Overview
The Information Security Specialist learning path includes a variety of security courses that will vary depending on whether you are seeking core, advanced or elite paths. It is designed for those responsible for protecting systems, defining access privileges, control structures, and resources.
The Information Security Specialist learning path helps build the skills required to identify, protect, detect, and recover from risks, vulnerabilities, and threats to the security of information and/or data.
- AWA 101 – Fundamentals of Application Security
- AWA 102 – Secure Software Concepts (UPDATED)
- COD 141 – Fundamentals of Database Security
- DES 151 – Fundamentals of the PCI Secure SLC Standard
- ENG 110 – Essential Account Management Security
- ENG 111 – Essential Session Management Security
- ENG 112 – Essential Access Control for Mobile Devices
- ENG 113 – Essential Secure Configuration Management
- ENG 114 – Essential Risk Assessment
- ENG 115 – Essential System & Information Integrity
- ENG 116 – Essential Security Planning Policy & Procedures
- ENG 117 – Essential Information Security Program Planning
- ENG 118 – Essential Incident Response
- ENG 119 – Essential Security Audit & Accountability
- ENG 120 – Essential Security Assessment & Authorization
- ENG 121 – Essential Identification & Authentication
- ENG 122 – Essential Physical & Environmental Protection
- ENG 123 – Essential Security Engineering Principles
- ENG 124 – Essential Application Protection
- ENG 125 – Essential Data Protection
- ENG 126 – Essential Security Maintenance Policies
- ENG 127 – Essential Media Protection
- ENG 151 – Fundamentals of Privacy Protection
- LAB 120 Identifying XML Injection (NEW)
- TST 101 – Fundamentals of Security Testing
- API 210 Mitigating APIs Lack of Resources & Rate Limiting (NEW)
- API 211 Mitigating APIs Broken Object Level Authorization (NEW)
- API 213 Mitigating APIs Mass Assignment
- API 214 Mitigating APIs Improper Asset Management
- COD 241 – Creating Secure Oracle DB Applications
- COD 242 – Creating Secure SQL Server & Azure SQL DB Applications
- COD 246 – PCI DSS 3: Protecting Stored Cardholder Data
- COD 247 – PCI DSS 4: Encrypting Transmission of Cardholder Data
- COD 248 – PCI DSS 6: Develop and Maintain Secure Systems and Applications
- COD 249 – PCI DSS 11: Regularly Test Security Systems and Processes
- COD 256 – Creating Secure Code: Ruby on Rails Foundations
- COD 261 – Threats to Scripts
- DES 206 – Meeting Cloud Governance and Compliance Requirements
- DES 207 – Mitigating OWASP API Security Top 10
- DES 208 – Defending Against the CSA Top 11 Threats to Cloud Computing
- DES 212 – Architecture Risk Analysis & Remediation
- DES 217 – Securing Terraform Infrastructure and Resources
- DES 234 – Mitigating OWASP 2021 Cryptographic Failures (NEW)
- DES 235 Mitigating OWASP 2021 Insecure Design (NEW)
- DES 238 Mitigating OWASP 2021 Server-Side Request Forgery (SSRF) (NEW)
- DES 239 Mitigating OWASP 2021 Software and Data Integrity Failures (NEW)
- DES 271 – OWASP M1: Mitigating Improper Platform Usage
- DES 272 – OWASP M2: Mitigating Insecure Data Storage
- DES 273 – OWASP M3: Mitigating Insecure Communication
- DES 274 – OWASP M4: Mitigating Insecure Authentication
- DES 275 – OWASP M5: Mitigating Insufficient Cryptography
- DES 276 – OWASP M6: Mitigating Insecure Authorization
- DES 277 – OWASP M7: Mitigating Client Code Quality
- DES 278 – OWASP M8: Mitigating Code Tampering
- DES 279 – OWASP M9: Mitigating Reverse Engineering
- DES 280 – OWASP M10: Mitigating Extraneous Functionality
- DSO 212 Fundamentals of Zero Trust Security (NEW)
- ENG 205 – Fundamentals of Threat Modeling
- ENG 211 – How to Create Application Security Design Requirements
- ENG 212 – Implementing Secure Software Operations
- LAB 114 Identifying Cookie Tampering (NEW)
- LAB 115 Identifying Reflective XSS (NEW)
- LAB 116 Identifying Forceful Browsing (NEW)
- LAB 117 Identifying Hidden Form Field (NEW)
- LAB 118 Identifying Weak File Upload Validation (NEW)
- LAB 119 Identifying Persistent XSS (NEW)
- TST 206 – ASVS Requirements for Developers
- CYB 250 Cyber Threat Hunting: Tactics, Techniques, and Procedures (TTP)
- DES 313 Hardening a Kubernetes Cluster (NEW)
- DES 314 Hardening the Docker Engine
- ENG 311 – Attack Surface Analysis & Reduction
- ENG 312 – How to Perform a Security Code Review
- LAB 315 ATT&CK: Updating Vulnerable Java Web Application Server Software (NEW)
- LAB 321 ATT&CK: Password Cracking (NEW)
- LAB 322 ATT&CK: Exploiting Windows File Sharing Server with External Remote Services (NEW)
- LAB 323 ATT&CK: Exploiting Vulnerable Java Web Application Server Software (NEW)
- LAB 324 ATT&CK: Exploiting Java Web Application Server Misconfiguration (NEW)
- LAB 330 ATT&CK: Exploiting Java SQL Injection to Extract Password Hashes (NEW)
- LAB 331 ATT&CK: Network Service Discovery
- LAB 332 ATT&CK: Network Share Discovery
- LAB 334 ATT&CK: Create Account
- LAB 335 ATT&CK: Unsecured Credentials
- TST 303 – Penetration Testing for Google Cloud Platform
- TST 304 – Penetration Testing for AWS Cloud
- TST 305 – Penetration Testing for Azure Cloud
Learning Path Details
Number of Courses: 86
Number of Labs: 23
Total Duration: 18 hours
Total CPE Credits: 22