Overview
The Quality Assurance (QA)/Test Engineer learning path includes a variety of security courses that will vary depending on whether you are seeking core, advanced or elite paths. It is designed for those responsible for assessing and testing the quality of specifications and technical design.
- AWA 101 – Fundamentals of Application Security
- AWA 102 – Secure Software Concepts (UPDATE PENDING)
- DES 101 – Fundamentals of Secure Architecture
- ENG 114 – Essential Risk Assessment
- ENG 123 – Essential Security Engineering Principles
- LAB 111 Identifying Server-Side Request Forgery (COMING SOON)
- LAB 120 Identifying XML Injection (NEW)
- LAB 124 Identifying Horizontal Privilege Escalation (COMING SOON)
- LAB 125 Identifying Buffer Overflow (COMING SOON)
- LAB 126 Identifying Information Leakage (COMING SOON)
- TST 101 – Fundamentals of Security Testing
- API 210 Mitigating APIs Lack of Resources & Rate Limiting (COMING SOON)
- API 211 Mitigating APIs Broken Object Level Authorization (COMING SOON)
- ATK 201 – Using the MITRE ATT&CK Framework
- DES 202 – Cryptographic Suite Services: Encoding, Encrypting & Hashing
- DES 203 – Cryptographic Components: Randomness, Algorithms, and Key Management
- DES 204 – Role of Cryptography in Application Development
- DES 205 – Message Integrity Cryptographic Functions
- DES 209 Authentication and Lifecycle Management (COMING SOON)
- DES 212 – Architecture Risk Analysis & Remediation
- DES 214 – Securing Infrastructure Architecture
- DES 215 – Defending Infrastructure
- DES 216 – Protecting Cloud Infrastructure
- DES 218 – Protecting Microservices, Containers, and Orchestration
- DES 222 – Applying OWASP 2017: Mitigating Injection
- DES 223 – Applying OWASP 2017: Mitigating Broken Authentication
- DES 224 – Applying OWASP 2017: Mitigating Sensitive Data Exposure
- DES 225 – Applying OWASP 2017: Mitigating XML External Entities
- DES 226 – Applying OWASP 2017: Mitigating Broken Access Control
- DES 227 – Applying OWASP 2017: Mitigating Security Misconfiguration
- DES 228 – Applying OWASP 2017: Mitigating Cross Site Scripting (XSS)
- DES 229 – Applying OWASP 2017: Mitigating Insecure Deserialization
- DES 230 – Applying OWASP 2017: Mitigating Use of Components with Known Vulnerabilities
- DES 231 – Applying OWASP 2017: Mitigating Insufficient Logging & Monitoring Vulnerabilities
- DES 232 – Mitigating OWASP 2021 Injection (NEW)
- DES 233 – Mitigating OWASP 2021 Identification and Authentication Failures (NEW)
- DES 234 – Mitigating OWASP 2021 Cryptographic Failures (NEW)
- DES 235 Mitigating OWASP 2021 Insecure Design (NEW)
- DES 236 Mitigating OWASP 2021 Broken Access Control (NEW)
- DES 237 Mitigating OWASP 2021 Security Misconfiguration (NEW)
- DES 238 Mitigating OWASP 2021 Server-Side Request Forgery (SSRF) (NEW)
- DES 239 Mitigating OWASP 2021 Software and Data Integrity Failures (NEW)
- DES 240 Mitigating OWASP 2021 Vulnerable and Outdated Components (NEW)
- DES 241 Mitigating OWASP 2021 Security Logging and Monitoring Failures (NEW)
- DSO 212 Fundamentals of Zero Trust Security (COMING SOON)
- ENG 205 – Fundamentals of Threat Modeling
- ENG 211 – How to Create Application Security Design Requirements
- LAB 101 – Identifying Broken Access Control Vulnerabilities
- LAB 102 – Identifying Broken Object-Level Authorization Vulnerabilities
- LAB 103 – Identifying Broken User Authentication Vulnerabilities
- LAB 104 – Identifying Business Logic Flaw Vulnerabilities
- LAB 105 – Identifying Credential Dumping: Vulnerability Identification
- LAB 106 – Identifying Cross-Site Scripting Vulnerabilities
- LAB 107 – Identifying Injection Vulnerabilities
- LAB 108 – Identifying Reverse Engineering Vulnerabilities
- LAB 109 – Identifying Security Misconfiguration Vulnerabilities
- LAB 110 – Identifying Sensitive Data Exposure Vulnerability Identification
- LAB 113 Identifying Cryptographic Failures (NEW)
- LAB 114 Identifying Cookie Tampering (NEW)
- LAB 115 Identifying Reflective XSS (NEW)
- LAB 116 Identifying Forceful Browsing (NEW)
- LAB 117 Identifying Hidden Form Field (NEW)
- LAB 118 Identifying Weak File Upload Validation (NEW)
- LAB 119 Identifying Persistent XSS (NEW)
- LAB 121 Identifying Vulnerable and Outdate Components (NEW)
- LAB 122 Identifying Insecure APIs (NEW)
- LAB 123 Identifying Vertical Privilege Escalation (NEW)
- TST 202 – Penetration Testing Fundamentals
- TST 205 – Performing Vulnerability Scans
- COD 370- Testing for OWASP 2017: Injection
- COD 371 – Testing for OWASP 2017: Broken Authentication
- COD 372 – Testing for OWASP 2017: Sensitive Data Exposure
- COD 373 – Testing for OWASP 2017: XML External Entities
- COD 374 – Testing for OWASP 2017: Broken Access Control
- COD 375 – Testing for OWASP 2017: Security Misconfiguration
- COD 376 – Testing for OWASP 2017: Cross Site Scripting (XSS)
- COD 377 – Testing for OWASP 2017: Insecure Deserialization
- COD 378 – Testing for OWASP 2017: Use of Components with Known Vulnerabilities
- COD 379 – Testing for OWASP 2017: Insufficient Logging & Monitoring
- CYB 301 – Fundamentals of Ethical Hacking
- DES 311 – Creating Secure Application Architecture
- DSO 302- Automated Security Testing
- ENG 312 – How to Perform a Security Code Review
- LAB 315 ATT&CK: Updating Vulnerable Java Web Application Server Software (NEW)
- LAB 321 ATT&CK: Password Cracking (NEW)
- LAB 322 ATT&CK: Exploiting Windows File Sharing Server with External Remote Services (NEW)
- LAB 323 ATT&CK: Exploiting Vulnerable Java Web Application Server Software (NEW)
- LAB 324 ATT&CK: Exploiting Java Web Application Server Misconfiguration (NEW)
- LAB 330 ATT&CK: Exploiting Java SQL Injection to Extract Password Hashes (NEW)
- SDT 301 Testing for Injection (NEW)
- SDT 302 Testing for Identification and Authentication Failures (NEW)
- SDT 303 Testing for Cryptographic Failures (NEW)
- SDT 304 Testing for Insecure Design (NEW)
- SDT 305 Testing for Broken Access Control (NEW)
- SDT 306 Testing for Security Misconfiguration (NEW)
- SDT 307 Testing for Server-Side Request Forgery (SSRF) (NEW)
- SDT 308 Testing for Software and Data Integrity Failures (NEW)
- SDT 309 Testing for Vulnerable and Outdated Components (NEW)
- SDT 310 Testing for Security Logging and Monitoring Failures (NEW)
- SDT 311 – Testing for Integer Overflow or Wraparound
- SDT 312 – Testing for (Path Traversal) Improper Limitation of a Pathname to a Restricted Directory
- SDT 313 – Testing for (CSRF) Cross Site Request Forgery
- SDT 314 – Testing for Unrestricted Upload of File with Dangerous Type
- SDT 315 – Testing for Incorrect Permission Assignment for Critical Resource
- SDT 316- Testing for Use of Hard-Coded Credentials
- SDT 317 – Testing for Improper Control of Generation of Code
- SDT 318 – Testing for Insufficiently Protected Credentials
- SDT 319 – Testing for Out-of-bounds Read
- SDT 320 – Testing for Out-of-bounds Write
- SDT 321 – Testing for Uncontrolled Resource Consumption
- SDT 322 – Testing for Improper Privilege Management
- SDT 323 – Testing for Improper Input Validation
- SDT 325 – Testing for NULL Pointer Dereference
- SDT 326 – Testing for Use After Free
- TST 351 – Penetration Testing for TLS Vulnerabilities
- TST 352 – Penetration Testing for Injection Vulnerabilities
- TST 353 – Penetration Testing for SQL Injection
- TST 354 – Penetration Testing for Memory Corruption Vulnerabilities
- TST 355 – Penetration Testing for Authorization Vulnerabilities
- TST 356 – Penetration Testing for Cross-Site Scripting (XSS)
- TST 357 – Penetration Testing for Hardcoded Secrets
- TST 358 – Penetration Testing Wireless Networks
- TST 359 – Penetration Testing Network Infrastructure
- TST 360 – Penetration Testing for Authentication Vulnerabilities
Learning Path Details
Number of Courses: 124
Total Duration: 23 hours
Total CPE Credits: 28