Overview
- AWA 101 – Fundamentals of Application Security
- AWA 102 – Secure Software Concepts (UPDATED)
- COD 102 – The Role of Software Security
- COD 103 – Creating Software Security Requirements
- COD 104 – Designing Secure Software
- COD 105 – Secure Software Development
- COD 106 – The Importance of Software Integration and Testing
- COD 107 – Secure Software Deployment
- COD 108 – Software Operations and Maintenance
- COD 110 – Fundamentals of Secure Mobile Development
- COD 141 – Fundamentals of Database Security
- DES 101 – Fundamentals of Secure Architecture
- DES 151 – Fundamentals of the PCI Secure SLC Standard
- ENG 110 – Essential Account Management Security
- ENG 113 – Essential Secure Configuration Management
- ENG 114 – Essential Risk Assessment
- ENG 115 – Essential System & Information Integrity
- ENG 117 – Essential Information Security Program Planning
- ENG 118 – Essential Incident Response
- ENG 119 – Essential Security Audit & Accountability
- ENG 120 – Essential Security Assessment & Authorization
- ENG 121 – Essential Identification & Authentication
- ENG 123 – Essential Security Engineering Principles
- ENG 124 – Essential Application Protection
- ENG 125 – Essential Data Protection
- ENG 150 – Meeting Confidentiality, Integrity, and Availability
- ENG 151 – Fundamentals of Privacy Protection
- ENG 191 – Introduction to the Microsoft SDL
- LAB 111 Identifying Server-Side Request Forgery (NEW)
- LAB 120 Identifying XML Injection (NEW)
- LAB 124 Identifying Horizontal Privilege Escalation (NEW)
- LAB 125 Identifying Buffer Overflow (NEW)
- LAB 126 Identifying Information Leakage (NEW)
- LAB 127 Identifying Security Logging and Monitoring Failures
- LAB 128 Identifying Unverified Password Change
- LAB 129 Identifying Error Message Containing Sensitive Information
- LAB 130 Identifying Generation of Predictable Numbers or Identifiers
- TST 101 – Fundamentals of Security Testing
- API 210 Mitigating APIs Lack of Resources & Rate Limiting (NEW)
- API 211 Mitigating APIs Broken Object Level Authorization (NEW)
- API 213 Mitigating APIs Mass Assignment
- API 214 Mitigating APIs Improper Asset Management
- ATK 201 – Using the MITRE ATT&CK Framework
- COD 249 – PCI DSS 11: Regularly Test Security Systems and Processes
- COD 252 – Securing Google Platform Applications & Data
- COD 261 – Threats to Scripts
- COD 262 – Fundamentals of Shell and Interpreted Language Security
- COD 263 – Secure Bash Scripting
- COD 264 – Secure Perl Scripting
- COD 265 – Secure Python Scripting
- COD 266 – Secure Ruby Scripting
- COD 287 – Java Application Server Hardening
- DES 202 – Cryptographic Suite Services: Encoding, Encrypting & Hashing
- DES 203 – Cryptographic Components: Randomness, Algorithms, and Key Management
- DES 204 – Role of Cryptography in Application Development
- DES 205 – Message Integrity Cryptographic Functions
- DES 206 – Meeting Cloud Governance and Compliance Requirements
- DES 208 – Defending Against the CSA Top 11 Threats to Cloud Computing
- DES 209 Authentication and Lifecycle Management (NEW)
- DES 210 – Hardening Linux/Unix Systems
- DES 212 – Architecture Risk Analysis & Remediation
- DES 214 – Securing Infrastructure Architecture
- DES 215 – Defending Infrastructure
- DES 216 – Protecting Cloud Infrastructure
- DES 217 – Securing Terraform Infrastructure and Resources
- DES 218 – Protecting Microservices, Containers, and Orchestration
- DES 232 – Mitigating OWASP 2021 Injection (NEW)
- DES 233 – Mitigating OWASP 2021 Identification and Authentication Failures (NEW)
- DES 234 – Mitigating OWASP 2021 Cryptographic Failures (NEW)
- DES 235 Mitigating OWASP 2021 Insecure Design (NEW)
- DES 236 Mitigating OWASP 2021 Broken Access Control (NEW)
- DES 237 Mitigating OWASP 2021 Security Misconfiguration (NEW)
- DES 238 Mitigating OWASP 2021 Server-Side Request Forgery (SSRF) (NEW)
- DES 239 Mitigating OWASP 2021 Software and Data Integrity Failures (NEW)
- DES 240 Mitigating OWASP 2021 Vulnerable and Outdated Components (NEW)
- DES 241 Mitigating OWASP 2021 Security Logging and Monitoring Failures (NEW)
- DES 255 – Securing the IoT Update Process
- DES 260 – Fundamentals of IoT Architecture & Design
- DES 272 – OWASP M2: Mitigating Insecure Data Storage
- DES 282 – OWASP IoT2: Mitigating Insecure Network Services
- DES 288 – OWASP IoT8: Mitigating Lack of Device Management
- DES 289 – OWASP IoT9: Mitigating Insecure Default Settings
- DSO 201 – Fundamentals of Secure DevOps
- DSO 205 – Securing the COTS Supply Chain
- DSO 206 – Securing the Open Source Supply Chain
- DSO 211 – Identifying Threats to Containers in a DevSecOps Framework
- DSO 212 Fundamentals of Zero Trust Security (NEW)
- DSO 253 – DevSecOps in the AWS Cloud
- DSO 254 – DevSecOps in the Azure Cloud
- DSO 256 – DevSecOps in the Google Cloud Platform
- ENG 205 – Fundamentals of Threat Modeling
- ENG 211 – How to Create Application Security Design Requirements
- ENG 251 – Risk Management Foundations
- LAB 101 – Identifying Broken Access Control Vulnerabilities
- LAB 102 – Identifying Broken Object-Level Authorization Vulnerabilities
- LAB 103 – Identifying Broken User Authentication Vulnerabilities
- LAB 104 – Identifying Business Logic Flaw Vulnerabilities
- LAB 105 – Identifying Credential Dumping: Vulnerability Identification
- LAB 106 – Identifying Cross-Site Scripting Vulnerabilities
- LAB 107 – Identifying Injection Vulnerabilities
- LAB 108 – Identifying Reverse Engineering Vulnerabilities
- LAB 109 – Identifying Security Misconfiguration Vulnerabilities
- LAB 110 – Identifying Sensitive Data Exposure Vulnerability Identification
- LAB 113 Identifying Cryptographic Failures (NEW)
- LAB 114 Identifying Cookie Tampering (NEW)
- LAB 115 Identifying Reflective XSS (NEW)
- LAB 116 Identifying Forceful Browsing (NEW)
- LAB 117 Identifying Hidden Form Field (NEW)
- LAB 118 Identifying Weak File Upload Validation (NEW)
- LAB 119 Identifying Persistent XSS (NEW)
- LAB 121 Identifying Vulnerable and Outdate Components (NEW)
- LAB 122 Identifying Insecure APIs (NEW)
- LAB 123 Identifying Vertical Privilege Escalation (NEW)
- TST 202 – Penetration Testing Fundamentals
- TST 205 – Performing Vulnerability Scans
- TST 206 – ASVS Requirements for Developers
- COD 383 – Protecting Java Backend Services
- CYB 250 Cyber Threat Hunting: Tactics, Techniques, and Procedures (TTP)
- CYB 301 – Fundamentals of Ethical Hacking
- DES 305 – Protecting Existing Blockchain Assets
- DES 306 – Creating a Secure Blockchain Network
- DES 311 – Creating Secure Application Architecture
- DES 313 Hardening a Kubernetes Cluster (NEW)
- DES 314 Hardening the Docker Engine
- DSO 301 – Orchestrating Secure System and Service Configuration
- DSO 302- Automated Security Testing
- DSO 303 – Automating Security Updates
- DSO 304 – Securing API Gateways in a DevSecOps Framework
- DSO 305 – Automating CI/CD Pipeline Compliance
- DSO 306 – Implementing Infrastructure as Code
- ENG 311 – Attack Surface Analysis & Reduction
- ENG 312 – How to Perform a Security Code Review
- ENG 351 – Preparing the Risk Management Framework
- ENG 352 – Categorizing Systems and Information within the RMF
- ENG 353 – Selecting, Implementing and Assessing Controls within the RMF
- ENG 354 – Authorizing and Monitoring System Controls within the RMF
- ICS 310 Protecting Information and System Integrity in Industrial Control System Environments
- LAB 315 ATT&CK: Updating Vulnerable Java Web Application Server Software (NEW)
- LAB 321 ATT&CK: Password Cracking (NEW)
- LAB 322 ATT&CK: Exploiting Windows File Sharing Server with External Remote Services (NEW)
- LAB 323 ATT&CK: Exploiting Vulnerable Java Web Application Server Software (NEW)
- LAB 324 ATT&CK: Exploiting Java Web Application Server Misconfiguration (NEW)
- LAB 330 ATT&CK: Exploiting Java SQL Injection to Extract Password Hashes (NEW)
- LAB 331 ATT&CK: Network Service Discovery
- LAB 332 ATT&CK: Network Share Discovery
- LAB 334 ATT&CK: Create Account
- LAB 335 ATT&CK: Unsecured Credentials
- SDT 301 Testing for Injection (NEW)
- SDT 302 Testing for Identification and Authentication Failures (NEW)
- SDT 303 Testing for Cryptographic Failures (NEW)
- SDT 304 Testing for Insecure Design (NEW)
- SDT 305 Testing for Broken Access Control (NEW)
- SDT 306 Testing for Security Misconfiguration (NEW)
- SDT 307 Testing for Server-Side Request Forgery (SSRF) (NEW)
- SDT 308 Testing for Software and Data Integrity Failures (NEW)
- SDT 309 Testing for Vulnerable and Outdated Components (NEW)
- SDT 310 Testing for Security Logging and Monitoring Failures (NEW)
- SDT 311 – Testing for Integer Overflow or Wraparound
- SDT 312 – Testing for (Path Traversal) Improper Limitation of a Pathname to a Restricted Directory
- SDT 313 – Testing for (CSRF) Cross Site Request Forgery
- SDT 314 – Testing for Unrestricted Upload of File with Dangerous Type
- SDT 315 – Testing for Incorrect Permission Assignment for Critical Resource
- SDT 316- Testing for Use of Hard-Coded Credentials
- SDT 317 – Testing for Improper Control of Generation of Code
- SDT 318 – Testing for Insufficiently Protected Credentials
- SDT 319 – Testing for Out-of-bounds Read
- SDT 320 – Testing for Out-of-bounds Write
- SDT 321 – Testing for Uncontrolled Resource Consumption
- SDT 322 – Testing for Improper Privilege Management
- SDT 323 – Testing for Improper Input Validation
- SDT 324 – Testing for Improper Restriction of Operations within the Bounds of a Memory Buffer
- SDT 325 – Testing for NULL Pointer Dereference
- SDT 326 – Testing for Use After Free
- TST 301 – Infrastructure Penetration Testing
- TST 302 – Application Penetration Testing
- TST 303 – Penetration Testing for Google Cloud Platform
- TST 304 – Penetration Testing for AWS Cloud
- TST 305 – Penetration Testing for Azure Cloud
- TST 351 – Penetration Testing for TLS Vulnerabilities
- TST 352 – Penetration Testing for Injection Vulnerabilities
- TST 353 – Penetration Testing for SQL Injection
- TST 354 – Penetration Testing for Memory Corruption Vulnerabilities
- TST 355 – Penetration Testing for Authorization Vulnerabilities
- TST 356 – Penetration Testing for Cross-Site Scripting (XSS)
- TST 357 – Penetration Testing for Hardcoded Secrets
- TST 358 – Penetration Testing Wireless Networks
- TST 359 – Penetration Testing Network Infrastructure
- TST 360 – Penetration Testing for Authentication Vulnerabilities
Learning Path Details
Number of Courses: 75
Total Duration:
Total CPE Credits: