Overview
The Secure Systems Analyst Learning Path includes a variety of security courses designed for those who specialize in the implementation of computer system requirements. The curriculum provides the fundamental knowledge required to secure networks and systems including:
- Taking a holistic approach to network and system security
- Defining and analyzing system problems
- Designing and testing standards and solutions
- Controls, monitoring access, operational procedures, auditing, and logging
Courses
- AWA 101 – Fundamentals of Application Security
- AWA 102 – Secure Software Concepts
- ENG 110 – Essential Account Management Security
- ENG 111 – Essential Session Management Security
- ENG 112 – Essential Access Control for Mobile Devices
- ENG 113 – Essential Secure Configuration Management
- ENG 114 – Essential Risk Assessment
- ENG 115 – Essential System & Information Integrity
- ENG 116 – Essential Security Planning Policy & Procedures
- ENG 117 – Essential Information Security Program Planning
- ENG 118 – Essential Incident Response
- ENG 119 – Essential Security Audit & Accountability
- ENG 120 – Essential Security Assessment & Authorization
- ENG 121 – Essential Identification & Authentication
- ENG 122 – Essential Physical & Environmental Protection
- ENG 123 – Essential Security Engineering Principles
- ENG 124 – Essential Application Protection
- ENG 125 – Essential Data Protection
- ENG 126 – Essential Security Maintenance Policies
- ENG 127 – Essential Media Protection
Overview
The Secure Systems Analyst Learning Path includes a variety of security courses designed for those who specialize in the implementation of computer system requirements. The curriculum provides the fundamental knowledge required to secure networks and systems including:
- Taking a holistic approach to network and system security
- Defining and analyzing system problems
- Designing and testing standards and solutions
- Controls, monitoring access, operational procedures, auditing, and logging
Courses
- API 210 – Mitigating APIs Lack of Resources & Rate Limiting
- API 211 – Mitigating APIs Broken Object Level Authorization
- API 213 – Mitigating APIs Mass Assignment
- API 214 – Mitigating APIs Improper Asset Management
- CYB 210 – Cybersecurity Incident Response
- CYB 250 – Cyber Threat Hunting: Tactics, Techniques, and Procedures (TTP)
- DES 210 – Hardening Linux/Unix Systems
- DES 217 – Securing Terraform Infrastructure and Resources
- DES 232 – Mitigating OWASP 2021 Injection
- DES 233 – Mitigating OWASP 2021 Identification and Authentication Failures
- DES 234 – Mitigating OWASP 2021 Cryptographic Failures
- DES 235 – Mitigating OWASP 2021 Insecure Design
- DES 236 – Mitigating OWASP 2021 Broken Access Control
- DES 237 – Mitigating OWASP 2021 Security Misconfiguration
- DES 238 – Mitigating OWASP 2021 Server-Side Request Forgery (SSRF)
- DES 239 – Mitigating OWASP 2021 Software and Data Integrity Failures
- DES 240 – Mitigating OWASP 2021 Vulnerable and Outdated Components
- DES 241 – Mitigating OWASP 2021 Security Logging and Monitoring Failures
- DSO 212 – Fundamentals of Zero Trust Security
- ENG 205 – Fundamentals of Threat Modeling
- ENG 211 – How to Create Application Security Design Requirements
- ENG 212 – Implementing Secure Software Operations
- ENG 251 – Risk Management Foundations
- LAB 101 – Identifying Broken Access Control Vulnerabilities
- LAB 102 – Identifying Broken Object-Level Authorization Vulnerabilities
- LAB 103 – Identifying Broken User Authentication Vulnerabilities
- LAB 104 – Identifying Business Logic Flaw Vulnerabilities
- LAB 105 – Identifying Credential Dumping Vulnerabilities
- LAB 106 – Identifying Cross-Site Scripting Vulnerabilities
- LAB 107 – Identifying Injection Vulnerabilities
- LAB 108 – Identifying Reverse Engineering Vulnerabilities
- LAB 109 – Identifying Security Misconfiguration Vulnerabilities
- LAB 110 – Identifying Sensitive Data Exposure Vulnerabilities
- LAB 114 – Identifying Cookie Tampering
- LAB 115 – Identifying Reflective XSS
- LAB 116 – Identifying Forceful Browsing
- LAB 117 – Identifying Hidden Form Field
- LAB 118 – Identifying Weak File Upload Validation
- LAB 119 – Identifying Persistent XSS
- LAB 120 – Identifying XML Injection
- LAB 220 – Defending Against Hard-Coded Secrets
- TST 206 – ASVS Requirements for Developers
Overview
The Secure Systems Analyst Learning Path includes a variety of security courses designed for those who specialize in the implementation of computer system requirements. The curriculum provides the fundamental knowledge required to secure networks and systems including:
- Taking a holistic approach to network and system security
- Defining and analyzing system problems
- Designing and testing standards and solutions
- Controls, monitoring access, operational procedures, auditing, and logging
Courses
- CYB 310 -Using Cyber Supply Chain Risk Management(C-SCRM) to Mitigate Threats to IT/OT
- CYB 311 – Threat Analysis with AI
- DSO 301 – Orchestrating Secure System and Service Configuration
- DSO 302 – Automated Security Testing
- DSO 304 – Securing API Gateways in a DevSecOps Framework
- DSO 305 – Automating CI/CD Pipeline Compliance
- ENG 320 – Using Software Composition Analysis (SCA) to Secure Open Source Components
- ENG 351 – Preparing the Risk Management Framework
- ENG 352 – Categorizing Systems and Information within the RMF
- ENG 353 – Selecting, Implementing and Assessing Controls within the RMF
- ENG 354 – Authorizing and Monitoring System Controls within the RMF
- ICS 310 – Protecting Information and System Integrity in Industrial Control System Environments
- TST 303 – Penetration Testing for Google Cloud Platform
- TST 304 – Penetration Testing for AWS Cloud
- TST 305 – Penetration Testing for Azure Cloud
Overview
Learning paths may include elective course content that is not required to complete SI-CSC certification exams successfully. These additional courses are suggested based on alignment with the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. To understand how courses map to this framework, please contact us.
Courses
- COD 287 – Java Application Server Hardening
- COD 288 – Java Public Key Cryptography
- COD 383 – Protecting Java Backend Services
- LAB 221 – Defending C# Applications Against SQL Injection
- LAB 222 – Defending Python Applications Against SQL Injection
- LAB 223 – Defending Node.js Applications Against SQL Injection
- LAB 228 – Defending Java Applications Against Weak AES ECB Mode Encryption
- LAB 229 – Defending Java Applications Against Weak PRNG
- LAB 230 – Defending Java Applications Against XSS
- LAB 231 – Defending Python Applications Against XSS
- LAB 232 – Defending C# Applications Against XSS
- LAB 233 – Defending Node.js Applications Against XSS
- LAB 234 – Defending Java Applications Against Parameter Tampering
- LAB 235 – Defending Java Applications Against Plaintext Password Storage
- LAB 236 – Defending Java Applications Against Sensitive Information in Error Messages
- LAB 237 – Defending Java Applications Against SQL Injection
- LAB 238 – Defending C# Applications Against Weak AES ECB Mode Encryption
- LAB 239 – Defending C# Applications Against Weak PRNG
- LAB 240 – Defending Java Applications Against eXternal XML Entity (XXE) Vulnerabilities
- LAB 241 – Defending C# Applications Against eXternal XML Entity (XXE) Vulnerabilities
- LAB 242 – Defending Node.js Applications Against eXternal XML Entity (XXE) Vulnerabilities
- LAB 243 – Defending Python Applications Against eXternal XML Entity (XXE) Vulnerabilities
- LAB 244 – Defending Java Applications Against Security Misconfiguration
- LAB 245 – Defending Node.js Applications Against Plaintext Password Storage
- LAB 246 – Defending Node.js Applications Against Weak AES ECB Mode Encryption
- LAB 247 – Defending Node.js Applications Against Weak PRNG
- LAB 248 – Defending Node.js Applications Against Parameter Tampering
- LAB 249 – Defending Python Applications Against Plaintext Password Storage
- LAB 250 – Defending C# Applications Against Parameter Tampering
- LAB 251 – Defending C# Applications Against Plaintext Password Storage
- LAB 252 – Defending Python Applications Against Weak AES ECB Mode Encryption
- LAB 253 – Defending Python Applications Against Weak PRNG
- LAB 254 – Defending Python Applications Against Parameter Tampering
- LAB 260 – Defending C# Applications Against Sensitive Information in Error Messages
- LAB 261 – Defending Python Applications Against Sensitive Information in Error Messages
- LAB 262 – Defending Node.js Applications Against Sensitive Information in Error Messages
- LAB 263 – Defending Java Applications Against Sensitive Information in Log Files
- LAB 264 – Defending Python Applications Against Sensitive Information in Log Files
- LAB 265 – Defending Node.js Applications Against Sensitive Information in Log Files
- LAB 266 – Defending C# Applications Against Sensitive Information in Log Files
- LAB 267 – Defending Java Applications Against Deserialization of Untrusted Data
- LAB 268 – Defending Python Applications Against Deserialization of Untrusted Data
- LAB 269 – Defending Node.js Applications Against Deserialization of Untrusted Data
- LAB 270 – Defending C# Applications Against Deserialization of Untrusted Data
- LAB 271 – Defending Java Applications Against SSRF
- LAB 272 – Defending Python Applications Against SSRF
- LAB 273 – Defending Node.js Applications Against SSRF
- LAB 274 – Defending C# Applications Against SSRF
Learning Path Details
Number of Courses: 44
Number of Labs: 18
Total Duration: 14 hours
Total CPE Credits: 17