C Developer

Overview

The C Developer learning path includes a variety of security courses that will vary depending on whether you are seeking core, advanced or elite paths. It is designed to provide a solid understanding of security features required to develop secure code that integrates into operating systems, operating system modules, embedded systems, or low-level libraries for other high-level languages.

The C Developer learning path covers key application security concepts including:

Memory management and string handling
Avoiding common pitfalls
C specific security flaws

AWA 101 – Fundamentals of Application Security (UPDATED)
AWA 102 – Secure Software Concepts
COD 102 – The Role of Software Security (NEW)
COD 103 – Creating Software Security Requirements (NEW)
COD 104 – Designing Secure Software (NEW)
COD 105 – Secure Software Development (NEW)
COD 106 – The Importance of Software Integration and Testing (NEW)
COD 107 – Secure Software Deployment (NEW)
COD 108 – Software Operations and Maintenance (NEW)
COD 261 – Threats to Scripts (UPDATED)
DES 101 – Fundamentals of Secure Architecture
ENG 205 – Fundamentals of Threat Modeling

COD 201 – Secure C Encrypted Network Communications
COD 202 – Secure C Runtime Protection
COD 301 – Secure C Buffer Overflow Mitigations
COD 302 -Secure C Memory Management
COD 303 – Common C Vulnerabilities & Attacks
DES 202 – Cryptographic Suite Services: Encoding, Encrypting & Hashing
DES 203 – Cryptographic Components: Randomness, Algorithms, and Key Management
DES 204 – Role of Cryptography in Application Development
DES 205 – Message Integrity Cryptographic Functions
TST 255 – Testing for Missing Authentication for Critical Function (CWE-306)
TST 257 – Testing for Use of Hard-Coded Credentials (CWE-798)
TST 259 – Testing for Unrestricted Upload of File with Dangerous Type (CWE-434)
TST 260 – Testing for Reliance on Untrusted Inputs in a Security Decision (CWE-807)
TST 261 – Testing for Execution with Unnecessary Privileges (CWE-250)
TST 264 – Testing for Download of Code without Integrity Check (CWE-494)
TST 266 – Testing for Inclusion of Functionality from Untrusted Control Sphere (CWE-829)
TST 267 – Testing for Incorrect Permission Assignment for Critical Resource (CWE-732)
TST 268 – Testing for Use of a Potentially Dangerous Function (CWE-676)
TST 271 – Testing for Improper Restriction of Excessive Authentication Attempts (CWE-307)
TST 272 – Testing for Open Redirect (CWE-601)
TST 273 – Testing for Uncontrolled Format String (CWE-134)

DES 212 – Architecture Risk Analysis & Remediation
DES 311 – Creating Secure Application Architecture
ENG 191 – Introduction to the Microsoft SDL
ENG 192- Implementing the Agile Microsoft SDL
ENG 193 – Implementing the Microsoft SDL Optimization Model
ENG 194 – Implementing Microsoft SDL Line of Business
ENG 195 – Implementing the Microsoft SDL Threat Modeling Tool
ENG 211 – How to Create Application Security Design Requirements
ENG 311 – Attack Surface Analysis & Reduction
ENG 312 – How to Perform a Security Code Review

Ready to Demo? Questions about learning paths? Contact Us!

Course Catalog / Learning Path / C Developer

C Developer

Overview

Learning Path Details

The Courses

COD 108 – Software Operations and Maintenance (NEW)

COD 107 – Secure Software Deployment (NEW)

COD 106 – The Importance of Software Integration and Testing (NEW)

COD 105 – Secure Software Development (NEW)

COD 104 – Designing Secure Software (NEW)

COD 103 – Creating Software Security Requirements (NEW)

COD 102 – The Role of Software Security (NEW)

TST 273 – Testing for Uncontrolled Format String (CWE-134)

TST 272 – Testing for Open Redirect (CWE-601)

TST 271 – Testing for Improper Restriction of Excessive Authentication Attempts (CWE-307)

TST 268 – Testing for Use of a Potentially Dangerous Function (CWE-676)

TST 267 – Testing for Incorrect Permission Assignment for Critical Resource (CWE-732)

TST 266 – Testing for Inclusion of Functionality from Untrusted Control Sphere (CWE-829)

TST 264 – Testing for Download of Code without Integrity Check (CWE-494)

TST 261 – Testing for Execution with Unnecessary Privileges (CWE-250)

TST 260 – Testing for Reliance on Untrusted Inputs in a Security Decision (CWE-807)

TST 259 – Testing for Unrestricted Upload of File with Dangerous Type (CWE-434)

TST 257 – Testing for Use of Hard-Coded Credentials (CWE-798)

TST 255 – Testing for Missing Authentication for Critical Function (CWE-306)

ENG 312 – How to Perform a Security Code Review

ENG 311 – Attack Surface Analysis & Reduction

ENG 211 – How to Create Application Security Design Requirements

ENG 205 – Fundamentals of Threat Modeling

ENG 195 – Implementing the Microsoft SDL Threat Modeling Tool

ENG 194 – Implementing Microsoft SDL Line of Business

ENG 193 – Implementing the Microsoft SDL Optimization Model

ENG 192- Implementing the Agile Microsoft SDL

ENG 191 – Introduction to the Microsoft SDL

DES 311 – Creating Secure Application Architecture

DES 212 – Architecture Risk Analysis & Remediation

DES 205 – Message Integrity Cryptographic Functions

DES 204 – Role of Cryptography in Application Development

DES 203 – Cryptographic Components: Randomness, Algorithms, and Key Management

DES 202 – Cryptographic Suite Services: Encoding, Encrypting & Hashing

DES 101 – Fundamentals of Secure Architecture

COD 303 – Common C Vulnerabilities & Attacks

COD 302 -Secure C Memory Management

COD 301 – Secure C Buffer Overflow Mitigations

COD 261 – Threats to Scripts (UPDATED)

COD 202 – Secure C Runtime Protection

COD 201 – Secure C Encrypted Network Communications

AWA 102 – Secure Software Concepts

AWA 101 – Fundamentals of Application Security (UPDATED)