Embedded QA/Test Engineer
Details 41 Courses, 14 Hours, 17 CPE Credits
Core
Provides learners with an understanding of security principles and best practices for developing secure applications and secure database with a focus on fundamentals of application security, application security risk management, common vulnerabilities in an application. Introduces security-testing concepts and processes that will help Embedded QA/Test Engineers analyze an application from a security perspective to conduct effective security testing.
Courses Include
- AWA 101 Fundamentals of Application
Security - AWA 102 Secure Software Concepts
- DES 260 Fundamentals of IoT Architecture and Design
- ENG 114 Essential Risk Assessment
- ENG 123 Essential Security Engineering Principles
- ENG 205 Fundamentals of Threat Modeling
- TST 101 Fundamentals of Security Testing
Advanced
Provides a solid understanding of how to identify and mitigate each of the and how to test for OWASP 2017 vulnerabilities as well has how to identify and mitigate threats. Engineers will be educated on OWASP Top 10 and the consequences of CWE’s most dangerous software errors to enable development teams to develop secure code and mitigate security vulnerabilities using common standards and frameworks.
Dives into basic concepts of cryptography and common ways that it is applied, from the perspective of application development while learning to test for vulnerabilities and provide recommendations to mitigate security vulnerabilities.
Courses Include
- TST 222-231 Testing for OWASP Top 10 Series (10)
- TST 253 Testing for Classic Buffer Overflow
- TST 255 Testing for Missing Authentication
- TST 257 Testing for Use of Hard-Coded Credentials
- TST 258 Testing for Missing Encryption of Sensitive Data
- TST 259 Testing for Unrestricted Upload of File with Dangerous Type
- TST 260 Testing for Reliance on Untrusted Inputs in a Security Decision
- TST 261 Testing for Execution with Unnecessary Privileges
- TST 262 Testing for Cross-Site Request Forgery
- TST 264 Testing for Download of Code Without Integrity Check
- TST 266 Testing for Inclusion of Functionality from Untrusted Control Sphere
- TST 267 Testing for Incorrect Permission Assignment for Critical Resource
- TST 268 Testing for Use of a Potentially Dangerous Function
- TST 270 Testing for Incorrect Calculation of Buffer Size
- TST 273 Testing for Uncontrolled Format String
- TST 274 Testing for Integer Overflow or Wraparound
- TST 275 Testing for Use of One-Way Hash Without A Salt
Elite
Provides learners with an understanding of secure architecture and design principles while articulating security requirements to be considered during the requirements phase. This path also introduces the learner to threat modeling to help identify security design problems early in the application security design process. Developers will learn to define the attack surface of an application and how to reduce the risk to an application by minimizing the application’s attack surface, and guidelines for secure source code review.
Courses Include
- ENG 191-195 Implementing the MS SDLC into your SDLC Series (10)
- ENG 211 How to Create Application Security Design Requirements
- ENG 311 Attack Surface Analysis and Reduction
- ENG 312 How to Perform a Security Code Review
Details 41 Courses, 14 Hours, 17 CPE Credits
Core
Provides learners with an understanding of security principles and best practices for developing secure applications and secure database with a focus on fundamentals of application security, application security risk management, common vulnerabilities in an application. Introduces security-testing concepts and processes that will help Embedded QA/Test Engineers analyze an application from a security perspective to conduct effective security testing.
Courses Include
- AWA 101 Fundamentals of Application Security
- AWA 102 Secure Software Concepts
- DES 260 Fundamentals of IoT Architecture and Design
- ENG 114 Essential Risk Assessment
- ENG 123 Essential Security Engineering Principles
- ENG 205 Fundamentals of Threat Modeling
- TST 101 Fundamentals of Security Testing
Advanced
Provides a solid understanding of how to identify and mitigate each of the and how to test for OWASP 2017 vulnerabilities as well has how to identify and mitigate threats. Engineers will be educated on OWASP Top 10 and the consequences of CWE’s most dangerous software errors to enable development teams to develop secure code and mitigate security vulnerabilities using common standards and frameworks.
Dives into basic concepts of cryptography and common ways that it is applied, from the perspective of application development while learning to test for vulnerabilities and provide recommendations to mitigate security vulnerabilities.
Courses Include
- TST 222-231 Testing for OWASP Top 10 Series (10)
- TST 253 Testing for Classic Buffer Overflow
- TST 255 Testing for Missing Authentication
- TST 257 Testing for Use of Hard-Coded Credentials
- TST 258 Testing for Missing Encryption of Sensitive Data
- TST 259 Testing for Unrestricted Upload of File with Dangerous Type
- TST 260 Testing for Reliance on Untrusted Inputs in a Security Decision
- TST 261 Testing for Execution with Unnecessary Privileges
- TST 262 Testing for Cross-Site Request Forgery
- TST 264 Testing for Download of Code Without Integrity Check
- TST 266 Testing for Inclusion of Functionality from Untrusted Control Sphere
- TST 267 Testing for Incorrect Permission Assignment for Critical Resource
- TST 268 Testing for Use of a Potentially Dangerous Function
- TST 270 Testing for Incorrect Calculation of Buffer Size
- TST 273 Testing for Uncontrolled Format String
- TST 274 Testing for Integer Overflow or Wraparound
- TST 275 Testing for Use of One-Way Hash Without A Salt
Elite
Provides learners with an understanding of secure architecture and design principles while articulating security requirements to be considered during the requirements phase. This path also introduces the learner to threat modeling to help identify security design problems early in the application security design process. Developers will learn to define the attack surface of an application and how to reduce the risk to an application by minimizing the application’s attack surface, and guidelines for secure source code review.
Courses Include
- ENG 191-195 Implementing the MS SDLC into your SDLC Series (10)
- ENG 211 How to Create Application Security Design Requirements
- ENG 311 Attack Surface Analysis and Reduction
- ENG 312 How to Perform a Security Code Review
