Overview
The Ruby on Rails learning path includes a variety of security courses that will vary depending on whether you are seeking core, advanced or elite paths. This path is designed for those responsible for writing server-side web application logic in Ruby, around the frame rails. It provides best practices and techniques for secure application development, including:
- Understanding various classes of vulnerabilities
- Building strong session management
- Preventing vulnerabilities commonly found in Rails applications
- AWA 101 – Fundamentals of Application Security
- AWA 102 – Secure Software Concepts (UPDATED)
- COD 102 – The Role of Software Security
- COD 103 – Creating Software Security Requirements
- COD 104 – Designing Secure Software
- COD 105 – Secure Software Development
- COD 106 – The Importance of Software Integration and Testing
- COD 107 – Secure Software Deployment
- COD 108 – Software Operations and Maintenance
- DES 101 – Fundamentals of Secure Architecture
- COD 251 – Defending AJAX-Enabled Web Applications
- COD 255 – Creating Secure Code: Web API Foundations
- COD 256 – Creating Secure Code: Ruby on Rails Foundations
- COD 257 – Creating Secure Python Web Applications
- COD 259 – Node.js Threats & Vulnerabilities
- COD 281 – Java Security Model
- COD 283 – Java Cryptography
- COD 284 – Secure Java Coding
- COD 287 – Java Application Server Hardening
- DES 204 – Role of Cryptography in Application Development
- DES 207 – Mitigating OWASP API Security Top 10
- DES 212 – Architecture Risk Analysis & Remediation
- DES 232 – Mitigating OWASP 2021 Injection (NEW)
- DES 234 – Mitigating OWASP 2021 Cryptographic Failures (NEW)
- ENG 205 – Fundamentals of Threat Modeling
- ENG 211 – How to Create Application Security Design Requirements
- ENG 212 – Implementing Secure Software Operations
- LAB 222 Defending Python Applications Against SQL Injection (NEW)
- LAB 223 Defending Node.js Applications Against SQL Injection (NEW)
- LAB 228 Defending Java Applications Against Weak AES ECB Mode Encryption (NEW)
- LAB 229 Defending Java Applications Against Weak PRNG (NEW)
- LAB 230 Defending Java Applications Against XSS (NEW)
- LAB 231 Defending Python Applications Against XSS (NEW)
- LAB 233 Defending Node.js Applications Against XSS (NEW)
- LAB 234 Defending Java Applications Against Parameter Tampering (NEW)
- LAB 235 Defending Java Applications Against Plaintext Password Storage (NEW)
- LAB 236 Defending Java Applications Against Sensitive Information in Error Messages
- LAB 237 Defending Java Applications Against SQL Injection (NEW)
- LAB 240 Defending Java Applications Against eXternal XML Entity (XXE) Vulnerabilities (NEW)
- LAB 242 Defending Node.js Applications Against eXternal XML Entity (XXE) Vulnerabilities (NEW)
- LAB 243 Defending Python Applications Against eXternal XML Entity (XXE) Vulnerabilities (NEW)
- LAB 244 Defending Java Applications Against Security Misconfiguration (NEW)
- LAB 245 Defending Node.js Applications Against Plaintext Password Storage (NEW)
- LAB 246 Defending Node.js Applications Against Weak AES ECB Mode Encryption (NEW)
- LAB 247 Defending Node.js Applications Against Weak PRNG (NEW)
- LAB 248 Defending Node.js Applications Against Parameter Tampering (NEW)
- LAB 249 Defending Python Applications Against Plaintext Password Storage (NEW)
- LAB 252 Defending Python Applications Against Weak AES ECB Mode Encryption (NEW)
- LAB 253 Defending Python Applications Against Weak PRNG (NEW)
- LAB 254 Defending Python Applications Against Parameter Tampering (NEW)
- LAB 261 Defending Python Applications Against Sensitive Information in Error Messages
- LAB 262 Defending Node.js Applications Against Sensitive Information in Error Messages
- COD 352 – Creating Secure JavaScript and jQuery Code
- COD 361 – HTML5 Secure Threats
- COD 362 – HTML5 Built in Security Features
- COD 363- Securing HTML5 Data
- COD 364 – Securing HTML5 Connectivity
- DES 311 – Creating Secure Application Architecture
- DSO 304 – Securing API Gateways in a DevSecOps Framework
- DSO 306 – Implementing Infrastructure as Code
- DSO 307 – Secure Secrets Management
- ENG 312 – How to Perform a Security Code Review
- SDT 301 Testing for Injection (NEW)
- SDT 303 Testing for Cryptographic Failures (NEW)
Learning Path Details
Number of Courses: 64
Number of Labs: 32
Total Duration: 20 Hours
Total CPE Credits: 25