Overview
The Ethical Hacker Learning Path includes a variety of security courses geared towards individuals responsible for assessing systems and networks within the network environment and identifying where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. The curriculum provides a solid foundation of the skills needed to measure the effectiveness of defense-in-depth architecture against known vulnerabilities and verify and improve the security of a company’s computer systems.
After completing this learning path learners will have the knowledge and skills necessary to:
- Analyze cyber defense policies and configurations
- Evaluate compliance with regulations and organizational directives
- Conduct and/or support authorized penetration testing on enterprise network assets
- Deploy cyber defense audit toolkit to support cyber defense audit missions
- Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing
- Prepare audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions
- Conduct required reviews as appropriate within an environment
- Perform evaluation of technology and of people and operations risk
- Perform vulnerability assessments of relevant technology focus areas
- Make recommendations regarding the selection of cost-effective security controls to mitigate risk
Courses
- AWA 101 – Fundamentals of Application Security (UPDATED)
- AWA 102 – Secure Software Concepts (UPDATED)
- COD 141 – Fundamentals of Database Security
- DES 101 – Fundamentals of Secure Architecture
- ENG 110 – Essential Account Management Security
- ENG 114 – Essential Risk Assessment
- ENG 118 – Essential Incident Response
- ENG 120 – Essential Security Assessment & Authorization
- ENG 150 – Meeting Confidentiality, Integrity, and Availability
- ENG 151 – Fundamentals of Privacy Protection
- ENG 191 – Introduction to the Microsoft SDL
- LAB 111 – Identifying Server-Side Request Forgery
- LAB 120 – Identifying XML Injection
- LAB 124 – Identifying Horizontal Privilege Escalation
- LAB 125 – Identifying Buffer Overflow
- LAB 126 – Identifying Information Leakage
- LAB 127 – Identifying Security Logging and Monitoring Failures
- LAB 128 – Identifying Unverified Password Change
- LAB 129 – Identifying Error Message Containing Sensitive Information
- LAB 130 – Identifying Generation of Predictable Numbers or Identifiers
- LAB 133 – Identifying Exposure of Sensitive Information Through Environmental Variables (NEW)
- LAB 134 – Identifying Plaintext Storage of a Password (NEW)
- LAB 135 – Identifying URL Redirection to Untrusted Site (NEW)
- LAB 136 – Identifying Improper Neutralization of Script in Attributes in a Web Page (NEW)
Overview
The Ethical Hacker Learning Path includes a variety of security courses geared towards individuals responsible for assessing systems and networks within the network environment and identifying where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. The curriculum provides a solid foundation of the skills needed to measure the effectiveness of defense-in-depth architecture against known vulnerabilities and verify and improve the security of a company’s computer systems.
After completing this learning path learners will have the knowledge and skills necessary to:
- Analyze cyber defense policies and configurations
- Evaluate compliance with regulations and organizational directives
- Conduct and/or support authorized penetration testing on enterprise network assets
- Deploy cyber defense audit toolkit to support cyber defense audit missions
- Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing
- Prepare audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions
- Conduct required reviews as appropriate within an environment
- Perform evaluation of technology and of people and operations risk
- Perform vulnerability assessments of relevant technology focus areas
- Make recommendations regarding the selection of cost-effective security controls to mitigate risk
Courses
- ATK 201 – Using the MITRE ATT&CK Framework
- COD 249 – PCI DSS Requirement 11: Regularly Test Security Systems and Processes (UPDATED)
- COD 261 – Threats to Scripts
- COD 262 – Fundamentals of Shell and Interpreted Language Security
- COD 287 – Java Application Server Hardening
- CYB 211 – Identifying and Protecting Assets Against Ransomware
- DES 203 – Cryptographic Components: Randomness, Algorithms, and Key Management
- DES 206 – Meeting Cloud Governance and Compliance Requirements
- DES 210 – Hardening Linux/Unix Systems
- DES 212 – Architecture Risk Analysis & Remediation
- DES 214 – Securing Infrastructure Architecture
- DES 215 – Defending Infrastructure
- DES 216 – Protecting Cloud Infrastructure
- DES 217 – Securing Terraform Infrastructure and Resources
- DES 218 – Protecting Microservices, Containers, and Orchestration
- DES 232 – Mitigating OWASP 2021 Injection
- DES 233 – Mitigating OWASP 2021 Identification and Authentication Failures
- DES 234 – Mitigating OWASP 2021 Cryptographic Failures
- DES 235 – Mitigating OWASP 2021 Insecure Design
- DES 236 – Mitigating OWASP 2021 Broken Access Control
- DES 237 – Mitigating OWASP 2021 Security Misconfiguration
- DES 238 – Mitigating OWASP 2021 Server-Side Request Forgery (SSRF)
- DES 239 – Mitigating OWASP 2021 Software and Data Integrity Failures
- DES 240 – Mitigating OWASP 2021 Vulnerable and Outdated Components
- DES 241 – Mitigating OWASP 2021 Security Logging and Monitoring Failures
- DES 272 – OWASP M2: Mitigating Insecure Data Storage
- DES 282 – OWASP IoT2: Mitigating Insecure Network Services
- DES 288 – OWASP IoT8: Mitigating Lack of Device Management
- DES 289 – OWASP IoT9: Mitigating Insecure Default Settings
- DSO 205 – Securing the COTS Supply Chain
- DSO 206 – Securing the Open Source Supply Chain
- DSO 211 – Identifying Threats to Containers in a DevSecOps Framework
- ENG 205 – Fundamentals of Threat Modeling
- ENG 211 – How to Create Application Security Design Requirements
- ENG 251 – Risk Management Foundations
- LAB 101 – Identifying Broken Access Control Vulnerabilities
- LAB 102 – Identifying Broken Object-Level Authorization Vulnerabilities
- LAB 103 – Identifying Broken User Authentication Vulnerabilities
- LAB 104 – Identifying Business Logic Flaw Vulnerabilities
- LAB 105 – Identifying Credential Dumping: Vulnerability Identification
- LAB 106 – Identifying Cross-Site Scripting Vulnerabilities
- LAB 107 – Identifying Injection Vulnerabilities
- LAB 108 – Identifying Reverse Engineering Vulnerabilities
- LAB 109 – Identifying Security Misconfiguration Vulnerabilities
- LAB 110 – Identifying Sensitive Data Exposure Vulnerability Identification
- LAB 113 – Identifying Cryptographic Failures
- LAB 114 – Identifying Cookie Tampering
- LAB 115 – Identifying Reflective XSS
- LAB 116 – Identifying Forceful Browsing
- LAB 117 – Identifying Hidden Form Field
- LAB 118 – Identifying Weak File Upload Validation
- LAB 119 – Identifying Persistent XSS
- LAB 121 – Identifying Vulnerable and Outdate Components
- LAB 122 – Identifying Insecure APIs
- LAB 123 – Identifying Vertical Privilege Escalation
- TST 202 – Penetration Testing Fundamentals
- TST 205 – Performing Vulnerability Scans
Overview
The Ethical Hacker Learning Path includes a variety of security courses geared towards individuals responsible for assessing systems and networks within the network environment and identifying where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. The curriculum provides a solid foundation of the skills needed to measure the effectiveness of defense-in-depth architecture against known vulnerabilities and verify and improve the security of a company’s computer systems.
After completing this learning path learners will have the knowledge and skills necessary to:
- Analyze cyber defense policies and configurations
- Evaluate compliance with regulations and organizational directives
- Conduct and/or support authorized penetration testing on enterprise network assets
- Deploy cyber defense audit toolkit to support cyber defense audit missions
- Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing
- Prepare audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions
- Conduct required reviews as appropriate within an environment
- Perform evaluation of technology and of people and operations risk
- Perform vulnerability assessments of relevant technology focus areas
- Make recommendations regarding the selection of cost-effective security controls to mitigate risk
Courses
- CYB 250 – Cyber Threat Hunting: Tactics, Techniques, and Procedures (TTP)
- CYB 301 – Fundamentals of Ethical Hacking
- DES 305 – Protecting Existing Blockchain Assets
- DES 306 – Creating a Secure Blockchain Network
- DSO 303 – Automating Security Updates
- DSO 304 – Securing API Gateways in a DevSecOps Framework
- ENG 311 – Attack Surface Analysis & Reduction
- ENG 351 – Preparing the Risk Management Framework
- ENG 352 – Categorizing Systems and Information within the RMF
- ENG 353 – Selecting, Implementing and Assessing Controls within the RMF
- ENG 354 – Authorizing and Monitoring System Controls within the RMF
- LAB 310 ATT&CK: File and Directory Permissions Modification (NEW)
- LAB 311 ATT&CK: File and Directory Discovery (NEW)
- LAB 315 ATT&CK: Updating Vulnerable Java Web Application Server Software
- LAB 321 ATT&CK: Password Cracking
- LAB 322 ATT&CK: Exploiting Windows File Sharing Server with External Remote Services
- LAB 323 ATT&CK: Exploiting Vulnerable Java Web Application Server Software
- LAB 324 ATT&CK: Exploiting Java Web Application Server Misconfiguration
- LAB 330 ATT&CK: Exploiting Java SQL Injection to Extract Password Hashes
- LAB 331 ATT&CK: Network Service Discovery
- LAB 332 ATT&CK: Network Share Discovery
- LAB 334 ATT&CK: Create Account
- LAB 335 ATT&CK: Unsecured Credentials
- LAB 336 ATT&CK: Data from Local System
- LAB 337 ATT&CK: Valid Accounts
- SDT 301 – Testing for Injection
- SDT 302 – Testing for Identification and Authentication Failures
- SDT 303 – Testing for Cryptographic Failures
- SDT 304 – Testing for Insecure Design
- SDT 305 – Testing for Broken Access Control
- SDT 306 – Testing for Security Misconfiguration
- SDT 307 – Testing for Server-Side Request Forgery (SSRF)
- SDT 308 – Testing for Software and Data Integrity Failures
- SDT 309 – Testing for Vulnerable and Outdated Components
- SDT 310 – Testing for Security Logging and Monitoring Failures
- SDT 321 – Testing for Uncontrolled Resource Consumption
- TST 301 – Infrastructure Penetration Testing
- TST 302 – Application Penetration Testing
- TST 303 – Penetration Testing for Google Cloud Platform
- TST 304 – Penetration Testing for AWS Cloud
- TST 305 – Penetration Testing for Azure Cloud
- TST 351 – Penetration Testing for TLS Vulnerabilities
- TST 352 – Penetration Testing for Injection Vulnerabilities
- TST 353 – Penetration Testing for SQL Injection
- TST 354 – Penetration Testing for Memory Corruption Vulnerabilities
- TST 355 – Penetration Testing for Authorization Vulnerabilities
- TST 356 – Penetration Testing for Cross-Site Scripting (XSS)
- TST 357 – Penetration Testing for Hardcoded Secrets
- TST 358 – Penetration Testing Wireless Networks
- TST 359 – Penetration Testing Network Infrastructure
- TST 360 – Penetration Testing for Authentication Vulnerabilities
Overview
- LAB 102 – Identifying Broken Object-Level Authorization Vulnerabilities
- LAB 104 – Identifying Business Logic Flaw Vulnerabilities
- LAB 105 – Identifying Credential Dumping: Vulnerability Identification
- LAB 108 – Identifying Reverse Engineering Vulnerabilities
- LAB 114 – Identifying Cookie Tampering
- LAB 116 – Identifying Forceful Browsing
- LAB 117 – Identifying Hidden Form Field
- LAB 118 – Identifying Weak File Upload Validation
- LAB 122 – Identifying Insecure APIs
- LAB 123 – Identifying Vertical Privilege Escalation
- LAB 315 ATT&CK: Updating Vulnerable Java Web Application Server Software
- LAB 321 ATT&CK: Password Cracking
- LAB 322 ATT&CK: Exploiting Windows File Sharing Server with External Remote Services
- LAB 323 ATT&CK: Exploiting Vulnerable Java Web Application Server Software
- LAB 324 ATT&CK: Exploiting Java Web Application Server Misconfiguration
- LAB 330 ATT&CK: Exploiting Java SQL Injection to Extract Password Hashes
- LAB 331 ATT&CK: Network Service Discovery
- LAB 332 ATT&CK: Network Share Discovery
- LAB 334 ATT&CK: Create Account
- LAB 335 ATT&CK: Unsecured Credentials
- LAB 336 ATT&CK: Data from Local System
- LAB 337 ATT&CK: Valid Accounts
Learning Path Details
Number of Courses: 74
Number of Labs: 41
Total Duration: 26 Hours
Total CPE Credits: 31