| API 210 – Mitigating APIs Lack of Resources & Rate Limiting |
API 210 |
15 minutes |
| API 211 – Mitigating APIs Broken Object Level Authorization |
API 211 |
15 minutes |
| API 213 – Mitigating APIs Mass Assignment |
API 213 |
15 minutes |
| API 214 – Mitigating APIs Improper Asset Management |
API 214 |
15 minutes |
| API 250 – Controlling Access to the Kubernetes API |
API 250 |
20 minutes |
| API 251 – Implementing Web Application and API Protection (WAAP) |
API 251 |
35 minutes |
| API 351 – Securing Kubernetes in the Build and Release Stages |
API 351 |
25 minutes |
| ATK 201 – Using the MITRE ATT&CK Framework |
ATK 201 |
15 minutes |
| AWA 101 – Fundamentals of Application Security |
AWA 101 |
20 minutes |
| AWA 102 – Secure Software Concepts |
AWA 102 |
20 minutes |
| COD 102 – Challenges in Application Security |
COD 102 |
10 minutes |
| COD 103 – Creating Software Security Requirements |
COD 103 |
10 minutes |
| COD 104 – Designing Secure Software |
COD 104 |
15 minutes |
| COD 105 – Secure Software Development |
COD 105 |
20 minutes |
| COD 106 – The Importance of Software Integration and Testing |
COD 106 |
15 minutes |
| COD 107 – Secure Software Deployment |
COD 107 |
10 minutes |
| COD 108 – Software Operations and Maintenance |
COD 108 |
10 minutes |
| COD 110 – Fundamentals of Secure Mobile Development |
COD 110 |
45 minutes |
| COD 141 – Fundamentals of Database Security |
COD 141 |
30 minutes |
| COD 152 – Fundamentals of Secure Cloud Development |
COD 152 |
20 minutes |
| COD 160 – Fundamentals of Secure Embedded Software Development |
COD 160 |
45 minutes |
| COD 170 – Identifying Threats to Mainframe COBOL Applications & Data |
COD 170 |
20 minutes |
| COD 201 – Secure C Encrypted Network Communications |
COD 201 |
15 minutes |
| COD 202 – Secure C Run-Time Protection |
COD 202 |
15 minutes |
| COD 206 – Creating Secure C++ Code |
COD 206 |
15 minutes |
| COD 207 – Communication Security in C++ |
COD 207 |
15 minutes |
| COD 214 – Creating Secure GO Applications |
COD 214 |
30 minutes |
| COD 215 – Mitigating .NET Application Vulnerabilities |
COD 215 |
25 minutes |
| COD 219 – Creating Secure Code: SAP ABAP Foundations |
COD 219 |
90 minutes |
| COD 241 – Creating Secure Oracle DB Applications |
COD 241 |
45 minutes |
| COD 242 – Creating Secure SQL Server & Azure SQL DB Applications |
COD 242 |
40 minutes |
| COD 246 – PCI DSS Requirement 3: Protecting Stored Cardholder Data |
COD 246 |
20 minutes |
| COD 247 – PCI DSS Requirement 4: Encrypting Transmission of Cardholder Data |
COD 247 |
15 minutes |
| COD 248 – PCI DSS Requirement 6: Develop and Maintain Secure Systems and Applications |
COD 248 |
15 minutes |
| COD 249 – PCI DSS Requirement 11: Regularly Test Security Systems and Processes |
COD 249 |
15 minutes |
| COD 251 – Defending AJAX-Enabled Web Applications |
COD 251 |
25 minutes |
| COD 252 – Securing Google Platform Applications & Data |
COD 252 |
25 minutes |
| COD 253 – Creating Secure AWS Cloud Applications |
COD 253 |
45 minutes |
| COD 254 – Creating Secure Azure Applications |
COD 254 |
45 minutes |
| COD 255 – Creating Secure Code: Web API Foundations |
COD 255 |
20 minutes |
| COD 256 – Creating Secure Ruby on Rails Foundations |
COD 256 |
45 minutes |
| COD 257 – Creating Secure Python Web Applications |
COD 257 |
45 minutes |
| COD 258 – Creating Secure PHP Web Applications |
COD 258 |
30 minutes |
| COD 259 – Node.js Threats & Vulnerabilities |
COD 259 |
30 minutes |
| COD 261 – Threats to Scripts |
COD 261 |
30 minutes |
| COD 262 – Fundamentals of Shell and Interpreted Language Security |
COD 262 |
30 minutes |
| COD 263 – Secure Bash Scripting |
COD 263 |
15 minutes |
| COD 264 – Secure Perl Scripting |
COD 264 |
15 minutes |
| COD 265 – Secure Python Scripting |
COD 265 |
15 minutes |
| COD 266 – Secure Ruby Scripting |
COD 266 |
15 minutes |
| COD 267 – Securing Python Microservices |
COD 267 |
30 minutes |
| COD 268 – Mitigating TypeScript Application Vulnerabilities |
COD 268 |
30 minutes |
| COD 270 – Creating Secure COBOL & Mainframe Applications |
COD 270 |
25 minutes |
| COD 283 – Java Cryptography (UPDATED) |
COD 283 |
30 minutes |
| COD 284 – Secure Java Coding |
COD 284 |
30 minutes |
| COD 285 – Developing Secure Angular Applications |
COD 285 |
30 minutes |
| COD 286 – Creating Secure React User Interfaces |
COD 286 |
10 minutes |
| COD 287 – Java Application Server Hardening |
COD 287 |
20 minutes |
| COD 288 – Java Public Key Cryptography |
COD 288 |
20 minutes |
| COD 301 – Secure C Buffer Overflow Mitigations |
COD 301 |
45 minutes |
| COD 302 – Secure C Memory Management (UPDATED) |
COD 302 |
20 minutes |
| COD 303 – Mitigating C Code Vulnerabilities |
COD 303 |
20 minutes |
| COD 304 – Principles of C++ Memory Safety |
COD 304 |
25 minutes |
| COD 305 – C++ Secure Memory Management |
COD 305 |
30 minutes |
| COD 306 – C++ Memory Safety: Debugging Tools and Techniques |
COD 306 |
20 minutes |
| COD 307 – Protecting Data in C++ |
COD 307 |
25 minutes |
| COD 308 – Common ASP.NET MVC Vulnerabilities and Attacks |
COD 308 |
45 minutes |
| COD 309 – Securing ASP.NET MVC Applications |
COD 309 |
20 minutes |
| COD 310 – Securing ASP.NET Core Applications (NEW) |
COD 310 |
20 minutes |
| COD 315 – Preventing Vulnerabilities in iOS Code in Swift |
COD 315 |
20 minutes |
| COD 316 – Creating Secure iOS Code in Objective C |
COD 316 |
30 minutes |
| COD 317 – Protecting Data on iOS in Swift |
COD 317 |
20 minutes |
| COD 318 – Protecting Data on Android in Java |
COD 318 |
30 minutes |
| COD 319 – Preventing Vulnerabilities in Android Code in Java |
COD 319 |
30 minutes |
| COD 321 – Protecting C# from Integer Overflows & Canonicalization |
COD 321 |
30 minutes |
| COD 322 – Protecting C# from SQL Injection |
COD 322 |
8 minutes |
| COD 323 – Using Encryption with C# |
COD 323 |
20 minutes |
| COD 324 – Protecting C# from XML Injection |
COD 324 |
8 minutes |
| COD 325 – Protecting Data in C# for .NET Core (NEW) |
COD 325 |
30 minutes |
| COD 352 – Creating Secure JavaScript and jQuery Code |
COD 352 |
45 minutes |
| COD 361 – HTML5 Secure Threats |
COD 361 |
15 minutes |
| COD 362 – HTML5 Built in Security Features |
COD 362 |
20 minutes |
| COD 363 – Securing HTML5 Data |
COD 363 |
20 minutes |
| COD 364 – Securing HTML5 Connectivity |
COD 364 |
20 minutes |
| COD 366 – Creating Secure Kotlin Applications |
COD 366 |
20 minutes |
| COD 380 – Preventing SQL Injection in Java |
COD 380 |
8 minutes |
| COD 381 – Preventing Path Traversal Attacks in Java |
COD 381 |
8 minutes |
| COD 382 – Protecting Data in Java |
COD 382 |
30 minutes |
| COD 383 – Protecting Java Backend Services |
COD 383 |
30 minutes |
| COD 384 – Protecting Java from Information Disclosure |
COD 384 |
8 minutes |
| COD 385 – Preventing Race Conditions in Java Code |
COD 385 |
8 minutes |
| COD 386 – Preventing Integer Overflows in Java Code |
COD 386 |
8 minutes |
| CYB 210 – Cybersecurity Incident Response |
CYB 210 |
12 minutes |
| CYB 211 – Identifying and Protecting Assets Against Ransomware |
CYB 211 |
12 minutes |
| CYB 212 – Fundamentals of Security Information & Event Management (SIEM) |
CYB 212 |
15 minutes |
| CYB 213 – Generative AI Privacy & Cybersecurity Risk |
CYB 213 |
30 minutes |
| CYB 250 – Cyber Threat Hunting: Tactics, Techniques, and Procedures (TTP) |
CYB 250 |
20 minutes |
| CYB 301 – Fundamentals of Ethical Hacking |
CYB 301 |
15 minutes |
| CYB 310 – Using Cyber Supply Chain Risk Management (C-SCRM) to Mitigate Threats to IT/OT |
CYB 310 |
40 minutes |
| CYB 311 – Threat Analysis with AI |
CYB 311 |
20 minutes |
| DES 101 – Fundamentals of Secure Architecture |
DES 101 |
20 minutes |
| DES 151 – Fundamentals of the PCI Secure SLC Standard |
DES 151 |
25 minutes |
| DES 202 – Cryptographic Suite Services: Encoding, Encrypting & Hashing |
DES 202 |
45 minutes |
| DES 203 – Cryptographic Components: Randomness, Algorithms, and Key Management |
DES 203 |
15 minutes |
| DES 204 – Role of Cryptography in Application Development |
DES 204 |
15 minutes |
| DES 205 – Message Integrity Cryptographic Functions |
DES 205 |
45 minutes |
| DES 206 – Meeting Cloud Governance and Compliance Requirements |
DES 206 |
15 minutes |
| DES 207 – Mitigating OWASP API Security Top 10 |
DES 207 |
15 minutes |
| DES 208 – Defending Against the CSA Top 11 Threats to Cloud Computing |
DES 208 |
15 minutes |
| DES 209 – Authentication and Lifecycle Management |
DES 209 |
15 minutes |
| DES 210 – Hardening Linux/Unix Systems |
DES 210 |
30 minutes |
| DES 212 – Architecture Risk Analysis & Remediation |
DES 212 |
30 minutes |
| DES 214 – Securing Infrastructure Architecture |
DES 214 |
30 minutes |
| DES 215 – Defending Infrastructure |
DES 215 |
30 minutes |
| DES 216 – Protecting Cloud Infrastructure |
DES 216 |
40 minutes |
| DES 217 – Securing Terraform Infrastructure and Resources |
DES 217 |
20 minutes |
| DES 218 – Protecting Microservices, Containers, and Orchestration |
DES 218 |
30 minutes |
| DES 219 – Securing Google’s Firebase Platform |
DES 219 |
60 minutes |
| DES 232 – Mitigating OWASP 2021 Injection |
DES 232 |
12 minutes |
| DES 233 – Mitigating OWASP 2021 Identification and Authentication Failures |
DES 233 |
12 minutes |
| DES 234 – Mitigating OWASP 2021 Cryptographic Failures |
DES 234 |
12 minutes |
| DES 235 – Mitigating OWASP 2021 Insecure Design |
DES 235 |
12 minutes |
| DES 236 – Mitigating OWASP 2021 Broken Access Control |
DES 236 |
12 minutes |
| DES 237 – Mitigating OWASP 2021 Security Misconfiguration |
DES 237 |
12 minutes |
| DES 238 – Mitigating OWASP 2021 Server-Side Request Forgery (SSRF) |
DES 238 |
12 minutes |
| DES 239 – Mitigating OWASP 2021 Software and Data Integrity Failures |
DES 239 |
12 minutes |
| DES 240 – Mitigating OWASP 2021 Vulnerable and Outdated Components |
DES 240 |
12 minutes |
| DES 241 – Mitigating OWASP 2021 Security Logging and Monitoring Failures |
DES 241 |
12 minutes |
| DES 250 – Secure Software Acceptance and Deployment |
DES 250 |
25 minutes |
| DES 255 – Securing the IoT Update Process |
DES 255 |
30 minutes |
| DES 260 – Fundamentals of IoT Architecture & Design |
DES 260 |
30 minutes |
| DES 261 – Securing Serverless Environments |
DES 261 |
20 minutes |
| DES 262 – Securing Enterprise Low-Code Applications Platforms |
DES 262 |
20 minutes |
| DES 270 – Mitigating OWASP Mobile Top 10 Risks (NEW) |
DES 270 |
30 minutes |
| DES 281 – OWASP IoT1: Mitigating Weak, Guessable or Hardcoded Passwords |
DES 281 |
12 minutes |
| DES 282 – OWASP IoT2: Mitigating Insecure Network Services |
DES 282 |
12 minutes |
| DES 283 – OWASP IoT3: Mitigating Insecure Ecosystem Interfaces |
DES 283 |
12 minutes |
| DES 284 – OWASP IoT4: Mitigating Lack of Secure Update Mechanism |
DES 284 |
12 minutes |
| DES 285 – OWASP IoT5: Mitigating Use of Insecure or Outdated Components |
DES 285 |
12 minutes |
| DES 286 – OWASP IoT6: Mitigating Insufficient Privacy Protection |
DES 286 |
12 minutes |
| DES 287 – OWASP IoT7: Mitigating Insecure Data Transfer and Storage |
DES 287 |
12 minutes |
| DES 288 – OWASP IoT8: Mitigating Lack of Device Management |
DES 288 |
12 minutes |
| DES 289 – OWASP IoT9: Mitigating Insecure Default Settings |
DES 289 |
12 minutes |
| DES 290 – OWASP IoT10 Mitigating Lack of Physical Hardening |
DES 290 |
12 minutes |
| DES 305 – Protecting Existing Blockchain Assets |
DES 305 |
20 minutes |
| DES 306 – Creating a Secure Blockchain Network |
DES 306 |
20 minutes |
| DES 311 – Creating Secure Application Architecture |
DES 311 |
45 minutes |
| DES 312 – Protecting Cardholder Data |
DES 312 |
20 minutes |
| DES 313 – Hardening a Kubernetes Cluster |
DES 313 |
20 minutes |
| DES 314 – Hardening the Docker Engine |
DES 314 |
15 minutes |
| DES 361 – Mitigating LCNC (Low-Code/No-Code) Account Impersonation |
DES 361 |
20 minutes |
| DES 362 – Mitigating LCNC (Low-Code/No-Code) Authorization Misuse |
DES 362 |
20 minutes |
| DES 364 – Mitigating Low-Code/No-Code Authentication and Secure Communication Failures |
DES 364 |
20 minutes |
| DSO 201 – Fundamentals of Secure DevOps |
DSO 201 |
30 minutes |
| DSO 205 – Securing the COTS Supply Chain |
DSO 205 |
15 minutes |
| DSO 206 – Securing the Open Source Supply Chain |
DSO 206 |
15 minutes |
| DSO 211 – Identifying Threats to Containers in a DevSecOps Framework |
DSO 211 |
20 minutes |
| DSO 212 – Fundamentals of Zero Trust Security |
DSO 212 |
15 minutes |
| DSO 253 – DevSecOps in the AWS Cloud |
DSO 253 |
20 minutes |
| DSO 254 – DevSecOps in the Azure Cloud |
DSO 254 |
20 minutes |
| DSO 256 – DevSecOps in the Google Cloud Platform |
DSO 256 |
20 minutes |
| DSO 301 – Orchestrating Secure System and Service Configuration |
DSO 301 |
20 minutes |
| DSO 302 – Automated Security Testing |
DSO 302 |
20 minutes |
| DSO 303 – Automating Security Updates |
DSO 303 |
20 minutes |
| DSO 304 – Securing API Gateways in a DevSecOps Framework |
DSO 304 |
20 minutes |
| DSO 305 – Automating CI/CD Pipeline Compliance |
DSO 305 |
20 minutes |
| DSO 306 – Implementing Infrastructure as Code |
DSO 306 |
20 minutes |
| DSO 307 – Secure Secrets Management |
DSO 307 |
20 minutes |
| ENG 110 – Essential Account Management Security |
ENG 110 |
15 minutes |
| ENG 111 – Essential Session Management Security |
ENG 111 |
15 minutes |
| ENG 112 – Essential Access Control for Mobile Devices |
ENG 112 |
15 minutes |
| ENG 113 – Essential Secure Configuration Management |
ENG 113 |
15 minutes |
| ENG 114 – Essential Risk Assessment |
ENG 114 |
15 minutes |
| ENG 115 – Essential System & Information Integrity |
ENG 115 |
15 minutes |
| ENG 116 – Essential Security Planning Policy & Procedures |
ENG 116 |
15 minutes |
| ENG 117 – Essential Information Security Program Planning |
ENG 117 |
15 minutes |
| ENG 118 – Essential Incident Response |
ENG 118 |
15 minutes |
| ENG 119 – Essential Security Audit & Accountability |
ENG 119 |
15 minutes |
| ENG 120 – Essential Security Assessment & Authorization |
ENG 120 |
15 minutes |
| ENG 121 – Essential Identification & Authentication |
ENG 121 |
15 minutes |
| ENG 122 – Essential Physical & Environmental Protection |
ENG 122 |
15 minutes |
| ENG 123 – Essential Security Engineering Principles |
ENG 123 |
15 minutes |
| ENG 124 – Essential Application Protection |
ENG 124 |
15 minutes |
| ENG 125 – Essential Data Protection |
ENG 125 |
15 minutes |
| ENG 126 – Essential Security Maintenance Policies |
ENG 126 |
15 minutes |
| ENG 127 – Essential Media Protection |
ENG 127 |
15 minutes |
| ENG 150 – Meeting Confidentiality, Integrity, and Availability |
ENG 150 |
30 minutes |
| ENG 151 – Fundamentals of Privacy Protection |
ENG 151 |
10 minutes |
| ENG 191 – Introduction to the Microsoft SDL |
ENG 191 |
25 minutes |
| ENG 192 – Implementing the Agile Microsoft SDL |
ENG 192 |
20 minutes |
| ENG 193 – Implementing the Microsoft SDL Optimization Model |
ENG 193 |
12 minutes |
| ENG 194 – Implementing Microsoft SDL Line of Business |
ENG 194 |
20 minutes |
| ENG 195 – Implementing the Microsoft SDL Threat Modeling Tool |
ENG 195 |
20 minutes |
| ENG 205 – Fundamentals of Threat Modeling |
ENG 205 |
45 minutes |
| ENG 211 – How to Create Application Security Design Requirements |
ENG 211 |
15 minutes |
| ENG 212 – Implementing Secure Software Operations |
ENG 212 |
20 minutes |
| ENG 251 – Risk Management Foundations |
ENG 251 |
20 minutes |
| ENG 311 – Attack Surface Analysis & Reduction |
ENG 311 |
25 minutes |
| ENG 312 – How to Perform a Security Code Review |
ENG 312 |
30 minutes |
| ENG 320 – Using Software Composition Analysis (SCA) to Secure Open-Source Components |
ENG 320 |
20 minutes |
| ENG 351 – Preparing the Risk Management Framework |
ENG 351 |
20 minutes |
| ENG 352 – Categorizing Systems and Information within the RMF |
ENG 352 |
10 minutes |
| ENG 353 – Selecting, Implementing and Assessing Controls within the RMF |
ENG 353 |
20 minutes |
| ENG 354 – Authorizing and Monitoring System Controls within the RMF |
ENG 354 |
20 minutes |
| ICS 210 – ICS/SCADA Security Essentials |
ICS 210 |
12 minutes |
| ICS 310 – Protecting Information and System Integrity in Industrial Control System Environments |
ICS 310 |
15 minutes |
| LAB 111 – Identifying Server-Side Request Forgery |
LAB 111 |
5 minutes |
| LAB 113 – Identifying Cryptographic Failures |
LAB 113 |
5 minutes |
| LAB 114 – Identifying Cookie Tampering |
Lab 114 |
5 minutes |
| LAB 115 – Identifying Reflective XSS |
LAB 115 |
5 minutes |
| LAB 116 – Identifying Forceful Browsing |
LAB 116 |
5 minutes |
| LAB 117 – Identifying Hidden Form Field |
LAB 117 |
5 minutes |
| LAB 118 – Identifying Weak File Upload Validation |
LAB 118 |
5 minutes |
| LAB 119 – Identifying Persistent XSS |
LAB 119 |
5 minutes |
| LAB 120 – Identifying XML Injection |
LAB 120 |
5 minutes |
| LAB 121 – Identifying Vulnerable and Outdate Components |
LAB 121 |
5 minutes |
| LAB 122 – Identifying Insecure APIs |
LAB 122 |
5 minutes |
| LAB 123 – Identifying Vertical Privilege Escalation |
LAB 123 |
5 minutes |
| LAB 124 – Identifying Horizontal Privilege Escalation |
LAB 124 |
5 minutes |
| LAB 125 – Identifying Buffer Overflow |
LAB 125 |
5 minutes |
| LAB 126 – Identifying Information Leakage |
LAB 126 |
5 minutes |
| LAB 127 – Identifying Security Logging and Monitoring Failures |
LAB 127 |
5 minutes |
| LAB 128 – Identifying Unverified Password Change |
LAB 128 |
5 minutes |
| LAB 129 – Identifying Error Message Containing Sensitive Information |
LAB 129 |
5 minutes |
| LAB 130 – Identifying Generation of Predictable Numbers or Identifiers |
LAB 130 |
5 minutes |
| LAB 131 – Identifying Improper Restriction of XML External Entity Reference |
LAB 131 |
5 minutes |
| LAB 132 – Identifying Exposed Services |
LAB 132 |
5 minutes |
| LAB 133 – Identifying Exposure of Sensitive Information Through Environmental Variables |
LAB 133 |
5 minutes |
| LAB 134 – Identifying Plaintext Storage of a Password |
LAB 134 |
5 minutes |
| LAB 135 – Identifying URL Redirection to Untrusted Site |
LAB 135 |
5 minutes |
| LAB 136 – Identifying Improper Neutralization of Script in Attributes in a Web Page |
LAB 136 |
5 minutes |
| LAB 137 – Identifying Improper Authorization |
LAB 137 |
5 minutes |
| LAB 138 – Identifying Authorization Bypass Through User-Controlled Key |
LAB 138 |
5 minutes |
| LAB 139 – Identifying Use of a Key Past its Expiration Date |
LAB 139 |
5 minutes |
| LAB 201 – Defending Java Applications Against Canonicalization |
LAB 201 |
5 minutes |
| LAB 202 – Defending Python Applications Against Canonicalization |
LAB 202 |
5 minutes |
| LAB 203 – Defending C# Applications Against Canonicalization |
LAB 203 |
5 minutes |
| LAB 204 – Defending Node.js Applications Against Canonicalization |
LAB 204 |
5 minutes |
| LAB 205 – Defending Java Applications Against XPath Injection |
LAB 205 |
5 minutes |
| LAB 206 – Defending Python Applications Against XPath Injection |
LAB 206 |
5 minutes |
| LAB 207 – Defending Node.js Applications Against XPath Injection |
LAB 207 |
5 minutes |
| LAB 208 – Defending C# Applications Against XPath Injection |
LAB 208 |
5 minutes |
| LAB 211 – Defending Java Applications Against Credentials in Code Medium |
LAB 211 |
10 minutes |
| LAB 212 – Defending Python Applications Against Credentials in Code Medium |
LAB 212 |
10 minutes |
| LAB 213 – Defending Node.js Applications Against Credentials in Code Medium |
LAB 213 |
10 minutes |
| LAB 214 – Defending C# Applications Against Credentials in Code Medium |
LAB 214 |
10 minutes |
| LAB 215 – Defending Java Applications Against Business Logic Error for Input Validation |
LAB 215 |
10 minutes |
| LAB 216 – Defending Python Applications Against Business Logic Error for Input Validation |
LAB 216 |
10 minutes |
| LAB 217 – Defending Node.js Applications Against Business Logic Error for Input Validation |
LAB 217 |
10 minutes |
| LAB 218 – Defending C# Applications Against Business Logic Error for Input Validation |
LAB 218 |
10 minutes |
| LAB 220 – Defending Against Hard-Coded Secrets |
LAB 220 |
5 minutes |
| LAB 221 – Defending C# Applications Against SQL Injection |
LAB 221 |
10 minutes |
| LAB 222 – Defending Python Applications Against SQL Injection |
LAB 222 |
10 minutes |
| LAB 223 – Defending Node.js Applications Against SQL Injection |
LAB 223 |
10 minutes |
| LAB 224 – Defending Java Applications Against Forceful Browsing |
LAB 224 |
10 minutes |
| LAB 225 – Defending Python Applications Against Forceful Browsing |
LAB 225 |
10 minutes |
| LAB 226 – Defending Node.js Applications Against Forceful Browsing |
LAB 226 |
10 minutes |
| LAB 227 – Defending C# Applications Against Forceful Browsing |
LAB 227 |
10 minutes |
| LAB 228 – Defending Java Applications Against Weak AES ECB Mode Encryption |
LAB 228 |
10 minutes |
| LAB 229 – Defending Java Applications Against Weak PRNG |
LAB 229 |
10 minutes |
| LAB 230 – Defending Java Applications Against XSS |
LAB 230 |
15 minutes |
| LAB 231 – Defending Python Applications Against XSS |
LAB 231 |
15 minutes |
| LAB 232 – Defending C# Applications Against XSS |
LAB 232 |
15 minutes |
| LAB 233 – Defending Node.js Applications Against XSS |
LAB 233 |
15 minutes |
| LAB 234 – Defending Java Applications Against Parameter Tampering |
LAB 234 |
10 minutes |
| LAB 235 – Defending Java Applications Against Plaintext Password Storage |
LAB 235 |
10 minutes |
| LAB 236 – Defending Java Applications Against Sensitive Information in Error Messages |
LAB 236 |
10 minutes |
| LAB 237 – Defending Java Applications Against SQL Injection |
LAB 237 |
20 minutes |
| LAB 238 – Defending C# Applications Against Weak AES ECB Mode Encryption |
LAB 238 |
10 minutes |
| LAB 239 – Defending C# Applications Against Weak PRNG |
LAB 239 |
10 minutes |
| LAB 240 – Defending Java Applications Against eXternal XML Entity (XXE) Vulnerabilities |
LAB 240 |
10 minutes |
| LAB 241 – Defending C# Applications Against eXternal XML Entity (XXE) Vulnerabilities |
LAB 241 |
10 minutes |
| LAB 242 – Defending Node.js Applications Against eXternal XML Entity (XXE) Vulnerabilities |
LAB 242 |
10 minutes |
| LAB 243 – Defending Python Applications Against eXternal XML Entity (XXE) Vulnerabilities |
LAB 243 |
10 minutes |
| LAB 244 – Defending Java Applications Against Security Misconfiguration |
LAB 244 |
12 minutes |
| LAB 245 – Defending Node.js Applications Against Plaintext Password Storage |
LAB 245 |
10 minutes |
| LAB 246 – Defending Node.js Applications Against Weak AES ECB Mode Encryption |
LAB 246 |
10 minutes |
| LAB 247 – Defending Node.js Applications Against Weak PRNG |
LAB 247 |
10 minutes |
| LAB 248 – Defending Node.js Applications Against Parameter Tampering |
LAB 248 |
10 minutes |
| LAB 249 – Defending Python Applications Against Plaintext Password Storage |
LAB 249 |
10 minutes |
| LAB 250 – Defending C# Applications Against Parameter Tampering |
LAB 250 |
10 minutes |
| LAB 251 – Defending C# Applications Against Plaintext Password Storage |
LAB 251 |
10 minutes |
| LAB 252 – Defending Python Applications Against Weak AES ECB Mode Encryption |
LAB 252 |
10 minutes |
| LAB 253 – Defending Python Applications Against Weak PRNG |
LAB 253 |
10 minutes |
| LAB 254 – Defending Python Applications Against Parameter Tampering |
LAB 254 |
10 minutes |
| LAB 260 – Defending C# Applications Against Sensitive Information in Error Messages |
LAB 260 |
10 minutes |
| LAB 261 – Defending Python Applications Against Sensitive Information in Error Messages |
LAB 261 |
10 minutes |
| LAB 262 – Defending Node.js Applications Against Sensitive Information in Error Messages |
LAB 262 |
10 minutes |
| LAB 263 – Defending Java Applications Against Sensitive Information in Log Files |
LAB 263 |
10 minutes |
| LAB 264 – Defending Python Applications Against Sensitive Information in Log Files |
LAB 264 |
10 minutes |
| LAB 265 – Defending Node.js Applications Against Sensitive Information in Log Files |
LAB 265 |
10 minutes |
| LAB 266 – Defending C# Applications Against Sensitive Information in Log Files |
LAB 266 |
10 minutes |
| LAB 267 – Defending Java Applications Against Deserialization of Untrusted Data |
LAB 267 |
10 minutes |
| LAB 268 – Defending Python Applications Against Deserialization of Untrusted Data |
LAB 268 |
10 minutes |
| LAB 269 – Defending Node.js Applications Against Deserialization of Untrusted Data |
LAB 269 |
10 minutes |
| LAB 270 – Defending C# Applications Against Deserialization of Untrusted Data |
LAB 270 |
10 minutes |
| LAB 271 – Defending Java Applications Against SSRF |
LAB 271 |
10 minutes |
| LAB 272 – Defending Python Applications Against SSRF |
LAB 272 |
10 minutes |
| LAB 273 – Defending Node.js Applications Against SSRF |
LAB 273 |
10 minutes |
| LAB 274 – Defending C# Applications Against SSRF |
LAB 274 |
10 minutes |
| LAB 275 – Defending Java Applications Against Command Injection |
LAB 275 |
10 minutes |
| LAB 276 – Defending Python Applications Against Command Injection |
LAB 276 |
10 minutes |
| LAB 277 – Defending Node.js Applications Against Command Injection |
LAB 277 |
10 minutes |
| LAB 278 – Defending C# Applications Against Command Injection |
LAB 278 |
10 minutes |
| LAB 279 – Defending Java Applications Against Dangerous File Upload |
LAB 279 |
10 minutes |
| LAB 280 – Defending Python Applications Against Dangerous File Upload |
LAB 280 |
10 minutes |
| LAB 281 – Defending Node.js Applications Against Dangerous File Upload |
LAB 281 |
10 minutes |
| LAB 282 – Defending C# Applications Against Dangerous File Upload |
LAB 282 |
10 minutes |
| LAB 283 – Defending Java Applications Against RegEx DoS |
LAB 283 |
10 minutes |
| LAB 284 – Defending Python Applications Against RegEx DoS |
LAB 284 |
10 minutes |
| LAB 285 – Defending Node.js Applications Against RegEx DoS |
LAB 285 |
10 minutes |
| LAB 286 – Defending C# Applications Against RegEx DoS |
LAB 286 |
10 minutes |
| LAB 287 – Defending Java Applications Against Null Pointer Dereference |
LAB 287 |
10 minutes |
| LAB 288 – Defending C# Applications Against Null Pointer Dereference |
LAB 288 |
10 minutes |
| LAB 289 – Defending Java Applications Against Path Traversal |
LAB 289 |
10 minutes |
| LAB 290 – Defending Python Applications Against Path Traversal |
LAB 290 |
10 minutes |
| LAB 291 – Defending Node.js Applications Against Path Traversal |
LAB 291 |
10 minutes |
| LAB 292 – Defending C# Applications Against Path Traversal |
LAB 292 |
10 minutes |
| LAB 293 – Defending Java Applications Against Integer Overflow |
LAB 293 |
10 minutes |
| LAB 294 – Defending C# Applications Against Integer Overflow |
LAB 294 |
10 minutes |
| LAB 301 – Defending Java Applications Against Open Redirect |
LAB 301 |
5 minutes |
| LAB 302 – Defending Python Applications Against Open Redirect |
LAB 302 |
5 minutes |
| LAB 303 – Defending C# Applications Against Open Redirect |
LAB 303 |
5 minutes |
| LAB 304 – Defending Node.js Applications Against Open Redirect |
LAB 304 |
5 minutes |
| LAB 305 – Defending Java Applications Against Weak Password Reset |
LAB 305 |
5 minutes |
| LAB 306 – Defending Python Applications Against Weak Password Reset |
LAB 306 |
5 minutes |
| LAB 307 – Defending C# Applications Against Weak Password Reset |
LAB 307 |
5 minutes |
| LAB 308 – Defending Node.js Applications Against Weak Password Reset |
LAB 308 |
5 minutes |
| LAB 309 – Defending TypeScript Applications Against Unrestricted Upload of File with Dangerous Type |
LAB 309 |
5 minutes |
| LAB 314 – Defending TypeScript Applications Against SSRF |
LAB 314 |
5 minutes |
| LAB 316 – Defending TypeScript Applications Against Hard-coded Credentials |
LAB 316 |
5 minutes |
| LAB 320 – Defending TypeScript Applications Against Code Injection |
LAB 320 |
5 minutes |
| LAB 325 – Defending TypeScript Applications Against CSRF |
LAB 325 |
5 minutes |
| LAB 326 – Defending TypeScript Applications Against Path Traversal |
LAB 326 |
5 minutes |
| LAB 327 – Defending C Applications Against Path Traversal |
LAB 327 |
5 minutes |
| LAB 328 – Defending C++ Applications Against Path Traversal |
LAB 328 |
5 minutes |
| LAB 329 – Defending Go Applications Against SSRF |
LAB 329 |
15 minutes |
| LAB 333 – Defending Go Applications Against Hard-coded Credentials |
LAB 333 |
15 minutes |
| LAB 338 – Defending Go Applications Against CSRF |
LAB 338 |
15 minutes |
| LAB 339 – Defending Go Applications Against Path Traversal |
LAB 339 |
15 minutes |
| LAB 340 – Defending C Applications Against Use After Free |
LAB 340 |
15 minutes |
| LAB 341 – Defending C++ Applications Against Use After Free |
LAB 341 |
15 minutes |
| LAB 342 – Defending TypeScript Applications Against Command Injection |
LAB 342 |
15 minutes |
| LAB 343 – Defending Go Applications Against Command Injection |
LAB 343 |
15 minutes |
| LAB 344 – Defending TypeScript Applications Against Incorrect Authorization |
LAB 344 |
15 minutes |
| LAB 345 – Defending Go Applications Against Incorrect Authorization |
LAB 345 |
15 minutes |
| LAB 346 – Defending TypeScript Applications Against Deserialization of Untrusted |
LAB 346 |
15 minutes |
| LAB 347 – Defending C Applications Against Null Pointer Dereference |
LAB 347 |
15 minutes |
| LAB 348 – Defending C++ Applications Against Null Pointer Dereference (NEW) |
LAB 348 |
15 minutes |
| LAB 349 – Defending TypeScript Applications Against SQL Injection (NEW) |
LAB 349 |
15 minutes |
| LAB 350 – Defending Go Applications Against SQL Injection (NEW) |
LAB 350 |
15 minutes |
| LAB 351 – Defending TypeScript Applications Against Cross-Site Scripting (NEW) |
LAB 351 |
15 minutes |
| LAB 352 – Defending Go Applications Against Cross-Site Scripting (NEW) |
LAB 352 |
15 minutes |
| LAB 353 – Defending TypeScript Applications Against Improper Authentication (NEW) |
LAB 353 |
15 minutes |
| LAB 354 – Defending Go Applications Against Improper Authentication (NEW) |
LAB 354 |
15 minutes |
| LAB 355 – Defending C Applications Against Stack-based Buffer Overflow (NEW) |
LAB 355 |
15 minutes |
| LAB 610 – ATT&CK: File and Directory Permissions Modification |
LAB 610 |
12 minutes |
| LAB 611 – ATT&CK: File and Directory Discovery |
LAB 611 |
12 minutes |
| LAB 612 – ATT&CK: Testing for Network Services Identification |
LAB 612 |
12 minutes |
| LAB 613 – ATT&CK: Testing for Vulnerability Identification Using Vulnerability Databases |
LAB 613 |
12 minutes |
| LAB 615 – ATT&CK: Updating Vulnerable Java Web Application Server Software |
LAB 615 |
12 minutes |
| LAB 616 – ATT&CK: Host Vulnerability Scanning |
LAB 616 |
15 minutes |
| LAB 617 – ATT&CK: Testing for Plaintext Secrets in Files |
LAB 617 |
12 minutes |
| LAB 618 – ATT&CK: Log Analysis |
LAB 618 |
12 minutes |
| LAB 619 – ATT&CK: Exfiltration Over C2 Channel |
LAB 619 |
30 minutes |
| LAB 620 – ATT&CK: Advanced Exploit of Remote Services |
LAB 620 |
30 minutes |
| LAB 621 – ATT&CK: Password Cracking |
LAB 621 |
5 minutes |
| LAB 622 – ATT&CK: Exploiting Windows File Sharing Server with External Remote Services |
LAB 622 |
20 minutes |
| LAB 623 – ATT&CK: Exploiting Vulnerable Java Web Application Server Software |
LAB 623 |
12 minutes |
| LAB 624 – ATT&CK: Exploiting Java Web Application Server Misconfiguration |
LAB 624 |
12 minutes |
| LAB 625 – ATT&CK: Advanced Exploit of Public-Facing Application |
LAB 625 |
30 minutes |
| LAB 626 – Using an Exploit Framework for SQL Injection |
LAB 626 |
30 minutes |
| LAB 627 – Using an Exploit Framework for Port Scanning |
LAB 627 |
15 minutes |
| LAB 628 – Using an Exploit Framework for SMB Version Scanning |
LAB 628 |
15 minutes |
| LAB 629 – Using an Exploit Framework for SNMP Scanning |
LAB 629 |
15 minutes |
| LAB 630 – ATT&CK: Exploiting Java SQL Injection to Extract Password Hashes |
LAB 630 |
15 minutes |
| LAB 631 – ATT&CK: Network Service Discovery |
LAB 631 |
12 minutes |
| LAB 632 – ATT&CK: Network Share Discovery |
LAB 632 |
12 minutes |
| LAB 633 – Using an Exploit Framework for Web Application Scanning (NEW) |
LAB 633 |
30 minutes |
| LAB 634 – ATT&CK: Create Account |
LAB 634 |
12 minutes |
| LAB 635 – ATT&CK: Unsecured Credentials |
LAB 635 |
12 minutes |
| LAB 636 – ATT&CK: Data from Local System |
LAB 636 |
12 minutes |
| LAB 637 – ATT&CK: Valid Accounts |
LAB 637 |
12 minutes |
| LAB 638 – Using Mimikatz (NEW) |
LAB 638 |
15 minutes |
| LAB 639 – Using an Exploit Framework via Command Line Interface (NEW) |
LAB 639 |
15 minutes |
| SDT 301 – Testing for Injection |
SDT 301 |
10 minutes |
| SDT 302 – Testing for Identification and Authentication Failures |
SDT 302 |
10 minutes |
| SDT 303 – Testing for Cryptographic Failures |
SDT 303 |
10 minutes |
| SDT 304 – Testing for Insecure Design |
SDT 304 |
10 minutes |
| SDT 305 – Testing for Broken Access Control |
SDT 305 |
10 minutes |
| SDT 306 – Testing for Security Misconfiguration |
SDT 306 |
10 minutes |
| SDT 307 – Testing for Server-Side Request Forgery (SSRF) |
SDT 307 |
10 minutes |
| SDT 308 – Testing for Software and Data Integrity Failures |
SDT 308 |
10 minutes |
| SDT 309 – Testing for Vulnerable and Outdated Components |
SDT 309 |
10 minutes |
| SDT 310 – Testing for Security Logging and Monitoring Failures |
SDT 310 |
10 minutes |
| SDT 311 – Testing for Integer Overflow or Wraparound |
SDT 311 |
15 minutes |
| SDT 312 – Testing for (Path Traversal) Improper Limitation of a Pathname to a Restricted Directory |
SDT 312 |
15 minutes |
| SDT 313 – Testing for (CSRF) Cross Site Request Forgery |
SDT 313 |
15 minutes |
| SDT 314 – Testing for Unrestricted Upload of File with Dangerous Type |
SDT 314 |
15 minutes |
| SDT 315 – Testing for Incorrect Permission Assignment for Critical Resource |
SDT 315 |
15 minutes |
| SDT 316 – Testing for Use of Hard-Coded Credentials |
SDT 316 |
15 minutes |
| SDT 317 – Testing for Improper Control of Generation of Code |
SDT 317 |
10 minutes |
| SDT 318 – Testing for Insufficiently Protected Credentials |
SDT 318 |
10 minutes |
| SDT 319 – Testing for Out-of-bounds Read |
SDT 319 |
10 minutes |
| SDT 320 – Testing for Out-of-bounds Write |
SDT 320 |
10 minutes |
| SDT 321 – Testing for Uncontrolled Resource Consumption |
SDT 321 |
10 minutes |
| SDT 322 – Testing for Improper Privilege Management |
SDT 322 |
10 minutes |
| SDT 323 – Testing for Improper Input Validation |
SDT 323 |
10 minutes |
| SDT 324 – Testing for Improper Restriction of Operations within the Bounds of a Memory Buffer |
SDT 324 |
10 minutes |
| SDT 325 – Testing for NULL Pointer Dereference |
SDT 325 |
10 minutes |
| SDT 326 – Testing for Use After Free |
SDT 326 |
10 minutes |
| TST 101 – Fundamentals of Security Testing |
TST 101 |
20 minutes |
| TST 202 – Penetration Testing Fundamentals |
TST 202 |
25 minutes |
| TST 205 – Performing Vulnerability Scans |
TST 205 |
45 minutes |
| TST 206 – ASVS Requirements for Developers |
TST 206 |
20 minutes |
| TST 301 – Infrastructure Penetration Testing |
TST 301 |
45 minutes |
| TST 302 – Application Penetration Testing |
TST 302 |
45 minutes |
| TST 303 – Penetration Testing for Google Cloud Platform |
TST 303 |
20 minutes |
| TST 304 – Penetration Testing for AWS Cloud |
TST 304 |
20 minutes |
| TST 305 – Penetration Testing for Azure Cloud |
TST 305 |
20 minutes |
| TST 351 – Penetration Testing for TLS Vulnerabilities |
TST 351 |
12 minutes |
| TST 352 – Penetration Testing for Injection Vulnerabilities |
TST 352 |
12 minutes |
| TST 353 – Penetration Testing for SQL Injection |
TST 353 |
12 minutes |
| TST 354 – Penetration Testing for Memory Corruption Vulnerabilities |
TST 354 |
12 minutes |
| TST 355 – Penetration Testing for Authorization Vulnerabilities |
TST 355 |
12 minutes |
| TST 356 – Penetration Testing for Cross-Site Scripting (XSS) |
TST 356 |
12 minutes |
| TST 357 – Penetration Testing for Hardcoded Secrets |
TST 357 |
12 minutes |
| TST 358 – Penetration Testing Wireless Networks |
TST 358 |
12 minutes |
| TST 359 – Penetration Testing Network Infrastructure |
TST 359 |
12 minutes |
| TST 360 – Penetration Testing for Authentication Vulnerabilities |
TST 360 |
12 minutes |
