Overview
The Ethical Hacker Learning Path includes a variety of security courses that will vary depending on whether you are seeking core, advanced or elite paths. This path is geared towards individuals responsible for assessing systems and networks within the network environment and identifying where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Courses provide a solid foundation of the skills needed to measure the effectiveness of defense-in-depth architecture against known vulnerabilities and verify and improve the security of a company’s computer systems.
This learning path provides the knowledge and skills necessary to:
- Analyze cyber defense policies and configurations
- Evaluate compliance with regulations and organizational directives
- Conduct and/or support authorized penetration testing on enterprise network assets
- Deploy cyber defense audit toolkit to support cyber defense audit missions
- Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing
- Prepare audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions
- Conduct required reviews as appropriate within an environment
- Perform evaluation of technology and of people and operations risk
- Perform vulnerability assessments of relevant technology focus areas
- Make recommendations regarding the selection of cost-effective security controls to mitigate risk
- AWA 101 – Fundamentals of Application Security
- AWA 102 – Secure Software Concepts (UPDATED)
- COD 141 – Fundamentals of Database Security
- DES 101 – Fundamentals of Secure Architecture
- ENG 110 – Essential Account Management Security
- ENG 114 – Essential Risk Assessment
- ENG 118 – Essential Incident Response
- ENG 120 – Essential Security Assessment & Authorization
- ENG 150 – Meeting Confidentiality, Integrity, and Availability
- ENG 151 – Fundamentals of Privacy Protection
- ENG 191 – Introduction to the Microsoft SDL
- LAB 111 Identifying Server-Side Request Forgery (NEW)
- LAB 120 Identifying XML Injection (NEW)
- LAB 124 Identifying Horizontal Privilege Escalation (NEW)
- LAB 125 Identifying Buffer Overflow (NEW)
- LAB 126 Identifying Information Leakage (NEW)
- LAB 127 Identifying Security Logging and Monitoring Failures
- LAB 128 Identifying Unverified Password Change
- LAB 129 Identifying Error Message Containing Sensitive Information
- LAB 130 Identifying Generation of Predictable Numbers or Identifiers
- ATK 201 – Using the MITRE ATT&CK Framework
- COD 249 – PCI DSS 11: Regularly Test Security Systems and Processes
- COD 261 – Threats to Scripts
- COD 262 – Fundamentals of Shell and Interpreted Language Security
- COD 287 – Java Application Server Hardening
- DES 203 – Cryptographic Components: Randomness, Algorithms, and Key Management
- DES 206 – Meeting Cloud Governance and Compliance Requirements
- DES 210 – Hardening Linux/Unix Systems
- DES 212 – Architecture Risk Analysis & Remediation
- DES 214 – Securing Infrastructure Architecture
- DES 215 – Defending Infrastructure
- DES 216 – Protecting Cloud Infrastructure
- DES 217 – Securing Terraform Infrastructure and Resources
- DES 218 – Protecting Microservices, Containers, and Orchestration
- DES 232 – Mitigating OWASP 2021 Injection (NEW)
- DES 233 – Mitigating OWASP 2021 Identification and Authentication Failures (NEW)
- DES 234 – Mitigating OWASP 2021 Cryptographic Failures (NEW)
- DES 235 Mitigating OWASP 2021 Insecure Design (NEW)
- DES 236 Mitigating OWASP 2021 Broken Access Control (NEW)
- DES 237 Mitigating OWASP 2021 Security Misconfiguration (NEW)
- DES 238 Mitigating OWASP 2021 Server-Side Request Forgery (SSRF) (NEW)
- DES 239 Mitigating OWASP 2021 Software and Data Integrity Failures (NEW)
- DES 240 Mitigating OWASP 2021 Vulnerable and Outdated Components (NEW)
- DES 241 Mitigating OWASP 2021 Security Logging and Monitoring Failures (NEW)
- DES 272 – OWASP M2: Mitigating Insecure Data Storage
- DES 282 – OWASP IoT2: Mitigating Insecure Network Services
- DES 288 – OWASP IoT8: Mitigating Lack of Device Management
- DES 289 – OWASP IoT9: Mitigating Insecure Default Settings
- DSO 205 – Securing the COTS Supply Chain
- DSO 206 – Securing the Open Source Supply Chain
- DSO 211 – Identifying Threats to Containers in a DevSecOps Framework
- ENG 205 – Fundamentals of Threat Modeling
- ENG 211 – How to Create Application Security Design Requirements
- ENG 251 – Risk Management Foundations
- LAB 101 – Identifying Broken Access Control Vulnerabilities
- LAB 102 – Identifying Broken Object-Level Authorization Vulnerabilities
- LAB 103 – Identifying Broken User Authentication Vulnerabilities
- LAB 104 – Identifying Business Logic Flaw Vulnerabilities
- LAB 105 – Identifying Credential Dumping: Vulnerability Identification
- LAB 106 – Identifying Cross-Site Scripting Vulnerabilities
- LAB 107 – Identifying Injection Vulnerabilities
- LAB 108 – Identifying Reverse Engineering Vulnerabilities
- LAB 109 – Identifying Security Misconfiguration Vulnerabilities
- LAB 110 – Identifying Sensitive Data Exposure Vulnerability Identification
- LAB 113 Identifying Cryptographic Failures (NEW)
- LAB 114 Identifying Cookie Tampering (NEW)
- LAB 115 Identifying Reflective XSS (NEW)
- LAB 116 Identifying Forceful Browsing (NEW)
- LAB 117 Identifying Hidden Form Field (NEW)
- LAB 118 Identifying Weak File Upload Validation (NEW)
- LAB 119 Identifying Persistent XSS (NEW)
- LAB 121 Identifying Vulnerable and Outdate Components (NEW)
- LAB 122 Identifying Insecure APIs (NEW)
- LAB 123 Identifying Vertical Privilege Escalation (NEW)
- TST 202 – Penetration Testing Fundamentals
- TST 205 – Performing Vulnerability Scans
- CYB 250 Cyber Threat Hunting: Tactics, Techniques, and Procedures (TTP)
- CYB 301 – Fundamentals of Ethical Hacking
- DES 305 – Protecting Existing Blockchain Assets
- DES 306 – Creating a Secure Blockchain Network
- DSO 303 – Automating Security Updates
- DSO 304 – Securing API Gateways in a DevSecOps Framework
- ENG 311 – Attack Surface Analysis & Reduction
- ENG 351 – Preparing the Risk Management Framework
- ENG 352 – Categorizing Systems and Information within the RMF
- ENG 353 – Selecting, Implementing and Assessing Controls within the RMF
- ENG 354 – Authorizing and Monitoring System Controls within the RMF
- LAB 315 ATT&CK: Updating Vulnerable Java Web Application Server Software (NEW)
- LAB 321 ATT&CK: Password Cracking (NEW)
- LAB 322 ATT&CK: Exploiting Windows File Sharing Server with External Remote Services (NEW)
- LAB 323 ATT&CK: Exploiting Vulnerable Java Web Application Server Software (NEW)
- LAB 324 ATT&CK: Exploiting Java Web Application Server Misconfiguration (NEW)
- LAB 330 ATT&CK: Exploiting Java SQL Injection to Extract Password Hashes (NEW)
- LAB 331 ATT&CK: Network Service Discovery
- LAB 332 ATT&CK: Network Share Discovery
- LAB 334 ATT&CK: Create Account
- LAB 335 ATT&CK: Unsecured Credentials
- SDT 301 Testing for Injection (NEW)
- SDT 302 Testing for Identification and Authentication Failures (NEW)
- SDT 303 Testing for Cryptographic Failures (NEW)
- SDT 304 Testing for Insecure Design (NEW)
- SDT 305 Testing for Broken Access Control (NEW)
- SDT 306 Testing for Security Misconfiguration (NEW)
- SDT 307 Testing for Server-Side Request Forgery (SSRF) (NEW)
- SDT 308 Testing for Software and Data Integrity Failures (NEW)
- SDT 309 Testing for Vulnerable and Outdated Components (NEW)
- SDT 310 Testing for Security Logging and Monitoring Failures (NEW)
- SDT 321 – Testing for Uncontrolled Resource Consumption
- TST 301 – Infrastructure Penetration Testing
- TST 302 – Application Penetration Testing
- TST 303 – Penetration Testing for Google Cloud Platform
- TST 304 – Penetration Testing for AWS Cloud
- TST 305 – Penetration Testing for Azure Cloud
- TST 351 – Penetration Testing for TLS Vulnerabilities
- TST 352 – Penetration Testing for Injection Vulnerabilities
- TST 353 – Penetration Testing for SQL Injection
- TST 354 – Penetration Testing for Memory Corruption Vulnerabilities
- TST 355 – Penetration Testing for Authorization Vulnerabilities
- TST 356 – Penetration Testing for Cross-Site Scripting (XSS)
- TST 357 – Penetration Testing for Hardcoded Secrets
- TST 358 – Penetration Testing Wireless Networks
- TST 359 – Penetration Testing Network Infrastructure
- TST 360 – Penetration Testing for Authentication Vulnerabilities
Learning Path Details
Number of Courses: 124
Number of Labs: 31
Total Duration: 23 Hours
Total CPE Credits: 27