Overview
The Web Developer learning path includes a variety of security courses that will vary depending on whether you are seeking core, advanced or elite paths. It is designed for those responsible for the development of web applications or applications that are run over HTTP from a web server to a web browser.
The Web Developer Learning Path provides developers with a solid foundation of security features necessary to develop applications including:
- Responsive web design
- Enterprise integration
- How to protect data with security best practices
- AWA 101 – Fundamentals of Application Security
- AWA 102 – Secure Software Concepts (UPDATED)
- COD 102 – The Role of Software Security
- COD 103 – Creating Software Security Requirements
- COD 104 – Designing Secure Software
- COD 105 – Secure Software Development
- COD 106 – The Importance of Software Integration and Testing
- COD 107 – Secure Software Deployment
- COD 108 – Software Operations and Maintenance
- DES 101 – Fundamentals of Secure Architecture
- LAB 111 Identifying Server-Side Request Forgery (NEW)
- LAB 120 Identifying XML Injection (NEW)
- LAB 124 Identifying Horizontal Privilege Escalation (NEW)
- LAB 125 Identifying Buffer Overflow (NEW)
- LAB 126 Identifying Information Leakage (NEW)
- LAB 127 Identifying Security Logging and Monitoring Failures
- LAB 128 Identifying Unverified Password Change
- LAB 129 Identifying Error Message Containing Sensitive Information
- LAB 130 Identifying Generation of Predictable Numbers or Identifiers
- API 210 Mitigating APIs Lack of Resources & Rate Limiting (NEW)
- API 211 Mitigating APIs Broken Object Level Authorization (NEW)
- API 213 Mitigating APIs Mass Assignment
- API 214 Mitigating APIs Improper Asset Management
- COD 241 – Creating Secure Oracle DB Applications
- COD 251 – Defending AJAX-Enabled Web Applications
- COD 255 – Creating Secure Code: Web API Foundations
- COD 256 – Creating Secure Code: Ruby on Rails Foundations
- COD 257 – Creating Secure Python Web Applications
- COD 258 – Creating Secure PHP Web Applications
- COD 259 – Node.js Threats & Vulnerabilities
- COD 261 – Threats to Scripts
- COD 262 – Fundamentals of Shell and Interpreted Language Security
- COD 285 – Developing Secure Angular Applications
- DES 204 – Role of Cryptography in Application Development
- DES 207 – Mitigating OWASP API Security Top 10
- DES 212 – Architecture Risk Analysis & Remediation
- DES 232 – Mitigating OWASP 2021 Injection (NEW)
- DES 233 – Mitigating OWASP 2021 Identification and Authentication Failures (NEW)
- DES 234 – Mitigating OWASP 2021 Cryptographic Failures (NEW)
- DES 235 Mitigating OWASP 2021 Insecure Design (NEW)
- DES 237 Mitigating OWASP 2021 Security Misconfiguration (NEW)
- DES 238 Mitigating OWASP 2021 Server-Side Request Forgery (SSRF) (NEW)
- DES 239 Mitigating OWASP 2021 Software and Data Integrity Failures (NEW)
- DES 240 Mitigating OWASP 2021 Vulnerable and Outdated Components (NEW)
- DES 241 Mitigating OWASP 2021 Security Logging and Monitoring Failures (NEW)
- ENG 205 – Fundamentals of Threat Modeling
- ENG 211 – How to Create Application Security Design Requirements
- ENG 212 – Implementing Secure Software Operations
- LAB 101 – Identifying Broken Access Control Vulnerabilities
- LAB 102 – Identifying Broken Object-Level Authorization Vulnerabilities
- LAB 103 – Identifying Broken User Authentication Vulnerabilities
- LAB 104 – Identifying Business Logic Flaw Vulnerabilities
- LAB 105 – Identifying Credential Dumping: Vulnerability Identification
- LAB 106 – Identifying Cross-Site Scripting Vulnerabilities
- LAB 107 – Identifying Injection Vulnerabilities
- LAB 108 – Identifying Reverse Engineering Vulnerabilities
- LAB 109 – Identifying Security Misconfiguration Vulnerabilities
- LAB 110 – Identifying Sensitive Data Exposure Vulnerability Identification
- LAB 113 Identifying Cryptographic Failures (NEW)
- LAB 114 Identifying Cookie Tampering (NEW)
- LAB 115 Identifying Reflective XSS (NEW)
- LAB 116 Identifying Forceful Browsing (NEW)
- LAB 117 Identifying Hidden Form Field (NEW)
- LAB 118 Identifying Weak File Upload Validation (NEW)
- LAB 119 Identifying Persistent XSS (NEW)
- LAB 121 Identifying Vulnerable and Outdate Components (NEW)
- LAB 122 Identifying Insecure APIs (NEW)
- LAB 123 Identifying Vertical Privilege Escalation (NEW)
- LAB 220 Defending Against Hard-Coded Secrets (NEW)
- LAB 221 Defending C# Applications Against SQL Injection (NEW)
- LAB 222 Defending Python Applications Against SQL Injection (NEW)
- LAB 223 Defending Node.js Applications Against SQL Injection (NEW)
- LAB 228 Defending Java Applications Against Weak AES ECB Mode Encryption (NEW)
- LAB 229 Defending Java Applications Against Weak PRNG (NEW)
- LAB 230 Defending Java Applications Against XSS (NEW)
- LAB 231 Defending Python Applications Against XSS (NEW)
- LAB 232 Defending C# Applications Against XSS (NEW)
- LAB 233 Defending Node.js Applications Against XSS (NEW)
- LAB 234 Defending Java Applications Against Parameter Tampering (NEW)
- LAB 235 Defending Java Applications Against Plaintext Password Storage (NEW)
- LAB 236 Defending Java Applications Against Sensitive Information in Error Messages
- LAB 237 Defending Java Applications Against SQL Injection (NEW)
- LAB 238 Defending C# Applications Against Weak AES ECB Mode Encryption (NEW)
- LAB 239 Defending C# Applications Against Weak PRNG (NEW)
- LAB 240 Defending Java Applications Against eXternal XML Entity (XXE) Vulnerabilities (NEW)
- LAB 241 Defending C# Applications Against eXternal XML Entity (XXE) Vulnerabilities (NEW)
- LAB 242 Defending Node.js Applications Against eXternal XML Entity (XXE) Vulnerabilities (NEW)
- LAB 243 Defending Python Applications Against eXternal XML Entity (XXE) Vulnerabilities (NEW)
- LAB 244 Defending Java Applications Against Security Misconfiguration (NEW)
- LAB 245 Defending Node.js Applications Against Plaintext Password Storage (NEW)
- LAB 246 Defending Node.js Applications Against Weak AES ECB Mode Encryption (NEW)
- LAB 247 Defending Node.js Applications Against Weak PRNG (NEW)
- LAB 248 Defending Node.js Applications Against Parameter Tampering (NEW)
- LAB 249 Defending Python Applications Against Plaintext Password Storage (NEW)
- LAB 250 Defending C# Applications Against Parameter Tampering (NEW)
- LAB 251 Defending C# Applications Against Plaintext Password Storage (NEW)
- LAB 252 Defending Python Applications Against Weak AES ECB Mode Encryption (NEW)
- LAB 253 Defending Python Applications Against Weak PRNG (NEW)
- LAB 254 Defending Python Applications Against Parameter Tampering (NEW)
- LAB 260 Defending C# Applications Against Sensitive Information in Error Messages
- LAB 261 Defending Python Applications Against Sensitive Information in Error Messages
- LAB 262 Defending Node.js Applications Against Sensitive Information in Error Messages
- COD 352 – Creating Secure JavaScript and jQuery Code
- COD 361 – HTML5 Secure Threats
- COD 362 – HTML5 Built in Security Features
- COD 363- Securing HTML5 Data
- COD 364 – Securing HTML5 Connectivity
- DES 311 – Creating Secure Application Architecture
- DSO 304 – Securing API Gateways in a DevSecOps Framework
- DSO 307 – Secure Secrets Management
- ENG 312 – How to Perform a Security Code Review
- LAB 315 ATT&CK: Updating Vulnerable Java Web Application Server Software (NEW)
- LAB 321 ATT&CK: Password Cracking (NEW)
- LAB 322 ATT&CK: Exploiting Windows File Sharing Server with External Remote Services (NEW)
- LAB 323 ATT&CK: Exploiting Vulnerable Java Web Application Server Software (NEW)
- LAB 324 ATT&CK: Exploiting Java Web Application Server Misconfiguration (NEW)
- LAB 330 ATT&CK: Exploiting Java SQL Injection to Extract Password Hashes (NEW)
- LAB 331 ATT&CK: Network Service Discovery
- LAB 332 ATT&CK: Network Share Discovery
- LAB 334 ATT&CK: Create Account
- LAB 335 ATT&CK: Unsecured Credentials
- SDT 301 Testing for Injection (NEW)
- SDT 302 Testing for Identification and Authentication Failures (NEW)
- SDT 303 Testing for Cryptographic Failures (NEW)
- SDT 304 Testing for Insecure Design (NEW)
- SDT 305 Testing for Broken Access Control (NEW)
- SDT 306 Testing for Security Misconfiguration (NEW)
- SDT 307 Testing for Server-Side Request Forgery (SSRF) (NEW)
- SDT 308 Testing for Software and Data Integrity Failures (NEW)
- SDT 309 Testing for Vulnerable and Outdated Components (NEW)
- SDT 310 Testing for Security Logging and Monitoring Failures (NEW)
- SDT 313 – Testing for (CSRF) Cross Site Request Forgery
- SDT 314 – Testing for Unrestricted Upload of File with Dangerous Type
Learning Path Details
Number of Courses: 133
Number of Labs: 60
Total Duration: 29 hours
Total CPE Credits: 35