Overview
The Core Developer learning path includes a variety of security courses that will vary depending on whether you are seeking core, advanced or elite paths. It is designed for those responsible for the design, development, and management of applications across various environments and operating platforms and provides learners with a solid foundation of application security best practices.
Concepts covered include:
- Application security and risk drivers
- Essential security engineering principles: defensive coding, threat modeling, and gathering security design requirements
- How to identify and mitigate CWE’s 25 most dangerous software errors
- AWA 101 – Fundamentals of Application Security (UPDATED)
- AWA 102 – Secure Software Concepts
- COD 102 – The Role of Software Security (NEW)
- COD 103 – Creating Software Security Requirements (NEW)
- COD 104 – Designing Secure Software (NEW)
- COD 105 – Secure Software Development (NEW)
- COD 106 – The Importance of Software Integration and Testing (NEW)
- COD 107 – Secure Software Deployment (NEW)
- COD 108 – Software Operations and Maintenance (NEW)
- COD 141 – Fundamentals of Secure Database Development
- DES 101 – Fundamentals of Secure Architecture
- ENG 205 – Fundamentals of Threat Modeling
- DES 202 – Cryptographic Suite Services: Encoding, Encrypting & Hashing
- DES 203 – Cryptographic Components: Randomness, Algorithms, and Key Management
- DES 204 – Role of Cryptography in Application Development
- DES 205 – Message Integrity Cryptographic Functions
- DES 222 – Applying OWASP 2017: Mitigating Injection
- DES 223 – Applying OWASP 2017: Mitigating Broken Authentication
- DES 224 – Applying OWASP 2017: Mitigating Sensitive Data Exposure
- DES 225 – Applying OWASP 2017: Mitigating XML External Entities
- DES 226 – Applying OWASP 2017: Mitigating Broken Access Control
- DES 227 – Applying OWASP 2017: Mitigating Security Misconfiguration
- DES 228 – Applying OWASP 2017: Mitigating Cross Site Scripting (XSS)
- DES 229 – Applying OWASP 2017: Mitigating Insecure Deserialization
- DES 230 – Applying OWASP 2017: Mitigating Use of Components with Known Vulnerabilities
- DES 231 – Applying OWASP 2017: Mitigating Insufficient Logging & Monitoring Vulnerabilities
- TST 255 – Testing for Missing Authentication for Critical Function (CWE-306)
- TST 257 – Testing for Use of Hard-Coded Credentials (CWE-798)
- TST 259 – Testing for Unrestricted Upload of File with Dangerous Type (CWE-434)
- TST 260 – Testing for Reliance on Untrusted Inputs in a Security Decision (CWE-807)
- TST 261 – Testing for Execution with Unnecessary Privileges (CWE-250)
- TST 264 – Testing for Download of Code without Integrity Check (CWE-494)
- TST 266 – Testing for Inclusion of Functionality from Untrusted Control Sphere (CWE-829)
- TST 267 – Testing for Incorrect Permission Assignment for Critical Resource (CWE-732)
- TST 268 – Testing for Use of a Potentially Dangerous Function (CWE-676)
- TST 271 – Testing for Improper Restriction of Excessive Authentication Attempts (CWE-307)
- TST 272 – Testing for Open Redirect (CWE-601)
- TST 273 – Testing for Uncontrolled Format String (CWE-134)
- DES 212 – Architecture Risk Analysis & Remediation
- DES 311 – Creating Secure Application Architecture
- ENG 191 – Introduction to the Microsoft SDL
- ENG 192- Implementing the Agile Microsoft SDL
- ENG 193 – Implementing the Microsoft SDL Optimization Model
- ENG 194 – Implementing Microsoft SDL Line of Business
- ENG 195 – Implementing the Microsoft SDL Threat Modeling Tool
- ENG 211 – How to Create Application Security Design Requirements
- ENG 311 – Attack Surface Analysis & Reduction
- ENG 312 – How to Perform a Security Code Review
Learning Path Details
Number of Courses: 48
Total Duration: 21 hours
Total CPE Credits: 25