Embedded Test Engineer

Overview

The Embedded Test Engineer Learning Path includes a variety of security courses designed for those responsible for verifying and assuring the application security of embedded systems. The curriculum provides learners with a solid understanding of applied testing techniques and a well-rounded base of knowledge to perform their tasks. Learners will explore security best practices for conducting penetration tests and vulnerability assessment activities on embedded systems.

Courses

• ATK 201 – Using the MITRE ATT&CK Framework
• CYB 250 – Cyber Threat Hunting: Tactics, Techniques, and Procedures (TTP)
• DES 212 – Architecture Risk Analysis & Remediation
• DES 255 – Securing the IoT Update Process
• DES 260 – Fundamentals of IoT Architecture & Design
• ENG 205 – Fundamentals of Threat Modeling
• ENG 211 – How to Create Application Security Design Requirements
• ICS 210 – ICS/SCADA Security Essentials
• TST 202 – Penetration Testing Fundamentals

Overview

The Embedded Test Engineer Learning Path includes a variety of security courses designed for those responsible for verifying and assuring the application security of embedded systems. The curriculum provides learners with a solid understanding of applied testing techniques and a well-rounded base of knowledge to perform their tasks. Learners will explore security best practices for conducting penetration tests and vulnerability assessment activities on embedded systems.

Courses

• CYB 301 – Fundamentals of Ethical Hacking
• DSO 302 – Automated Security Testing
• ENG 312 – How to Perform a Security Code Review
• ICS 310 – Protecting Information and System Integrity in Industrial Control System Environments
• SDT 301 – Testing for Injection
• SDT 302 – Testing for Identification and Authentication Failures
• SDT 303 – Testing for Cryptographic Failures
• SDT 304 – Testing for Insecure Design
• SDT 305 – Testing for Broken Access Control
• SDT 306 – Testing for Security Misconfiguration
• SDT 307 – Testing for Server-Side Request Forgery (SSRF)
• SDT 308 – Testing for Software and Data Integrity Failures
• SDT 309 – Testing for Vulnerable and Outdated Components
• SDT 310 – Testing for Security Logging and Monitoring Failures
• SDT 311 – Testing for Integer Overflow or Wraparound
• SDT 312 – Testing for (Path Traversal) Improper Limitation of a Pathname to a Restricted Directory
• SDT 313 – Testing for (CSRF) Cross Site Request Forgery
• SDT 314 – Testing for Unrestricted Upload of File with Dangerous Type
• SDT 315 – Testing for Incorrect Permission Assignment for Critical Resource
• SDT 316 – Testing for Use of Hard-Coded Credentials
• SDT 317 – Testing for Improper Control of Generation of Code
• SDT 318 – Testing for Insufficiently Protected Credentials
• SDT 319 – Testing for Out-of-bounds Read
• SDT 320 – Testing for Out-of-bounds Write
• SDT 321 – Testing for Uncontrolled Resource Consumption
• SDT 322 – Testing for Improper Privilege Management
• SDT 323 – Testing for Improper Input Validation
• SDT 324 – Testing for Improper Restriction of Operations within the Bounds of a Memory Buffer
• SDT 325 – Testing for NULL Pointer Dereference
• SDT 326 – Testing for Use After Free
• TST 301 – Infrastructure Penetration Testing
• TST 302 – Application Penetration Testing
• TST 351 – Penetration Testing for TLS Vulnerabilities
• TST 352 – Penetration Testing for Injection Vulnerabilities
• TST 353 – Penetration Testing for SQL Injection
• TST 354 – Penetration Testing for Memory Corruption Vulnerabilities
• TST 355 – Penetration Testing for Authorization Vulnerabilities
• TST 356 – Penetration Testing for Cross-Site Scripting (XSS)
• TST 357 – Penetration Testing for Hardcoded Secrets
• TST 358 – Penetration Testing Wireless Networks
• TST 359 – Penetration Testing Network Infrastructure
• TST 360 – Penetration Testing for Authentication Vulnerabilities

Overview