Overview
The Information Security Specialist Learning Path includes a variety of courses designed for those responsible for protecting systems, defining access privileges, control structures, and resources. The curriculum helps build the skills required to identify, protect, detect, and recover from risks, vulnerabilities, and threats to the security of information and/or data.
Courses
- AWA 101 – Fundamentals of Application Security
- AWA 102 – Secure Software Concepts
- COD 141 – Fundamentals of Database Security
- DES 151 – Fundamentals of the PCI Secure SLC Standard
- ENG 110 – Essential Account Management Security
- ENG 111 – Essential Session Management Security
- ENG 112 – Essential Access Control for Mobile Devices
- ENG 113 – Essential Secure Configuration Management
- ENG 114 – Essential Risk Assessment
- ENG 115 – Essential System & Information Integrity
- ENG 116 – Essential Security Planning Policy & Procedures
- ENG 117 – Essential Information Security Program Planning
- ENG 118 – Essential Incident Response
- ENG 119 – Essential Security Audit & Accountability
- ENG 120 – Essential Security Assessment & Authorization
- ENG 121 – Essential Identification & Authentication
- ENG 122 – Essential Physical & Environmental Protection
- ENG 123 – Essential Security Engineering Principles
- ENG 124 – Essential Application Protection
- ENG 125 – Essential Data Protection
- ENG 126 – Essential Security Maintenance Policies
- ENG 127 – Essential Media Protection
- ENG 151 – Fundamentals of Privacy Protection
- TST 101 – Fundamentals of Security Testing
Overview
The Information Security Specialist Learning Path includes a variety of courses designed for those responsible for protecting systems, defining access privileges, control structures, and resources. The curriculum helps build the skills required to identify, protect, detect, and recover from risks, vulnerabilities, and threats to the security of information and/or data.
Courses
- API 210 – Mitigating APIs Lack of Resources & Rate Limiting
- API 211 – Mitigating APIs Broken Object Level Authorization
- API 213 – Mitigating APIs Mass Assignment
- API 214 – Mitigating APIs Improper Asset Management
- COD 241 – Creating Secure Oracle DB Applications
- COD 242 – Creating Secure SQL Server & Azure SQL DB Applications
- COD 246 – PCI DSS Requirement 3: Protecting Stored Cardholder Data
- COD 247 – PCI DSS Requirement 4: Encrypting Transmission of Cardholder Data
- COD 248 – PCI DSS Requirement 6: Develop and Maintain Secure Systems and Applications
- COD 249 – PCI DSS Requirement 11: Regularly Test Security Systems and Processes
- COD 256 – Creating Secure Code: Ruby on Rails Foundations
- COD 261 – Threats to Scripts
- COD 287 – Java Application Server Hardening (UPDATED)
- COD 288 – Java Public Key Cryptography (NEW)
- CYB 210 – Cybersecurity Incident Response
- CYB 211 – Identifying and Protecting Assets Against Ransomware
- CYB 212 – Fundamentals of Security Information & Event Management (SIEM)
- CYB 250 – Cyber Threat Hunting: Tactics, Techniques, and Procedures (TTP)
- DES 206 – Meeting Cloud Governance and Compliance Requirements
- DES 207 – Mitigating OWASP API Security Top 10
- DES 208 – Defending Against the CSA Top 11 Threats to Cloud Computing
- DES 212 – Architecture Risk Analysis & Remediation
- DES 217 – Securing Terraform Infrastructure and Resources
- DES 219 – Securing Google’s Firebase Platform
- DES 234 – Mitigating OWASP 2021 Cryptographic Failures
- DES 235 – Mitigating OWASP 2021 Insecure Design
- DES 238 – Mitigating OWASP 2021 Server-Side Request Forgery (SSRF)
- DES 239 – Mitigating OWASP 2021 Software and Data Integrity Failures
- DES 261 – Securing Serverless Environments
- DES 262 – Securing Enterprise Low-Code Applications Platforms
- DES 271 – OWASP M1: Mitigating Improper Platform Usage
- DES 272 – OWASP M2: Mitigating Insecure Data Storage
- DES 273 – OWASP M3: Mitigating Insecure Communication
- DES 274 – OWASP M4: Mitigating Insecure Authentication
- DES 275 – OWASP M5: Mitigating Insufficient Cryptography
- DES 276 – OWASP M6: Mitigating Insecure Authorization
- DES 277 – OWASP M7: Mitigating Client Code Quality
- DES 278 – OWASP M8: Mitigating Code Tampering
- DES 279 – OWASP M9: Mitigating Reverse Engineering
- DES 280 – OWASP M10: Mitigating Extraneous Functionality
- DSO 212 – Fundamentals of Zero Trust Security
- ENG 205 – Fundamentals of Threat Modeling
- ENG 211 – How to Create Application Security Design Requirements
- ENG 212 – Implementing Secure Software Operations
- LAB 101 – Identifying Broken Access Control Vulnerabilities
- LAB 102 – Identifying Broken Object-Level Authorization Vulnerabilities
- LAB 103 – Identifying Broken User Authentication Vulnerabilities
- LAB 104 – Identifying Business Logic Flaw Vulnerabilities
- LAB 105 – Identifying Credential Dumping: Vulnerability Identification
- LAB 106 – Identifying Cross-Site Scripting Vulnerabilities
- LAB 107 – Identifying Injection Vulnerabilities
- LAB 108 – Identifying Reverse Engineering Vulnerabilities
- LAB 109 – Identifying Security Misconfiguration Vulnerabilities
- LAB 110 – Identifying Sensitive Data Exposure Vulnerability Identification
- LAB 114 – Identifying Cookie Tampering
- LAB 115 – Identifying Reflective XSS
- LAB 116 – Identifying Forceful Browsing
- LAB 117 – Identifying Hidden Form Field
- LAB 118 – Identifying Weak File Upload Validation
- LAB 119 – Identifying Persistent XSS
- LAB 120 – Identifying XML Injection
- TST 206 – ASVS Requirements for Developers
Overview
The Information Security Specialist Learning Path includes a variety of courses designed for those responsible for protecting systems, defining access privileges, control structures, and resources. The curriculum helps build the skills required to identify, protect, detect, and recover from risks, vulnerabilities, and threats to the security of information and/or data.
Courses
- COD 383 – Protecting Java Backend Services (UPDATED)
- CYB 310 – Using Cyber Supply Chain Risk Management (C-SCRM) to Mitigate Threats to IT/OT (NEW)
- CYB 311 – Threat Analysis with AI (NEW)
- DES 313 – Hardening a Kubernetes Cluster
- DES 314 – Hardening the Docker Engine
- ENG 311 – Attack Surface Analysis & Reduction
- ENG 312 – How to Perform a Security Code Review
- ENG 320 – Using Software Composition Analysis (SCA) to Secure Open-Source Components (NEW)
- LAB 312 – ATT&CK: Testing for Network Services Identification (NEW)
- LAB 313 – ATT&CK: Testing for Vulnerability Identification Using Vulnerability Databases (NEW)
- LAB 315 – ATT&CK: Updating Vulnerable Java Web Application Server Software
- LAB 321 – ATT&CK: Password Cracking
- LAB 322 – ATT&CK: Exploiting Windows File Sharing Server with External Remote Services
- LAB 323 – ATT&CK: Exploiting Vulnerable Java Web Application Server Software
- LAB 324 – ATT&CK: Exploiting Java Web Application Server Misconfiguration
- LAB 330 – ATT&CK: Exploiting Java SQL Injection to Extract Password Hashes
- LAB 331 – ATT&CK: Network Service Discovery
- LAB 332 – ATT&CK: Network Share Discovery
- LAB 334 – ATT&CK: Create Account
- LAB 335 – ATT&CK: Unsecured Credentials
- LAB 336 – ATT&CK: Data from Local System
- LAB 337 – ATT&CK: Valid Accounts
- TST 303 – Penetration Testing for Google Cloud Platform
- TST 304 – Penetration Testing for AWS Cloud
- TST 305 – Penetration Testing for Azure Cloud
Overview
Learning Path Details
Number of Courses: 80
Number of Labs: 31
Total Duration: 30 hours
Total CPE Credits: 36