Overview
The Systems Analyst learning path includes a variety of security courses that will vary depending on whether you are seeking core, advanced or elite paths. It is designed for those who specialize in the implementation of computer system requirements.
The Systems Analyst learning path provides the fundamental knowledge required to secure networks and systems including:
- Taking a holistic approach to network and system security
- Defining and analyzing system problems
- Designing and testing standards and solutions
- Controls, monitoring access, operational procedures, auditing, and logging
- AWA 101 – Fundamentals of Application Security
- AWA 102 – Secure Software Concepts (UPDATE PENDING)
- ENG 110 – Essential Account Management Security
- ENG 111 – Essential Session Management Security
- ENG 112 – Essential Access Control for Mobile Devices
- ENG 113 – Essential Secure Configuration Management
- ENG 114 – Essential Risk Assessment
- ENG 115 – Essential System & Information Integrity
- ENG 116 – Essential Security Planning Policy & Procedures
- ENG 117 – Essential Information Security Program Planning
- ENG 118 – Essential Incident Response
- ENG 119 – Essential Security Audit & Accountability
- ENG 120 – Essential Security Assessment & Authorization
- ENG 121 – Essential Identification & Authentication
- ENG 122 – Essential Physical & Environmental Protection
- ENG 123 – Essential Security Engineering Principles
- ENG 124 – Essential Application Protection
- ENG 125 – Essential Data Protection
- ENG 126 – Essential Security Maintenance Policies
- ENG 127 – Essential Media Protection
- LAB 120 Identifying XML Injection (NEW)
- API 210 Mitigating APIs Lack of Resources & Rate Limiting (COMING SOON)
- API 211 Mitigating APIs Broken Object Level Authorization (COMING SOON)
- DES 207 – Mitigating OWASP API Security Top 10
- DES 210 – Hardening Linux/Unix Systems
- DES 217 – Securing Terraform Infrastructure and Resources
- DES 222 – Applying OWASP 2017: Mitigating Injection
- DES 223 – Applying OWASP 2017: Mitigating Broken Authentication
- DES 224 – Applying OWASP 2017: Mitigating Sensitive Data Exposure
- DES 225 – Applying OWASP 2017: Mitigating XML External Entities
- DES 226 – Applying OWASP 2017: Mitigating Broken Access Control
- DES 227 – Applying OWASP 2017: Mitigating Security Misconfiguration
- DES 228 – Applying OWASP 2017: Mitigating Cross Site Scripting (XSS)
- DES 229 – Applying OWASP 2017: Mitigating Insecure Deserialization
- DES 230 – Applying OWASP 2017: Mitigating Use of Components with Known Vulnerabilities
- DES 231 – Applying OWASP 2017: Mitigating Insufficient Logging & Monitoring Vulnerabilities
- DES 232 – Mitigating OWASP 2021 Injection (NEW)
- DES 233 – Mitigating OWASP 2021 Identification and Authentication Failures (NEW)
- DES 234 – Mitigating OWASP 2021 Cryptographic Failures (NEW)
- DES 235 Mitigating OWASP 2021 Insecure Design (NEW)
- DES 236 Mitigating OWASP 2021 Broken Access Control (NEW)
- DES 237 Mitigating OWASP 2021 Security Misconfiguration (NEW)
- DES 238 Mitigating OWASP 2021 Server-Side Request Forgery (SSRF) (NEW)
- DES 239 Mitigating OWASP 2021 Software and Data Integrity Failures (NEW)
- DES 240 Mitigating OWASP 2021 Vulnerable and Outdated Components (NEW)
- DES 241 Mitigating OWASP 2021 Security Logging and Monitoring Failures (NEW)
- DSO 212 Fundamentals of Zero Trust Security (COMING SOON)
- ENG 205 – Fundamentals of Threat Modeling
- ENG 211 – How to Create Application Security Design Requirements
- ENG 212 – Implementing Secure Software Operations
- ENG 251 – Risk Management Foundations
- LAB 114 Identifying Cookie Tampering (NEW)
- LAB 115 Identifying Reflective XSS (NEW)
- LAB 116 Identifying Forceful Browsing (NEW)
- LAB 117 Identifying Hidden Form Field (NEW)
- LAB 118 Identifying Weak File Upload Validation (NEW)
- LAB 119 Identifying Persistent XSS (NEW)
- LAB 220 Defending Against Hard-Coded Secrets (NEW)
- LAB 221 Defending C# Against SQL Injection (NEW)
- LAB 222 Defending Python Against SQL Injection (NEW)
- LAB 223 Defending Node.js Against SQL Injection (NEW)
- LAB 228 Defending Against Weak AES ECB Mode Encryption (Java) (COMING SOON)
- LAB 229 Defending Against Weak PRNG (Java) (COMING SOON)
- LAB 230 Defending Java Against XSS (NEW)
- LAB 231 Defending Python Against XSS (NEW)
- LAB 232 Defending C# Against XSS (NEW)
- LAB 233 Defending Node.js Against XSS (NEW)
- LAB 234 Defending Against Parameter Tampering (Java) (COMING SOON)
- LAB 235 Defending Against Plaintext Password Storage (Java) (COMING SOON)
- LAB 237 Defending Java from SQL Injection (NEW)
- LAB 238 Defending Against Weak AES ECB Mode Encryption (C#) (COMING SOON)
- LAB 239 Defending Against Weak PRNG (C#) (COMING SOON)
- LAB 240 Defending Java Against eXternal XML Entity (XXE) Vulnerabilities (NEW)
- LAB 241 Defending C# Against eXternal XML Entity (XXE) Vulnerabilities (NEW)
- LAB 242 Defending Node.js Against eXternal XML Entity (XXE) Vulnerabilities (NEW)
- LAB 243 Defending Python Against eXternal XML Entity (XXE) Vulnerabilities (NEW)
- LAB 244 Defending Java Against Security Misconfiguration (NEW)
- LAB 245 Defending Against Plaintext Password Storage (Node.js) (COMING SOON)
- LAB 246 Defending Against Weak AES ECB Mode Encryption (Node.js) (COMING SOON)
- LAB 247 Defending Against Weak PRNG (Node.js) (COMING SOON)
- LAB 248 Defending Against Parameter Tampering (Node.js) (COMING SOON)
- LAB 249 Defending Against Plaintext Password Storage (Python) (COMING SOON)
- LAB 250 Defending Against Parameter Tampering (C#) (COMING SOON)
- LAB 251 Defending Against Plaintext Password Storage (C#) (COMING SOON)
- LAB 252 Defending Against Weak AES ECB Mode Encryption (Python) (COMING SOON)
- LAB 253 Defending Against Weak PRNG (Python) (COMING SOON)
- LAB 254 Defending Against Parameter Tampering (Python) (COMING SOON)
- TST 206 – ASVS Requirements for Developers
- DSO 301 – Orchestrating Secure System and Service Configuration
- DSO 302- Automated Security Testing
- DSO 304 – Securing API Gateways in a DevSecOps Framework
- DSO 305 – Automating CI/CD Pipeline Compliance
- ENG 351 – Preparing the Risk Management Framework
- ENG 352 – Categorizing Systems and Information within the RMF
- ENG 353 – Selecting, Implementing and Assessing Controls within the RMF
- ENG 354 – Authorizing and Monitoring System Controls within the RMF
- TST 303 – Penetration Testing for Google Cloud Platform
- TST 304 – Penetration Testing for AWS Cloud
- TST 305 – Penetration Testing for Azure Cloud
Learning Path Details
Number of Courses: 100
Total Duration: 17 hours
Total CPE Credits: 20