Overview
- AWA 101 – Fundamentals of Application Security
- AWA 102 – Secure Software Concepts (UPDATED)
- COD 102 – The Role of Software Security
- COD 103 – Creating Software Security Requirements
- COD 104 – Designing Secure Software
- COD 105 – Secure Software Development (UPDATED)
- COD 106 – The Importance of Software Integration and Testing
- COD 107 – Secure Software Deployment
- COD 108 – Software Operations and Maintenance
- COD 141 – Fundamentals of Database Security
- COD 152 – Fundamentals of Secure Cloud Development
- DES 101 – Fundamentals of Secure Architecture
- DES 151 – Fundamentals of the PCI Secure SLC Standard
- ENG 110 – Essential Account Management Security
- ENG 111 – Essential Session Management Security
- ENG 112 – Essential Access Control for Mobile Devices
- ENG 113 – Essential Secure Configuration Management
- ENG 114 – Essential Risk Assessment
- ENG 115 – Essential System & Information Integrity
- ENG 116 – Essential Security Planning Policy & Procedures
- ENG 117 – Essential Information Security Program Planning
- ENG 118 – Essential Incident Response
- ENG 119 – Essential Security Audit & Accountability
- ENG 120 – Essential Security Assessment & Authorization
- ENG 121 – Essential Identification & Authentication
- ENG 122 – Essential Physical & Environmental Protection
- ENG 123 – Essential Security Engineering Principles
- ENG 124 – Essential Application Protection
- ENG 125 – Essential Data Protection
- ENG 126 – Essential Security Maintenance Policies
- ENG 127 – Essential Media Protection
- ENG 150 – Meeting Confidentiality, Integrity, and Availability
- ENG 151 – Fundamentals of Privacy Protection
- ENG 191 – Introduction to the Microsoft SDL
- ENG 192- Implementing the Agile Microsoft SDL
- ENG 193 – Implementing the Microsoft SDL Optimization Model
- ENG 194 – Implementing Microsoft SDL Line of Business
- ENG 195 – Implementing the Microsoft SDL Threat Modeling Tool
- LAB 111 Identifying Server-Side Request Forgery (NEW)
- LAB 120 Identifying XML Injection (NEW)
- LAB 124 Identifying Horizontal Privilege Escalation (NEW)
- LAB 125 Identifying Buffer Overflow (NEW)
- LAB 126 Identifying Information Leakage (NEW)
- TST 101 – Fundamentals of Security Testing
- API 210 Mitigating APIs Lack of Resources & Rate Limiting (NEW)
- API 211 Mitigating APIs Broken Object Level Authorization (NEW)
- ATK 201 – Using the MITRE ATT&CK Framework
- COD 241 – Creating Secure Oracle DB Applications
- COD 242 – Creating Secure SQL Server & Azure SQL DB Applications
- COD 246 – PCI DSS 3: Protecting Stored Cardholder Data
- COD 247 – PCI DSS 4: Encrypting Transmission of Cardholder Data
- COD 248 – PCI DSS 6: Develop and Maintain Secure Systems and Applications
- COD 249 – PCI DSS 11: Regularly Test Security Systems and Processes
- COD 252 – Securing Google Platform Applications & Data
- COD 256 – Creating Secure Code: Ruby on Rails Foundations
- COD 261 – Threats to Scripts
- COD 262 – Fundamentals of Shell and Interpreted Language Security
- COD 287 – Java Application Server Hardening
- DES 203 – Cryptographic Components: Randomness, Algorithms, and Key Management
- DES 204 – Role of Cryptography in Application Development
- DES 206 – Meeting Cloud Governance and Compliance Requirements
- DES 207 – Mitigating OWASP API Security Top 10
- DES 208 – Defending Against the CSA Top 11 Threats to Cloud Computing
- DES 210 – Hardening Linux/Unix Systems
- DES 212 – Architecture Risk Analysis & Remediation
- DES 214 – Securing Infrastructure Architecture
- DES 215 – Defending Infrastructure
- DES 216 – Protecting Cloud Infrastructure
- DES 217 – Securing Terraform Infrastructure and Resources
- DES 218 – Protecting Microservices, Containers, and Orchestration
- DES 232 – Mitigating OWASP 2021 Injection (NEW)
- DES 233 – Mitigating OWASP 2021 Identification and Authentication Failures (NEW)
- DES 234 – Mitigating OWASP 2021 Cryptographic Failures (NEW)
- DES 235 Mitigating OWASP 2021 Insecure Design (NEW)
- DES 236 Mitigating OWASP 2021 Broken Access Control (NEW)
- DES 237 Mitigating OWASP 2021 Security Misconfiguration (NEW)
- DES 238 Mitigating OWASP 2021 Server-Side Request Forgery (SSRF) (NEW)
- DES 239 Mitigating OWASP 2021 Software and Data Integrity Failures (NEW)
- DES 240 Mitigating OWASP 2021 Vulnerable and Outdated Components (NEW)
- DES 241 Mitigating OWASP 2021 Security Logging and Monitoring Failures (NEW)
- DES 255 – Securing the IoT Update Process
- DES 260 – Fundamentals of IoT Architecture & Design
- DES 271 – OWASP M1: Mitigating Improper Platform Usage
- DES 272 – OWASP M2: Mitigating Insecure Data Storage
- DES 273 – OWASP M3: Mitigating Insecure Communication
- DES 274 – OWASP M4: Mitigating Insecure Authentication
- DES 275 – OWASP M5: Mitigating Insufficient Cryptography
- DES 276 – OWASP M6: Mitigating Insecure Authorization
- DES 277 – OWASP M7: Mitigating Client Code Quality
- DES 278 – OWASP M8: Mitigating Code Tampering
- DES 279 – OWASP M9: Mitigating Reverse Engineering
- DES 280 – OWASP M10: Mitigating Extraneous Functionality
- DES 282 – OWASP IoT2: Mitigating Insecure Network Services
- DES 288 – OWASP IoT8: Mitigating Lack of Device Management
- DES 289 – OWASP IoT9: Mitigating Insecure Default Settings
- DSO 201 – Fundamentals of Secure DevOps
- DSO 205 – Securing the COTS Supply Chain
- DSO 206 – Securing the Open Source Supply Chain
- DSO 211 – Identifying Threats to Containers in a DevSecOps Framework
- DSO 212 Fundamentals of Zero Trust Security (NEW)
- DSO 256 – DevSecOps in the Google Cloud Platform
- ENG 205 – Fundamentals of Threat Modeling
- ENG 211 – How to Create Application Security Design Requirements
- ENG 212 – Implementing Secure Software Operations
- ENG 251 – Risk Management Foundations
- LAB 101 – Identifying Broken Access Control Vulnerabilities
- LAB 102 – Identifying Broken Object-Level Authorization Vulnerabilities
- LAB 103 – Identifying Broken User Authentication Vulnerabilities
- LAB 104 – Identifying Business Logic Flaw Vulnerabilities
- LAB 105 – Identifying Credential Dumping: Vulnerability Identification
- LAB 106 – Identifying Cross-Site Scripting Vulnerabilities
- LAB 107 – Identifying Injection Vulnerabilities
- LAB 108 – Identifying Reverse Engineering Vulnerabilities
- LAB 109 – Identifying Security Misconfiguration Vulnerabilities
- LAB 110 – Identifying Sensitive Data Exposure Vulnerability Identification
- LAB 113 Identifying Cryptographic Failures (NEW)
- LAB 114 Identifying Cookie Tampering (NEW)
- LAB 115 Identifying Reflective XSS (NEW)
- LAB 116 Identifying Forceful Browsing (NEW)
- LAB 117 Identifying Hidden Form Field (NEW)
- LAB 118 Identifying Weak File Upload Validation (NEW)
- LAB 119 Identifying Persistent XSS (NEW)
- LAB 121 Identifying Vulnerable and Outdate Components (NEW)
- LAB 122 Identifying Insecure APIs (NEW)
- LAB 123 Identifying Vertical Privilege Escalation (NEW)
- TST 202 – Penetration Testing Fundamentals
- TST 205 – Performing Vulnerability Scans
- TST 206 – ASVS Requirements for Developers
- CYB 301 – Fundamentals of Ethical Hacking
- DES 305 – Protecting Existing Blockchain Assets
- DES 306 – Creating a Secure Blockchain Network
- DES 311 – Creating Secure Application Architecture
- DES 313 Hardening a Kubernetes Cluster (NEW)
- DSO 301 – Orchestrating Secure System and Service Configuration
- DSO 302- Automated Security Testing
- DSO 303 – Automating Security Updates
- DSO 304 – Securing API Gateways in a DevSecOps Framework
- DSO 305 – Automating CI/CD Pipeline Compliance
- ENG 311 – Attack Surface Analysis & Reduction
- ENG 312 – How to Perform a Security Code Review
- ENG 351 – Preparing the Risk Management Framework
- ENG 352 – Categorizing Systems and Information within the RMF
- ENG 353 – Selecting, Implementing and Assessing Controls within the RMF
- ENG 354 – Authorizing and Monitoring System Controls within the RMF
- LAB 315 ATT&CK: Updating Vulnerable Java Web Application Server Software (NEW)
- LAB 321 ATT&CK: Password Cracking (NEW)
- LAB 322 ATT&CK: Exploiting Windows File Sharing Server with External Remote Services (NEW)
- LAB 323 ATT&CK: Exploiting Vulnerable Java Web Application Server Software (NEW)
- LAB 324 ATT&CK: Exploiting Java Web Application Server Misconfiguration (NEW)
- LAB 330 ATT&CK: Exploiting Java SQL Injection to Extract Password Hashes (NEW)
- SDT 301 Testing for Injection (NEW)
- SDT 302 Testing for Identification and Authentication Failures (NEW)
- SDT 303 Testing for Cryptographic Failures (NEW)
- SDT 304 Testing for Insecure Design (NEW)
- SDT 305 Testing for Broken Access Control (NEW)
- SDT 306 Testing for Security Misconfiguration (NEW)
- SDT 307 Testing for Server-Side Request Forgery (SSRF) (NEW)
- SDT 308 Testing for Software and Data Integrity Failures (NEW)
- SDT 309 Testing for Vulnerable and Outdated Components (NEW)
- SDT 310 Testing for Security Logging and Monitoring Failures (NEW)
- SDT 321 – Testing for Uncontrolled Resource Consumption
- TST 301 – Infrastructure Penetration Testing
- TST 302 – Application Penetration Testing
- TST 303 – Penetration Testing for Google Cloud Platform
- TST 304 – Penetration Testing for AWS Cloud
- TST 305 – Penetration Testing for Azure Cloud
- TST 351 – Penetration Testing for TLS Vulnerabilities
- TST 352 – Penetration Testing for Injection Vulnerabilities
- TST 353 – Penetration Testing for SQL Injection
- TST 354 – Penetration Testing for Memory Corruption Vulnerabilities
- TST 355 – Penetration Testing for Authorization Vulnerabilities
- TST 356 – Penetration Testing for Cross-Site Scripting (XSS)
- TST 357 – Penetration Testing for Hardcoded Secrets
- TST 358 – Penetration Testing Wireless Networks
- TST 359 – Penetration Testing Network Infrastructure
- TST 360 – Penetration Testing for Authentication Vulnerabilities
Learning Path Details
Number of Courses: 3
Total Duration:
Total CPE Credits: