Core Developer

Overview

The Core Developer learning path includes a variety of security courses that will vary depending on whether you are seeking core, advanced or elite paths. It is designed for those responsible for the design, development, and management of applications across various environments and operating platforms and provides learners with a solid foundation of application security best practices.

Concepts covered include:

Application security and risk drivers
Essential security engineering principles: defensive coding, threat modeling, and gathering security design requirements
How to identify and mitigate CWE’s 25 most dangerous software errors

AWA 101 – Fundamentals of Application Security
AWA 102 – Secure Software Concepts
COD 102 – The Role of Software Security
COD 103 – Creating Software Security Requirements
COD 104 – Designing Secure Software
COD 105 – Secure Software Development
COD 106 – The Importance of Software Integration and Testing
COD 107 – Secure Software Deployment
COD 108 – Software Operations and Maintenance
COD 141 – Fundamentals of Database Security
DES 101 – Fundamentals of Secure Architecture

DES 204 – Role of Cryptography in Application Development
DES 212 – Architecture Risk Analysis & Remediation
DES 222 – Applying OWASP 2017: Mitigating Injection
DES 223 – Applying OWASP 2017: Mitigating Broken Authentication
DES 224 – Applying OWASP 2017: Mitigating Sensitive Data Exposure
DES 225 – Applying OWASP 2017: Mitigating XML External Entities
DES 226 – Applying OWASP 2017: Mitigating Broken Access Control
DES 227 – Applying OWASP 2017: Mitigating Security Misconfiguration
DES 228 – Applying OWASP 2017: Mitigating Cross Site Scripting (XSS)
DES 229 – Applying OWASP 2017: Mitigating Insecure Deserialization
DES 230 – Applying OWASP 2017: Mitigating Use of Components with Known Vulnerabilities
DES 231 – Applying OWASP 2017: Mitigating Insufficient Logging & Monitoring Vulnerabilities
ENG 205 – Fundamentals of Threat Modeling
ENG 211 – How to Create Application Security Design Requirements
ENG 212 – Implementing Secure Software Operations (NEW)

COD 330 – Testing for Missing Authentication for Critical Function (CWE-306)
COD 332 – Testing for Use of Hard-Coded Credentials (CWE-798)
COD 334 – Testing for Unrestricted Upload of File with Dangerous Type (CWE-434)
COD 335 – Testing for Reliance on Untrusted Inputs in a Security Decision (CWE-807)
COD 336 – Testing for Execution with Unnecessary Privileges (CWE-250)
COD 339 – Testing for Download of Code without Integrity Check (CWE-494)
COD 341 – Testing for Inclusion of Functionality from Untrusted Control Sphere (CWE-829)
COD 342 – Testing for Incorrect Permission Assignment for Critical Resource (CWE-732)
COD 343 – Testing for Use of a Potentially Dangerous Function (CWE-676)
COD 346 – Testing for Improper Restriction of Excessive Authentication Attempts (CWE-307)
COD 347 – Testing for Open Redirect (CWE-601)
COD 348 – Testing for Uncontrolled Format String (CWE-134)
DES 311 – Creating Secure Application Architecture
DSO 302- Automated Security Testing
DSO 307 – Secure Secrets Management (NEW)
ENG 312 – How to Perform a Security Code Review

Ready to Demo? Questions about learning paths? Contact Us!

Course Catalog / Learning Path / Core Developer

Core Developer

Overview

Learning Path Details

The Courses

ENG 212 – Implementing Secure Software Operations (NEW)

DSO 307 – Secure Secrets Management (NEW)

DSO 302- Automated Security Testing

COD 108 – Software Operations and Maintenance

COD 107 – Secure Software Deployment

COD 106 – The Importance of Software Integration and Testing

COD 105 – Secure Software Development

COD 104 – Designing Secure Software

COD 103 – Creating Software Security Requirements

COD 102 – The Role of Software Security

COD 348 – Testing for Uncontrolled Format String (CWE-134)

COD 347 – Testing for Open Redirect (CWE-601)

COD 346 – Testing for Improper Restriction of Excessive Authentication Attempts (CWE-307)

COD 343 – Testing for Use of a Potentially Dangerous Function (CWE-676)

COD 342 – Testing for Incorrect Permission Assignment for Critical Resource (CWE-732)

COD 341 – Testing for Inclusion of Functionality from Untrusted Control Sphere (CWE-829)

COD 339 – Testing for Download of Code without Integrity Check (CWE-494)

COD 336 – Testing for Execution with Unnecessary Privileges (CWE-250)

COD 335 – Testing for Reliance on Untrusted Inputs in a Security Decision (CWE-807)

COD 334 – Testing for Unrestricted Upload of File with Dangerous Type (CWE-434)

COD 332 – Testing for Use of Hard-Coded Credentials (CWE-798)

COD 330 – Testing for Missing Authentication for Critical Function (CWE-306)

ENG 312 – How to Perform a Security Code Review

ENG 211 – How to Create Application Security Design Requirements

ENG 205 – Fundamentals of Threat Modeling

DES 311 – Creating Secure Application Architecture

DES 231 – Applying OWASP 2017: Mitigating Insufficient Logging & Monitoring Vulnerabilities

DES 230 – Applying OWASP 2017: Mitigating Use of Components with Known Vulnerabilities

DES 229 – Applying OWASP 2017: Mitigating Insecure Deserialization

DES 228 – Applying OWASP 2017: Mitigating Cross Site Scripting (XSS)

DES 227 – Applying OWASP 2017: Mitigating Security Misconfiguration

DES 226 – Applying OWASP 2017: Mitigating Broken Access Control

DES 225 – Applying OWASP 2017: Mitigating XML External Entities

DES 224 – Applying OWASP 2017: Mitigating Sensitive Data Exposure

DES 223 – Applying OWASP 2017: Mitigating Broken Authentication

DES 222 – Applying OWASP 2017: Mitigating Injection

DES 212 – Architecture Risk Analysis & Remediation

DES 204 – Role of Cryptography in Application Development

DES 101 – Fundamentals of Secure Architecture

COD 141 – Fundamentals of Database Security

AWA 102 – Secure Software Concepts

AWA 101 – Fundamentals of Application Security