COD 371 |
12 minutes |
| COD 372 – Testing for OWASP 2017: Sensitive Data Exposure |
COD 372 |
12 minutes |
| COD 373 – Testing for OWASP 2017: XML External Entities |
COD 373 |
10 minutes |
| COD 374 – Testing for OWASP 2017: Broken Access Control |
COD 374 |
10 minutes |
| COD 375 – Testing for OWASP 2017: Security Misconfiguration |
COD 375 |
10 minutes |
| COD 376 – Testing for OWASP 2017: Cross Site Scripting (XSS) |
COD 376 |
15 minutes |
| COD 377 – Testing for OWASP 2017: Insecure Deserialization |
COD 377 |
10 minutes |
| COD 378 – Testing for OWASP 2017: Use of Components with Known Vulnerabilities |
COD 378 |
10 minutes |
| COD 379 – Testing for OWASP 2017: Insufficient Logging & Monitoring |
COD 379 |
10 minutes |
| COD 380 – Preventing SQL Injection in Java (UPDATED) |
COD 380 |
8 minutes |
| COD 381 – Preventing Path Traversal Attacks in Java (UPDATED) |
COD 381 |
8 minutes |
| COD 382 – Protecting Data in Java |
COD 382 |
30 minutes |
| COD 383 – Protecting Java Backend Services |
COD 383 |
30 minutes |
| COD 384 – Protecting Java from Information Disclosure (NEW) |
COD 384 |
8 minutes |
| COD 385 – Preventing Race Conditions in Java Code (NEW) |
COD 385 |
8 minutes |
| COD 386 – Preventing Integer Overflows in Java Code (NEW) |
COD 386 |
8 minutes |
| DES 101 – Fundamentals of Secure Architecture |
DES 101 |
20 minutes |
| DES 151 – Fundamentals of the PCI Secure SLC Standard |
DES 151 |
25 minutes |
| DES 202 – Cryptographic Suite Services: Encoding, Encrypting & Hashing |
DES 202 |
45 minutes |
| DES 203 – Cryptographic Components: Randomness, Algorithms, and Key Management |
DES 203 |
15 minutes |
| DES 204 – Role of Cryptography in Application Development |
DES 204 |
15 minutes |
| DES 205 – Message Integrity Cryptographic Functions |
DES 205 |
45 minutes |
| DES 206 – Meeting Cloud Governance and Compliance Requirements (NEW) |
DES 206 |
15 minutes |
| DES 210 – Hardening Linux/Unix Systems |
DES 210 |
30 minutes |
| DES 212 – Architecture Risk Analysis & Remediation |
DES 212 |
30 minutes |
| DES 214 – Securing Infrastructure Architecture |
DES 214 |
30 minutes |
| DES 215 – Defending Infrastructure |
DES 215 |
30 minutes |
| DES 216 – Protecting Cloud Infrastructure |
DES 216 |
40 minutes |
| DES 218 – Protecting Microservices, Containers, and Orchestration |
DES 218 |
30 minutes |
| DES 222 – Applying OWASP 2017: Mitigating Injection |
DES 222 |
12 minutes |
| DES 223 – Applying OWASP 2017: Mitigating Broken Authentication |
DES 223 |
12 minutes |
| DES 224 – Applying OWASP 2017: Mitigating Sensitive Data Exposure |
DES 224 |
12 minutes |
| DES 225 – Applying OWASP 2017: Mitigating XML External Entities |
DES 225 |
12 minutes |
| DES 226 – Applying OWASP 2017: Mitigating Broken Access Control |
DES 226 |
12 minutes |
| DES 227 – Applying OWASP 2017: Mitigating Security Misconfiguration |
DES 227 |
12 minutes |
| DES 228 – Applying OWASP 2017: Mitigating Cross Site Scripting (XSS) |
DES 228 |
12 minutes |
| DES 229 – Applying OWASP 2017: Mitigating Insecure Deserialization |
DES 229 |
12 minutes |
| DES 230 – Applying OWASP 2017: Mitigating Use of Components with Known Vulnerabilities |
DES 230 |
12 minutes |
| DES 231 – Applying OWASP 2017: Mitigating Insufficient Logging & Monitoring Vulnerabilities |
DES 231 |
12 minutes |
| DES 255 – Securing the IoT Update Process |
DES 255 |
30 minutes |
| DES 260 – Fundamentals of IoT Architecture & Design |
DES 260 |
30 minutes |
| DES 271 – OWASP M1: Mitigating Improper Platform Usage |
DES 271 |
12 minutes |
| DES 272 – OWASP M2: Mitigating Insecure Data Storage |
DES 272 |
12 minutes |
| DES 273 – OWASP M3: Mitigating Insecure Communication |
DES 273 |
12 minutes |
| DES 274 – OWASP M4: Mitigating Insecure Authentication |
DES 274 |
12 minutes |
| DES 275 – OWASP M5: Mitigating Insufficient Cryptography |
DES 275 |
12 minutes |
| DES 276 – OWASP M6: Mitigating Insecure Authorization |
DES 276 |
12 minutes |
| DES 277 – OWASP M7: Mitigating Client Code Quality |
DES 277 |
12 minutes |
| DES 278 – OWASP M8: Mitigating Code Tampering |
DES 278 |
12 minutes |
| DES 279 – OWASP M9: Mitigating Reverse Engineering |
DES 279 |
12 minutes |
| DES 280 – OWASP M10: Mitigating Extraneous Functionality |
DES 280 |
12 minutes |
| DES 281 – OWASP IoT1: Mitigating Weak, Guessable or Hardcoded Passwords |
DES 281 |
12 minutes |
| DES 282 – OWASP IoT2: Mitigating Insecure Network Services |
DES 282 |
12 minutes |
| DES 283 – OWASP IoT3: Mitigating Insecure Ecosystem Interfaces |
DES 283 |
12 minutes |
| DES 284 – OWASP IoT4: Mitigating Lack of Secure Update Mechanism |
DES 284 |
12 minutes |
| DES 285 – OWASP IoT5: Mitigating Use of Insecure or Outdated Components |
DES 285 |
12 minutes |
| DES 286 – OWASP IoT6: Mitigating Insufficient Privacy Protection |
DES 286 |
12 minutes |
| DES 287 – OWASP IoT7: Mitigating Insecure Data Transfer and Storage |
DES 287 |
12 minutes |
| DES 288 – OWASP IoT8: Mitigating Lack of Device Management |
DES 288 |
12 minutes |
| DES 289 – OWASP IoT9: Mitigating Insecure Default Settings |
DES 289 |
12 minutes |
| DES 290 – OWASP IoT10 Mitigating Lack of Physical Hardening |
DES 290 |
12 minutes |
| DES 305 – Protecting Existing Blockchain Assets |
DES 305 |
20 minutes |
| DES 306 – Creating a Secure Blockchain Network |
DES 306 |
20 minutes |
| DES 311 – Creating Secure Application Architecture |
DES 311 |
45 minutes |
| DES 312 – Protecting Cardholder Data (NEW) |
DES 312 |
20 minutes |
| DSO 201 – Fundamentals of Secure DevOps |
DSO 201 |
30 minutes |
| DSO 205 – Securing the COTS Supply Chain |
DSO 205 |
15 minutes |
| DSO 206 – Securing the Open Source Supply Chain |
DSO 206 |
15 minutes |
| DSO 211 – Identifying Threats to Containers in a DevSecOps Framework |
DSO 211 |
20 minutes |
| DSO 253 – DevSecOps in the AWS Cloud |
DSO 253 |
20 minutes |
| DSO 254 – DevSecOps in the Azure Cloud |
DSO 254 |
20 minutes |
| DSO 301 – Orchestrating Secure System and Service Configuration |
DSO 301 |
20 minutes |
| DSO 302- Automated Security Testing |
DSO 302 |
20 minutes |
| DSO 303 – Automating Security Updates |
DSO 303 |
20 minutes |
| DSO 304 – Securing API Gateways in a DevSecOps Framework |
DSO 304 |
20 minutes |
| DSO 305 – Automating CI/CD Pipeline Compliance |
DSO 305 |
20 minutes |
| DSO 306 – Implementing Infrastructure as Code (NEW) |
DSO 306 |
20 minutes |
| DSO 307 – Secure Secrets Management |
DSO 307 |
20 minutes |
| ENG 110 – Essential Account Management Security |
ENG 110 |
15 minutes |
| ENG 111 – Essential Session Management Security |
ENG 111 |
15 minutes |
| ENG 112 – Essential Access Control for Mobile Devices |
ENG 112 |
15 minutes |
| ENG 113 – Essential Secure Configuration Management |
ENG 113 |
15 minutes |
| ENG 114 – Essential Risk Assessment |
ENG 114 |
15 minutes |
| ENG 115 – Essential System & Information Integrity |
ENG 115 |
15 minutes |
| ENG 116 – Essential Security Planning Policy & Procedures |
ENG 116 |
15 minutes |
| ENG 117 – Essential Information Security Program Planning |
ENG 117 |
15 minutes |
| ENG 118 – Essential Incident Response |
ENG 118 |
15 minutes |
| ENG 119 – Essential Security Audit & Accountability |
ENG 119 |
15 minutes |
| ENG 120 – Essential Security Assessment & Authorization |
ENG 120 |
15 minutes |
| ENG 121 – Essential Identification & Authentication |
ENG 121 |
15 minutes |
| ENG 122 – Essential Physical & Environmental Protection |
ENG 122 |
15 minutes |
| ENG 123 – Essential Security Engineering Principles |
ENG 123 |
15 minutes |
| ENG 124 – Essential Application Protection |
ENG 124 |
15 minutes |
| ENG 125 – Essential Data Protection |
ENG 125 |
15 minutes |
| ENG 126 – Essential Security Maintenance Policies |
ENG 126 |
15 minutes |
| ENG 127 – Essential Media Protection |
ENG 127 |
15 minutes |
| ENG 150 – Meeting Confidentiality, Integrity, and Availability |
ENG 150 |
30 minutes |
| ENG 151 – Fundamentals of Privacy Protection |
ENG 151 |
10 minutes |
| ENG 191 – Introduction to the Microsoft SDL |
ENG 191 |
25 minutes |
| ENG 192- Implementing the Agile Microsoft SDL |
ENG 192 |
20 minutes |
| ENG 193 – Implementing the Microsoft SDL Optimization Model |
ENG 193 |
12 minutes |
| ENG 194 – Implementing Microsoft SDL Line of Business |
ENG 194 |
20 minutes |
| ENG 195 – Implementing the Microsoft SDL Threat Modeling Tool |
ENG 195 |
20 minutes |
| ENG 205 – Fundamentals of Threat Modeling |
ENG 205 |
45 minutes |
| ENG 211 – How to Create Application Security Design Requirements |
ENG 211 |
15 minutes |
| ENG 212 – Implementing Secure Software Operations (NEW) |
ENG 212 |
20 minutes |
| ENG 251 – Risk Management Foundations |
ENG 251 |
20 minutes |
| ENG 311 – Attack Surface Analysis & Reduction |
ENG 311 |
25 minutes |
| ENG 312 – How to Perform a Security Code Review |
ENG 312 |
30 minutes |
| ENG 351 – Preparing the Risk Management Framework |
ENG 351 |
20 minutes |
| ENG 352 – Categorizing Systems and Information within the RMF |
ENG 352 |
10 minutes |
| ENG 353 – Selecting, Implementing and Assessing Controls within the RMF |
ENG 353 |
20 minutes |
| ENG 354 – Authorizing and Monitoring System Controls within the RMF |
ENG 354 |
20 minutes |
| TST 101 – Fundamentals of Security Testing |
TST 101 |
20 minutes |
| TST 202 – Penetration Testing Fundamentals |
TST 202 |
25 minutes |
| TST 205 – Performing Vulnerability Scans |
TST 205 |
45 minutes |
| TST 206 – ASVS Requirements for Developers |
TST 206 |
20 minutes |
| TST 301 – Infrastructure Penetration Testing |
TST 301 |
45 minutes |
| TST 302 – Application Penetration Testing |
TST 302 |
45 minutes |
| TST 351 – Penetration Testing for TLS Vulnerabilities (New) |
TST 351 |
12 minutes |
| TST 352 – Penetration Testing for Injection Vulnerabilities |
TST 352 |
12 minutes |
| TST 353 – Penetration Testing for SQL Injection |
TST 353 |
12 minutes |
| TST 354 – Penetration Testing for Memory Corruption Vulnerabilities |
TST 354 |
12 minutes |
| TST 355 – Penetration Testing for Authorization Vulnerabilities |
TST 355 |
12 minutes |
| TST 356 – Penetration Testing for Cross-Site Scripting (XSS) |
TST 356 |
12 minutes |
| TST 357 – Penetration Testing for Hardcoded Secrets |
TST 357 |
12 minutes |
| TST 358 – Penetration Testing Wireless Networks |
TST 358 |
12 minutes |
| TST 359 – Penetration Testing Network Infrastructure |
TST 359 |
12 minutes |
| TST 360 – Penetration Testing for Authentication Vulnerabilities |
TST 360 |
12 minutes |