Course Catalog / NICE Specialty Areas / Securely Provision (SP)

Securely Provision (SP)

The Courses

View All Courses Download Course Catalog

DES 362 – Mitigating LCNC (Low-Code/No-Code) Authorization Misuse (NEW)

DES 361 – Mitigating LCNC (Low-Code/No-Code) Account Impersonation (NEW)

API 251 – Implementing Web Application and API Protection (WAAP) (NEW)

LAB 294 – Defending C# Applications Against Integer Overflow (NEW)

LAB 293 – Defending Java Applications Against Integer Overflow (NEW)

LAB 292 – Defending C# Applications Against Path Traversal (NEW)

LAB 291 – Defending Node.js Applications Against Path Traversal (NEW)

LAB 290 – Defending Python Applications Against Path Traversal (NEW)

LAB 289 – Defending Java Applications Against Path Traversal (NEW)

LAB 288 – Defending C# Applications Against Null Pointer Dereference (NEW)

LAB 287 – Defending Java Applications Against Null Pointer Dereference (NEW)

LAB 280 – Defending Python Applications Against Dangerous File Upload

LAB 275 – Defending Java Applications Against Command Injection

LAB 277 – Defending Node.js Applications Against Command Injection

LAB 276 – Defending Python Applications Against Command Injection

LAB 278 – Defending C# Applications Against Command Injection

LAB 281 – Defending Node.js Applications Against Dangerous File Upload

LAB 282 – Defending C# Applications Against Dangerous File Upload

LAB 283 – Defending Java Applications Against RegEx DoS

LAB 284 – Defending Python Applications Against RegEx DoS

LAB 285 – Defending Node.js Applications Against RegEx DoS

LAB 286 – Defending C# Applications Against RegEx DoS

LAB 137 – Identifying Improper Authorization

LAB 138 – Identifying Authorization Bypass Through User-Controlled Key

LAB 139 – Identifying Use of a Key Past its Expiration Date

ENG 320 – Using Software Composition Analysis (SCA) to Secure Open-Source Components

CYB 310 – Using Cyber Supply Chain Risk Management (C-SCRM) to Mitigate Threats to IT/OT

LAB 279 – Defending Java Applications Against Dangerous File Upload

LAB 211 – Defending Java Applications Against Credentials in Code Medium

LAB 212 – Defending Python Applications Against Credentials in Code Medium

LAB 213 – Defending Node.js Applications Against Credentials in Code Medium

LAB 214 – Defending C# Applications Against Credentials in Code Medium

LAB 215 – Defending Java Applications Against Business Logic Error for Input Validation

LAB 216 – Defending Python Applications Against Business Logic Error for Input Validation

LAB 217 – Defending Node.js Applications Against Business Logic Error for Input Validation

LAB 218 – Defending C# Applications Against Business Logic Error for Input Validation

LAB 224 – Defending Java Applications Against Forceful Browsing

LAB 225 – Defending Python Applications Against Forceful Browsing

LAB 226 – Defending Node.js Applications Against Forceful Browsing

LAB 227 – Defending C# Applications Against Forceful Browsing

DES 219 – Securing Google’s Firebase Platform

DES 261 – Securing Serverless Environments

LAB 136 – Identifying Improper Neutralization of Script in Attributes in a Web Page

LAB 135 – Identifying URL Redirection to Untrusted Site

LAB 134 – Identifying Plaintext Storage of a Password

LAB 133 – Identifying Exposure of Sensitive Information Through Environmental Variables

LAB 274 – Defending C# Applications Against SSRF

LAB 273 – Defending Node.js Applications Against SSRF

LAB 272 – Defending Python Applications Against SSRF

LAB 271 – Defending Java Applications Against SSRF

LAB 270 – Defending C# Applications Against Deserialization of Untrusted Data

LAB 269 – Defending Node.js Applications Against Deserialization of Untrusted Data

LAB 268 – Defending Python Applications Against Deserialization of Untrusted Data

LAB 267 – Defending Java Applications Against Deserialization of Untrusted Data

LAB 266 – Defending C# Applications Against Sensitive Information in Log Files

LAB 265 – Defending Node.js Applications Against Sensitive Information in Log Files

LAB 264 – Defending Python Applications Against Sensitive Information in Log Files

LAB 263 – Defending Java Applications Against Sensitive Information in Log Files

LAB 132 – Identifying Exposed Services

LAB 131 – Identifying Improper Restriction of XML External Entity Reference

API 250 – Controlling Access to the Kubernetes API

LAB 262 – Defending Node.js Applications Against Sensitive Information in Error Messages

LAB 261 – Defending Python Applications Against Sensitive Information in Error Messages

LAB 260 – Defending C# Applications Against Sensitive Information in Error Messages

LAB 236 – Defending Java Applications Against Sensitive Information in Error Messages

LAB 130 – Identifying Generation of Predictable Numbers or Identifiers

LAB 129 – Identifying Error Message Containing Sensitive Information

LAB 128 – Identifying Unverified Password Change

LAB 127 – Identifying Security Logging and Monitoring Failures

API 213 – Mitigating APIs Mass Assignment

ICS 310 – Protecting Information and System Integrity in Industrial Control System Environments

API 214 – Mitigating APIs Improper Asset Management

CYB 250 – Cyber Threat Hunting: Tactics, Techniques, and Procedures (TTP)

DES 314 – Hardening the Docker Engine

LAB 253 – Defending Python Applications Against Weak PRNG

LAB 247 – Defending Node.js Applications Against Weak PRNG

LAB 229 – Defending Java Applications Against Weak PRNG

LAB 239 – Defending C# Applications Against Weak PRNG

LAB 252 – Defending Python Applications Against Weak AES ECB Mode Encryption

LAB 246 – Defending Node.js Applications Against Weak AES ECB Mode Encryption

LAB 228 – Defending Java Applications Against Weak AES ECB Mode Encryption

LAB 238 – Defending C# Applications Against Weak AES ECB Mode Encryption

LAB 249 – Defending Python Applications Against Plaintext Password Storage

LAB 245 – Defending Node.js Applications Against Plaintext Password Storage

LAB 235 – Defending Java Applications Against Plaintext Password Storage

LAB 251 – Defending C# Applications Against Plaintext Password Storage

LAB 254 – Defending Python Applications Against Parameter Tampering

LAB 248 – Defending Node.js Applications Against Parameter Tampering

LAB 234 – Defending Java Applications Against Parameter Tampering

LAB 250 – Defending C# Applications Against Parameter Tampering

LAB 126 – Identifying Information Leakage

LAB 125 – Identifying Buffer Overflow

LAB 124 – Identifying Horizontal Privilege Escalation

LAB 111 – Identifying Server-Side Request Forgery

DES 313 – Hardening a Kubernetes Cluster

API 211 – Mitigating APIs Broken Object Level Authorization

DES 209 – Authentication and Lifecycle Management

LAB 324 – ATT&CK: Exploiting Java Web Application Server Misconfiguration

LAB 323 – ATT&CK: Exploiting Vulnerable Java Web Application Server Software

LAB 315 – ATT&CK: Updating Vulnerable Java Web Application Server Software

LAB 244 – Defending Java Applications Against Security Misconfiguration

LAB 243 – Defending Python Applications Against eXternal XML Entity (XXE) Vulnerabilities

LAB 242 – Defending Node.js Applications Against eXternal XML Entity (XXE) Vulnerabilities

LAB 241 – Defending C# Applications Against eXternal XML Entity (XXE) Vulnerabilities

LAB 240 – Defending Java Applications Against eXternal XML Entity (XXE) Vulnerabilities

LAB 223 – Defending Node.js Applications Against SQL Injection

LAB 222 – Defending Python Applications Against SQL Injection

LAB 221 – Defending C# Applications Against SQL Injection

LAB 123 – Identifying Vertical Privilege Escalation

LAB 122 – Identifying Insecure APIs

LAB 121 – Identifying Vulnerable and Outdate Components

LAB 113 – Identifying Cryptographic Failures

SDT 310 – Testing for Security Logging and Monitoring Failures

SDT 309 – Testing for Vulnerable and Outdated Components

SDT 308 – Testing for Software and Data Integrity Failures

SDT 307 – Testing for Server-Side Request Forgery (SSRF)

SDT 306 – Testing for Security Misconfiguration

SDT 305 – Testing for Broken Access Control

SDT 304 – Testing for Insecure Design

SDT 303 – Testing for Cryptographic Failures

SDT 302 – Testing for Identification and Authentication Failures

SDT 301 – Testing for Injection

DES 241 – Mitigating OWASP 2021 Security Logging and Monitoring Failures

DES 240 – Mitigating OWASP 2021 Vulnerable and Outdated Components

DES 239 – Mitigating OWASP 2021 Software and Data Integrity Failures

DES 238 – Mitigating OWASP 2021 Server-Side Request Forgery (SSRF)

DES 237 – Mitigating OWASP 2021 Security Misconfiguration

DES 236 – Mitigating OWASP 2021 Broken Access Control

DES 235 – Mitigating OWASP 2021 Insecure Design

DES 234 – Mitigating OWASP 2021 Cryptographic Failures

DES 233 – Mitigating OWASP 2021 Identification and Authentication Failures

DES 232 – Mitigating OWASP 2021 Injection

LAB 330 – ATT&CK: Exploiting Java SQL Injection to Extract Password Hashes

LAB 322 – ATT&CK: Exploiting Windows File Sharing Server with External Remote Services

LAB 321 – ATT&CK: Password Cracking

LAB 237 – Defending Java Applications Against SQL Injection

LAB 233 – Defending Node.js Applications Against XSS

LAB 232 – Defending C# Applications Against XSS

LAB 231 – Defending Python Applications Against XSS

LAB 230 – Defending Java Applications Against XSS

LAB 220 – Defending Against Hard-Coded Secrets

LAB 120 – Identifying XML Injection

LAB 119 – Identifying Persistent XSS

LAB 118 – Identifying Weak File Upload Validation

LAB 117 – Identifying Hidden Form Field

LAB 116 – Identifying Forceful Browsing

LAB 115 – Identifying Reflective XSS

LAB 114 – Identifying Cookie Tampering

LAB 103 – Identifying Broken User Authentication Vulnerabilities

DES 217 – Securing Terraform Infrastructure and Resources

DES 208 – Defending Against the CSA Top 11 Threats to Cloud Computing

DES 207 – Mitigating OWASP API Security Top 10

DSO 256 – DevSecOps in the Google Cloud Platform

SDT 325 – Testing for NULL Pointer Dereference

SDT 324 – Testing for Improper Restriction of Operations within the Bounds of a Memory Buffer

SDT 322 – Testing for Improper Privilege Management

SDT 321 – Testing for Uncontrolled Resource Consumption

SDT 320 – Testing for Out-of-bounds Write

SDT 319 – Testing for Out-of-bounds Read

SDT 318 – Testing for Insufficiently Protected Credentials

SDT 317 – Testing for Improper Control of Generation of Code

CYB 301 – Fundamentals of Ethical Hacking

SDT 326 – Testing for Use After Free

COD 386 – Preventing Integer Overflows in Java Code

COD 385 – Preventing Race Conditions in Java Code

COD 384 – Protecting Java from Information Disclosure

COD 324 – Protecting C# from XML Injection

COD 319 – Preventing Vulnerabilities in Android Code in Java

COD 315 – Preventing Vulnerabilities in iOS Code in Swift

ENG 212 – Implementing Secure Software Operations

DSO 306 – Implementing Infrastructure as Code

DES 312 – Protecting Cardholder Data

COD 366 – Creating Secure Kotlin Applications

DSO 307 – Secure Secrets Management

COD 286 – Creating Secure React User Interfaces

COD 285 – Developing Secure Angular Applications

DSO 304 – Securing API Gateways in a DevSecOps Framework

DSO 302 – Automated Security Testing

DES 282 – OWASP IoT2: Mitigating Insecure Network Services

DES 271 – OWASP M1: Mitigating Improper Platform Usage

DES 272 – OWASP M2: Mitigating Insecure Data Storage

DES 273 – OWASP M3: Mitigating Insecure Communication

DES 274 – OWASP M4: Mitigating Insecure Authentication

DES 275 – OWASP M5: Mitigating Insufficient Cryptography

DES 277 – OWASP M7: Mitigating Client Code Quality

DES 278 – OWASP M8: Mitigating Code Tampering

DES 279 – OWASP M9: Mitigating Reverse Engineering

DES 280 – OWASP M10: Mitigating Extraneous Functionality

DES 281 – OWASP IoT1: Mitigating Weak, Guessable or Hardcoded Passwords

DES 283 – OWASP IoT3: Mitigating Insecure Ecosystem Interfaces

DES 284 – OWASP IoT4: Mitigating Lack of Secure Update Mechanism

DES 285 – OWASP IoT5: Mitigating Use of Insecure or Outdated Components

DES 286 – OWASP IoT6: Mitigating Insufficient Privacy Protection

DES 287 – OWASP IoT7: Mitigating Insecure Data Transfer and Storage

DES 288 – OWASP IoT8: Mitigating Lack of Device Management

DES 289 – OWASP IoT9: Mitigating Insecure Default Settings

DES 276 – OWASP M6: Mitigating Insecure Authorization

DES 290 – OWASP IoT10 Mitigating Lack of Physical Hardening

ENG 354 – Authorizing and Monitoring System Controls within the RMF

ENG 353 – Selecting, Implementing and Assessing Controls within the RMF

ENG 352 – Categorizing Systems and Information within the RMF

DSO 254 – DevSecOps in the Azure Cloud

DSO 253 – DevSecOps in the AWS Cloud

DES 306 – Creating a Secure Blockchain Network

DES 255 – Securing the IoT Update Process

COD 258 – Creating Secure PHP Web Applications

COD 251 – Defending AJAX-Enabled Web Applications

TST 205 – Performing Vulnerability Scans

ENG 351 – Preparing the Risk Management Framework

ENG 251 – Risk Management Foundations

COD 383 – Protecting Java Backend Services

COD 267 – Securing Python Microservices

COD 309 – Securing ASP.NET MVC Applications

COD 308 – Common ASP.NET MVC Vulnerabilities and Attacks

COD 214 – Creating Secure GO Applications

ENG 150 – Meeting Confidentiality, Integrity, and Availability

COD 284 – Secure Java Coding

COD 266 – Secure Ruby Scripting

COD 265 – Secure Python Scripting

COD 249 – PCI DSS Requirement 11: Regularly Test Security Systems and Processes

COD 248 – PCI DSS Requirement 6: Develop and Maintain Secure Systems and Applications

COD 247 – PCI DSS Requirement 4: Encrypting Transmission of Cardholder Data

COD 246 – PCI DSS Requirement 3: Protecting Stored Cardholder Data

COD 108 – Software Operations and Maintenance

COD 107 – Secure Software Deployment

COD 106 – The Importance of Software Integration and Testing

COD 105 – Secure Software Development

COD 104 – Designing Secure Software

COD 103 – Creating Software Security Requirements

COD 102 – The Role of Software Security

SDT 311 – Testing for Integer Overflow or Wraparound

SDT 315 – Testing for Incorrect Permission Assignment for Critical Resource

SDT 312 – Testing for (Path Traversal) Improper Limitation of a Pathname to a Restricted Directory

SDT 313 – Testing for (CSRF) Cross Site Request Forgery

SDT 314 – Testing for Unrestricted Upload of File with Dangerous Type

SDT 316 – Testing for Use of Hard-Coded Credentials

TST 101 – Fundamentals of Security Testing

ENG 312 – How to Perform a Security Code Review

ENG 205 – Fundamentals of Threat Modeling

ENG 195 – Implementing the Microsoft SDL Threat Modeling Tool

ENG 194 – Implementing Microsoft SDL Line of Business

ENG 193 – Implementing the Microsoft SDL Optimization Model

ENG 192 – Implementing the Agile Microsoft SDL

ENG 191 – Introduction to the Microsoft SDL

ENG 126 – Essential Security Maintenance Policies

ENG 124 – Essential Application Protection

ENG 123 – Essential Security Engineering Principles

ENG 120 – Essential Security Assessment & Authorization

ENG 117 – Essential Information Security Program Planning

ENG 116 – Essential Security Planning Policy & Procedures

ENG 115 – Essential System & Information Integrity

ENG 114 – Essential Risk Assessment

DES 311 – Creating Secure Application Architecture

DES 260 – Fundamentals of IoT Architecture & Design

DES 212 – Architecture Risk Analysis & Remediation

DES 205 – Message Integrity Cryptographic Functions

DES 204 – Role of Cryptography in Application Development

DES 203 – Cryptographic Components: Randomness, Algorithms, and Key Management

DES 202 – Cryptographic Suite Services: Encoding, Encrypting & Hashing

DES 101 – Fundamentals of Secure Architecture

COD 382 – Protecting Data in Java

COD 381 – Preventing Path Traversal Attacks in Java

COD 380 – Preventing SQL Injection in Java

COD 364 – Securing HTML5 Connectivity

COD 363 – Securing HTML5 Data

COD 362 – HTML5 Built in Security Features

COD 361 – HTML5 Secure Threats

COD 352 – Creating Secure JavaScript and jQuery Code

COD 323 – Using Encryption with C#

COD 322 – Protecting C# from SQL Injection

COD 321 – Protecting C# from Integer Overflows & Canonicalization

COD 318 – Protecting Data on Android in Java

COD 317 – Protecting Data on iOS in Swift

COD 316 – Creating Secure iOS Code in Objective C

COD 307 – Protecting Data in C++

COD 303 – Common C Vulnerabilities & Attacks

COD 302 – Secure C Memory Management

COD 301 – Secure C Buffer Overflow Mitigations

COD 283 – Java Cryptography

COD 270 – Creating Secure COBOL & Mainframe Applications

COD 264 – Secure Perl Scripting

COD 263 – Secure Bash Scripting

COD 262 – Fundamentals of Shell and Interpreted Language Security

COD 261 – Threats to Scripts

COD 259 – Node.js Threats & Vulnerabilities

COD 257 – Creating Secure Python Web Applications

COD 256 – Creating Secure Ruby on Rails Foundations (UPDATED)

COD 255 – Creating Secure Code: Web API Foundations

COD 254 – Creating Secure Azure Applications

COD 253 – Creating Secure AWS Cloud Applications

COD 242 – Creating Secure SQL Server & Azure SQL DB Applications

COD 241 – Creating Secure Oracle DB Applications

COD 219 – Creating Secure Code: SAP ABAP Foundations

COD 217 – Mitigating .NET Security Threats

COD 216 – Leveraging .NET Framework Code Access Security (CAS)

COD 207 – Communication Security in C++

COD 206 – Creating Secure C++ Code

COD 202 – Secure C Runtime Protection

COD 201 – Secure C Encrypted Network Communications

COD 170 – Identifying Threats to Mainframe COBOL Applications & Data

COD 160 – Fundamentals of Secure Embedded Software Development

COD 152 – Fundamentals of Secure Cloud Development

COD 110 – Fundamentals of Secure Mobile Development

AWA 101 – Fundamentals of Application Security