Your Career
Training Marketplace

Sign in SIGN UP FREE
Browse Catalog
Business Skills
All Your Business Training Needs In One Place.
- Choose a Category
- Business Essentials eLearning Library
  - Equip yourself with the skills you’ll need for your everyday business tasks. Everything from leadership and business concepts to IT, finance and more.
    Read More Register Now
    Instant Access
    From Anywhere
    
    Unlimited
    Viewing
    
    6-12 Months
    To Complete
- Request On-Site Training
  - With TrainUp’s On-Site Training Services, you get:
    Dedicated Private Event Representative Tenured & Award-Winning Instructor
    Customized Training Curriculum
    Affordable Cost Per Participant
    Flexible Scheduling
    …We bring the best to you!
    View More Info Request on-site training
- Corporate Discounts
  - TrainUp offers discounts to corporations buying content for multiple users. Please contact us to learn more.
    Contact Us (866) 540-9677
Finance
All Your Finance Training Needs In One Place.
- Choose a Category
- Business Essentials eLearning Library
  - Equip yourself with the skills you’ll need for your everyday business tasks. Everything from leadership and business concepts to IT, finance and more.
    Read More Register Now
    Instant Access
    From Anywhere
    
    Unlimited
    Viewing
    
    6-12 Months
    To Complete
- Request On-Site Training
  - With TrainUp’s On-Site Training Services, you get:
    Dedicated Private Event Representative Tenured & Award-Winning Instructor
    Customized Training Curriculum
    Affordable Cost Per Participant
    Flexible Scheduling
    …We bring the best to you!
    View More Info Request on-site training
- Corporate Discounts
  - TrainUp offers discounts to corporations buying content for multiple users. Please contact us to learn more.
    Contact Us (866) 540-9677
Health Care
All Your Health Care Training Needs In One Place.
- Choose a Category
- Business Essentials eLearning Library
  - Equip yourself with the skills you’ll need for your everyday business tasks. Everything from leadership and business concepts to IT, finance and more.
    Read More Register Now
    Instant Access
    From Anywhere
    
    Unlimited
    Viewing
    
    6-12 Months
    To Complete
- Request On-Site Training
  - With TrainUp’s On-Site Training Services, you get:
    Dedicated Private Event Representative Tenured & Award-Winning Instructor
    Customized Training Curriculum
    Affordable Cost Per Participant
    Flexible Scheduling
    …We bring the best to you!
    View More Info Request on-site training
- Corporate Discounts
  - TrainUp offers discounts to corporations buying content for multiple users. Please contact us to learn more.
    Contact Us (866) 540-9677
Human Resources
All Your Human Resources Training Needs In One Place.
- Choose a Category
- Business Essentials eLearning Library
  - Equip yourself with the skills you’ll need for your everyday business tasks. Everything from leadership and business concepts to IT, finance and more.
    Read More Register Now
    Instant Access
    From Anywhere
    
    Unlimited
    Viewing
    
    6-12 Months
    To Complete
- Request On-Site Training
  - With TrainUp’s On-Site Training Services, you get:
    Dedicated Private Event Representative Tenured & Award-Winning Instructor
    Customized Training Curriculum
    Affordable Cost Per Participant
    Flexible Scheduling
    …We bring the best to you!
    View More Info Request on-site training
- Corporate Discounts
  - TrainUp offers discounts to corporations buying content for multiple users. Please contact us to learn more.
    Contact Us (866) 540-9677
Industrial
All Your Industrial Training Needs In One Place.
- Choose a Category
- Business Essentials eLearning Library
  - Equip yourself with the skills you’ll need for your everyday business tasks. Everything from leadership and business concepts to IT, finance and more.
    Read More Register Now
    Instant Access
    From Anywhere
    
    Unlimited
    Viewing
    
    6-12 Months
    To Complete
- Request On-Site Training
  - With TrainUp’s On-Site Training Services, you get:
    Dedicated Private Event Representative Tenured & Award-Winning Instructor
    Customized Training Curriculum
    Affordable Cost Per Participant
    Flexible Scheduling
    …We bring the best to you!
    View More Info Request on-site training
- Corporate Discounts
  - TrainUp offers discounts to corporations buying content for multiple users. Please contact us to learn more.
    Contact Us (866) 540-9677
Information Technology
All Your IT Training Needs In One Place.
- Choose a Category
- Business Essentials eLearning Library
  - Equip yourself with the skills you’ll need for your everyday business tasks. Everything from leadership and business concepts to IT, finance and more.
    Read More Register Now
    Instant Access
    From Anywhere
    
    Unlimited
    Viewing
    
    6-12 Months
    To Complete
- Request On-Site Training
  - With TrainUp’s On-Site Training Services, you get:
    Dedicated Private Event Representative Tenured & Award-Winning Instructor
    Customized Training Curriculum
    Affordable Cost Per Participant
    Flexible Scheduling
    …We bring the best to you!
    View More Info Request on-site training
- Corporate Discounts
  - TrainUp offers discounts to corporations buying content for multiple users. Please contact us to learn more.
    Contact Us (866) 540-9677
Legal
All Your Legal Training Needs In One Place.
- Choose a Category
- Business Essentials eLearning Library
  - Equip yourself with the skills you’ll need for your everyday business tasks. Everything from leadership and business concepts to IT, finance and more.
    Read More Register Now
    Instant Access
    From Anywhere
    
    Unlimited
    Viewing
    
    6-12 Months
    To Complete
- Request On-Site Training
  - With TrainUp’s On-Site Training Services, you get:
    Dedicated Private Event Representative Tenured & Award-Winning Instructor
    Customized Training Curriculum
    Affordable Cost Per Participant
    Flexible Scheduling
    …We bring the best to you!
    View More Info Request on-site training
- Corporate Discounts
  - TrainUp offers discounts to corporations buying content for multiple users. Please contact us to learn more.
    Contact Us (866) 540-9677

Questions? Call Toll-Free: 1-866-540-9677

Business Skills
All Your Business Training Needs In One Place.
- Choose a Category
- Business Essentials eLearning Library
  - Equip yourself with the skills you’ll need for your everyday business tasks. Everything from leadership and business concepts to IT, finance and more.
    Read More Register Now
    Instant Access
    From Anywhere
    
    Unlimited
    Viewing
    
    6-12 Months
    To Complete
- Request On-Site Training
  - With TrainUp’s On-Site Training Services, you get:
    Dedicated Private Event Representative Tenured & Award-Winning Instructor
    Customized Training Curriculum
    Affordable Cost Per Participant
    Flexible Scheduling
    …We bring the best to you!
    View More Info Request on-site training
- Corporate Discounts
  - TrainUp offers discounts to corporations buying content for multiple users. Please contact us to learn more.
    Contact Us (866) 540-9677
Finance
All Your Finance Training Needs In One Place.
- Choose a Category
- Business Essentials eLearning Library
  - Equip yourself with the skills you’ll need for your everyday business tasks. Everything from leadership and business concepts to IT, finance and more.
    Read More Register Now
    Instant Access
    From Anywhere
    
    Unlimited
    Viewing
    
    6-12 Months
    To Complete
- Request On-Site Training
  - With TrainUp’s On-Site Training Services, you get:
    Dedicated Private Event Representative Tenured & Award-Winning Instructor
    Customized Training Curriculum
    Affordable Cost Per Participant
    Flexible Scheduling
    …We bring the best to you!
    View More Info Request on-site training
- Corporate Discounts
  - TrainUp offers discounts to corporations buying content for multiple users. Please contact us to learn more.
    Contact Us (866) 540-9677
Health Care
All Your Health Care Training Needs In One Place.
- Choose a Category
- Business Essentials eLearning Library
  - Equip yourself with the skills you’ll need for your everyday business tasks. Everything from leadership and business concepts to IT, finance and more.
    Read More Register Now
    Instant Access
    From Anywhere
    
    Unlimited
    Viewing
    
    6-12 Months
    To Complete
- Request On-Site Training
  - With TrainUp’s On-Site Training Services, you get:
    Dedicated Private Event Representative Tenured & Award-Winning Instructor
    Customized Training Curriculum
    Affordable Cost Per Participant
    Flexible Scheduling
    …We bring the best to you!
    View More Info Request on-site training
- Corporate Discounts
  - TrainUp offers discounts to corporations buying content for multiple users. Please contact us to learn more.
    Contact Us (866) 540-9677
Human Resources
All Your Human Resources Training Needs In One Place.
- Choose a Category
- Business Essentials eLearning Library
  - Equip yourself with the skills you’ll need for your everyday business tasks. Everything from leadership and business concepts to IT, finance and more.
    Read More Register Now
    Instant Access
    From Anywhere
    
    Unlimited
    Viewing
    
    6-12 Months
    To Complete
- Request On-Site Training
  - With TrainUp’s On-Site Training Services, you get:
    Dedicated Private Event Representative Tenured & Award-Winning Instructor
    Customized Training Curriculum
    Affordable Cost Per Participant
    Flexible Scheduling
    …We bring the best to you!
    View More Info Request on-site training
- Corporate Discounts
  - TrainUp offers discounts to corporations buying content for multiple users. Please contact us to learn more.
    Contact Us (866) 540-9677
Industrial
All Your Industrial Training Needs In One Place.
- Choose a Category
- Business Essentials eLearning Library
  - Equip yourself with the skills you’ll need for your everyday business tasks. Everything from leadership and business concepts to IT, finance and more.
    Read More Register Now
    Instant Access
    From Anywhere
    
    Unlimited
    Viewing
    
    6-12 Months
    To Complete
- Request On-Site Training
  - With TrainUp’s On-Site Training Services, you get:
    Dedicated Private Event Representative Tenured & Award-Winning Instructor
    Customized Training Curriculum
    Affordable Cost Per Participant
    Flexible Scheduling
    …We bring the best to you!
    View More Info Request on-site training
- Corporate Discounts
  - TrainUp offers discounts to corporations buying content for multiple users. Please contact us to learn more.
    Contact Us (866) 540-9677
Information Technology
All Your IT Training Needs In One Place.
- Choose a Category
- Business Essentials eLearning Library
  - Equip yourself with the skills you’ll need for your everyday business tasks. Everything from leadership and business concepts to IT, finance and more.
    Read More Register Now
    Instant Access
    From Anywhere
    
    Unlimited
    Viewing
    
    6-12 Months
    To Complete
- Request On-Site Training
  - With TrainUp’s On-Site Training Services, you get:
    Dedicated Private Event Representative Tenured & Award-Winning Instructor
    Customized Training Curriculum
    Affordable Cost Per Participant
    Flexible Scheduling
    …We bring the best to you!
    View More Info Request on-site training
- Corporate Discounts
  - TrainUp offers discounts to corporations buying content for multiple users. Please contact us to learn more.
    Contact Us (866) 540-9677
Legal
All Your Legal Training Needs In One Place.
- Choose a Category
- Business Essentials eLearning Library
  - Equip yourself with the skills you’ll need for your everyday business tasks. Everything from leadership and business concepts to IT, finance and more.
    Read More Register Now
    Instant Access
    From Anywhere
    
    Unlimited
    Viewing
    
    6-12 Months
    To Complete
- Request On-Site Training
  - With TrainUp’s On-Site Training Services, you get:
    Dedicated Private Event Representative Tenured & Award-Winning Instructor
    Customized Training Curriculum
    Affordable Cost Per Participant
    Flexible Scheduling
    …We bring the best to you!
    View More Info Request on-site training
- Corporate Discounts
  - TrainUp offers discounts to corporations buying content for multiple users. Please contact us to learn more.
    Contact Us (866) 540-9677

Course ID: 309769

Video Collection

Software Development Security Video Collection

When you register for training with TrainUp.com, you are also supporting local education. Find out how.

In-Person Group Onsite Info

This Video Collection Contains 227 Videos. View All Titles.

Software Development Security Video Collection

This Software Development Security Video Collection e-learning and video micro-learning bundle contains 227 videos to enhance your skills. Courses are instantly accessible after purchase, viewing is unlimited, and you get 6 month-access to the library.

What is eLearning?

eLearning is a topical piece of online training material that is available to learn at your convenience. It is typically delivered in the form of videos or an interactive presentation, conducted via electronic media, through the web. eLearning courses are accessible on demand through your My Training Portal. Learn it when you need it!

Contents

227 Videos

COLLECTION PRICE

$259.00

View Courses

Looking for Group eLearning Options?

Instant Access
From Anywhere
Unlimited
Viewing
6-12 Months
To Complete

When you register for training with TrainUp.com, you are also supporting local education. Find out how.

Browse Videos Included In This Collection

SQL Server Injection Mitigation

After watching this video; you will be able to describe SQL Injection and how to mitigate against it.
Accessing Application Databases

After watching this video; you will be able to retrieve and access an Android application database.
Analyzing Android Device Mount Points

After watching this video; you will be able to analyze Android File System mount points on a typical Android device; specifally root; /system; /cache; /data; /mnt/sdcard; and /mnt/secure/asec.
Analyzing Application Traffic and Data

After watching this video; you will be able to perform a penetration test using any pen test tool of choice to intercept and analyze non-browser application traffic.
Analyzing Network Traffic Using Wireshark

After watching this video; you will be able to analyze network traffic on an Android device using Wireshark.
Creating a Signing Key and Certificate

After watching this video; you will be able to create an Android application signing key and certificate in Android Studio.
Creating an Android Device Image

After watching this video; you will be able to create a system image for an Android device.
Declaring Application Permissions

After watching this video; you will be able to add a permission declaration for an Android appliaction in its Manifest permissions file.
Enabling the ProGuard Tool in Android SDK

After watching this video; you will be able to enable the ProGuard code obfuscation tool in Android SDK.
Enforcing Application Permissions

After watching this video; you will be able to locate and modify the Manifest permissions file on Android emulator to secure an Android application.
Enforcing Permissions

After watching this video; you will be able to describe how permissions are enforced at the kernel level; native daemon level; and the framework level in Android OS.
Examining Android Device Directory Structure

After watching this video; you will be able to examine Android device directory structure.
Examining Android File Systems

After watching this video; you will be able to examine Android file systems; specifically YAFFS; YAFFS2; ext2; ext3; ext4; and vfat.
Examining Network Activity with BusyBox

After watching this video; you will be able to carry out a penetration test on an Android device using BusyBox.
Exploring the /data/data Directory

After watching this video; you will be able to explore the contents of the /data/data directory; especially shared_prefs and lib directories.
Getting Familiar with Activity Lifecycles

After watching this video; you will be able to define an activity and describe activity stack and callback methods used to implement activity lifecycles.
Getting Familiar with Android Application Services

After watching this video; you will be able to describe how to start; bind; and create an application service; as well as how to declare a service in the Manifest.xml file.
Getting Familiar with Code Signing

After watching this video; you will be able to describe the process of application code signing.
Identifying Application-based Permissions

After watching this video; you will be able to identify application-based permissions; specifically Android Manifest Permissions.
Identifying Common Application Security Risks

After watching this video; you will be able to identify common mobile device security issues.
Installing Android Standalone SDK Tools

After watching this video; you will be able to download and install the Android stand-alone SDK tools package.
Installing the Android Studio IDE

After watching this video; you will be able to download and install the Android Studio IDE.
Intercepting Browser Application Traffic

After watching this video; you will be able to use Burp suite to intercept traffic for a browser application on a virtual Android device.
Leveraging Linux Security Services to Protect Data

After watching this video; you will be able to use Linux security services to protect Android application data.
Overview of Android Software Stack Layers

After watching this video; you will be able to describe Android software stack layers.
Overview of Application User Protection Levels

After watching this video; you will be able to define the user protection levels that can be assigned in a Manifest permissions file.
Overview of Storage Options for Application Data

After watching this video; you will be able to describe storage options for Android application data.
Packaging an Android Application

After watching this video; you will be able to securely package an Android application.
Penetration Testing Best Practices

After watching this video; you will be able to describe the Android app development best practices against which penetration tests should be carried out.
Scanning a Network Using Nmap

After watching this video; you will be able to carry out a network scan using Nmap.
Understanding the Android Environment

After watching this video; you will be able to describe the major components of the Android environment; specifically the Android SDK; Eclipse IDE and ADT tools (DDMS; adb).
Understanding Android Application Framework

After watching this video; you will be able to describe the Android application framework layer services; specifically the resource manager; activity manager; location manager; notification manager; package manager; views; and content providers.
Understanding Android Runtime Components

After watching this video; you will be able to describe Android runtime components; specifically the Dalvik VM and Core Libraries.
Understanding Permissions Assignment

After watching this video; you will be able to describe how permissions and process attributes are assigned in Android OS.
Understanding the Linux Kernel

After watching this video; you will be able to describe how the Linux kernel provides security on the Android platform; including Linux permissions enforcement.
Updating an Android Application

After watching this video; you will be able to securely update an Android application.
Using Code Signing to Protect Application from Malware

After watching this video; you will be able to use code signing to protect Android application code from malware attacks.
Using Untrusted Devices; Applications; and Networks

After watching this video; you will be able to describe considerations for using user-owned; untrusted devices as well as untrusted applications and networks.
Working with Device Administration Policies

After watching this video; you will be able to extract various kinds of data from Android devices; specifically SMS messages; contact information; and application database information.
Working with Root Access

After watching this video; you will be able to root an Android device so that it can be analyzed.
Working with Shared User IDs

After watching this video; you will be able to describe how permissions are granted and managed for applications with shared user IDs.
Working with Untrusted Systems and Content

After watching this video; you will be able to describe considerations for dealing with untrusted systems and content on an enterprise network.
Attacking User Passcodes

After watching this video; you will be able to describe how user passcodes may be attacked.
Carrying Out a Fuzz Test

After watching this video; you will be able to describe steps for carrying out a fuzz test.
Collecting and Verifying Signing Information

After watching this video; you will be able to describe how application signing information can be collected and verified.
Creating a Configuration Profile

After watching this video; you will be able to use Apple Configurator to create a new configuration profile.
Displaying iOS Signing Info and Entitlements

After watching this video; you will be able to use the Xcode codesign tool to obtain information on an iOS application's signing certificate authority and its granted entitlements.
Enforcing Signatures on Processes

After watching this video; you will be able to describe how signatures are enforced on application processes.
Enrolling Devices by Downloading Enrollment Profiles

After watching this video; you will be able to enroll a user device with the OS X Server mobile device management service by downloading and installing an enrollment profile.
Enrolling Devices using Profile Manager Web Portal

After watching this video; you will be able to enroll a user device with the OS X Server mobile device management service using the user's Profile Manager web portal.
Exploiting Bug Classes

After watching this video; you will be able to describe how to exploit use-after-free and double-free bugs.
Fuzzing MobileSafari

After watching this video; you will be able to carry out a fuzzing test on MobileSafari.
Getting Familiar with Application Signing

After watching this video; you will be able to use the Xcode codesign tool to show signing certificate authority information for an iOS application.
Getting Familiar with File Protection Classes

After watching this video; you will be able to describe file protection classes.
Getting Familiar with Keybags

After watching this video; you will be able to describe how file and keychain Data Protection classes are collected and managed in keybags.
Getting Familiar with Keychain Protection Classes

After watching this video; you will be able to describe keychain item protection classes.
Getting Familiar with the Data Protection API

After watching this video; you will be able to describe data protection API and class hierarchy.
Listing Application Entitlements

After watching this video; you will be able to use command line to list the entitlements for a signed application.
Overview of Apple Store Security

After watching this video; you will be able to describe how Apple protects the Apple Store.
Overview of Code Signing in iOS

After watching this video; you will be able to describe how code signing is used to enforce iOS security.
Overview of Fuzzing iOS Applications

After watching this video; you will be able to describe the basic idea behind fuzzing and how it is used to reveal security issues in iOS applications.
Overview of iOS Sandbox

After watching this video; you will be able to identify iOS Sandbox components and describe how they are related.
Overview of Return-Oriented Programming

After watching this video; you will be able to describe background on ROP and basics in ARM architecture.
Overview on iOS Network Security

After watching this video; you will be able to identify components of network security supported by iOS 8.
Preventing Changes on Signed Pages

After watching this video; you will be able to describe how to prevent signed code from being tampered with.
Protecting Processes and Code Segments

After watching this video; you will be able to describe privilege separation; address space layout randomization; and sandboxing.
Setting Up the OS X Server Profile Manager

After watching this video; you will be able to configure and run the Profile Manager service.
Understanding Dynamic Code Signing

After watching this video; you will be able to describe how to use just-in-time compiling to implement dynamic code signing.
Understanding How Sandboxing Impacts the App Store

After watching this video; you will be able to describe how applications are launched under a sandbox and how applications are restricted to their own container directories in the App Store.
Understanding iOS Attack Surface

After watching this video; you will be able to describe reduced attack surface and stripped-down iOS.
Understanding Possible Security Threats

After watching this video; you will be able to define malware; exploitation; and compare Mac OS threats versus iOS threats.
Understanding Provisioning

After watching this video; you will be able to describe the provisioning profile and how the provisioning file is validated.
Understanding Sandboxing and Runtime Security

After watching this video; you will be able to describe how runtime process security makes use of sandboxing to protect applications and their data on iOS 8 devices.
Understanding Sandboxing with Extensions

After watching this video; you will be able to describe how extensions are sandboxed to protect their files and memory space in iOS.
Understanding TCMalloc

After watching this video; you will be able to describe TCMalloc allocator as well as large and small object allocation and deallocation.
Understanding the ARM Systems Call Convention

After watching this video; you will be able to describe how system calls are invoked on ARM.
Understanding the iOS ARM Calling Convention

After watching this video; you will be able to describe the ARM calling convention on iOS.
Understanding the iOS System Allocator

After watching this video; you will be able to describe the concept of regions and how regions are allocated and deallocated.
Understanding the Mandatory Access Control Framework

After watching this video; you will be able to describe how Mandatory Code Signing is controlled by the Mandatory Access Control Framework; including AMFI hooks.
Updating and Removing Configuration Profiles

After watching this video; you will be able to use the Apple Configurator to update and remove configuration profiles.
Using Code Signing and Data Execution Prevention

After watching this video; you will be able to describe code signing; return-oriented programming (ROP); and data execution prevention.
Working with AirDrop Security

After watching this video; you will be able to describe iOS 8 support for AirDrop security.
Working with Bluetooth Connections

After watching this video; you will be able to describe Bluetooth connections and profiles supported by iOS 8.
Working with Mobile Configuration Profiles

After watching this video; you will be able to identify the contents of a configuration profile and how to identify configuration profile payload types.
Working with Profiles

After watching this video; you will be able to write and use a Bash shell script to crash test Safari on Mac OS X.
Working with Single Sign-on Authentication

After watching this video; you will be able to describe iOS 8 support for single sign-on authentication on enterprise networks.
Working with the Apple Configurator

After watching this video; you will be able to describe the general functionality of the Apple Configurator.
Working with Virtual Private Networks

After watching this video; you will be able to describe the VPN protocols and authentication methods supported by iOS 8.
Working with Wi-Fi Networks

After watching this video; you will be able to describe Wi-Fi standards and authentication methods supported by iOS 8.
Adding and Modifying Groups

After watching this video; you will be able to add and modify groups in Ubuntu using various command line tools.
Managing /etc/hosts for Web Development

After watching this video; you will be able to modify the /etc/hosts file to point a domain to a local web server.
.NET Web Authentication Types

After watching this video; you will be able to identify the authentication types in web-hosted .NET projects and configure them in IIS and in configuration files.
A1 Injection - How It Works

After watching this video; you will be able to identify what the A1 exploit relies on to work.
A1 Injection In Action

After watching this video; you will be able to describe how the A1 exploit works in practice.
A10 Unvalidated Redirects and Forwards - How It Works

After watching this video; you will be able to identify what the A10 exploit relies on to work.
A10 Unvalidated Redirects and Forwards In Action

After watching this video; you will be able to describe how the A10 exploit works in practice.
A2 Broken Authentication/Session - How It Works

After watching this video; you will be able to identify what the A2 exploit relies on to work.
A2 Broken Authentication/Session Management In Action

After watching this video; you will be able to describe how the A2 exploit works in practice.
A3 Cross Site Scripting In Action

After watching this video; you will be able to describe how the A3 exploit works in practice.
A3 Cross Site Scripting In Action - How It Works

After watching this video; you will be able to identify what the A3 exploit relies on to work.
A4 Insecure Direct Object References - How It Works

After watching this video; you will be able to identify what the A4 exploit relies on to work.
A4 Insecure Direct Object References In Action

After watching this video; you will be able to describe how the A4 exploit works in practice.
A5 Security Misconfiguration - How It Works

After watching this video; you will be able to identify what the A5 exploit relies on to work.
A5 Security Misconfiguration In Action

After watching this video; you will be able to describe how the A5 exploit works in practice.
A6 Sensitive Data Exposure - How It Works

After watching this video; you will be able to identify what the A6 exploit relies on to work.
A6 Sensitive Data Exposure In Action

After watching this video; you will be able to describe how the A6 exploit works in practice.
A7 Missing Function Level Access Control - How It Works

After watching this video; you will be able to identify what the A7 exploit relies on to work.
A7 Missing Function Level Access Control In Action

After watching this video; you will be able to describe how the A7 exploit works in practice.
A8 Cross Site Request Forgery - How It Works

After watching this video; you will be able to identify what the A8 exploit relies on to work.
A8 Cross Site Request Forgery In Action

After watching this video; you will be able to describe how the A8 exploit works in practice.
A9 Using Components with Known Exploits - How It Works

After watching this video; you will be able to identify what the A9 exploit relies on to work.
A9 Using Components with Known Exploits In Action

After watching this video; you will be able to describe how the A9 exploit works in practice.
Appropriate Password Management

After watching this video; you will be able to list appropriate approaches to capturing; storing; validating; and resetting user passwords.
ASP.NET & ASP.NET MVC Validation

After watching this video; you will be able to recognize how the built-in validation capabilities in ASP.NET and ASP.NET MVC protect against attacks.
Asymmetric Encryption in .NET

After watching this video; recognize how asymmetric encryption works in .NET.
Authenticating with External Logins in ASP.NET MVC

After watching this video; you will be able to allow your users to authenticate against external login providers like Microsoft; Twitter; Facebook and Google.
Authentication versus Authorization

After watching this video; you will be able to compare authentication and authorization.
Authorization in ASP.NET MVC Controllers

After watching this video; you will be able to implement authorization in ASP.NET MVC.
Authorization in WCF

After watching this video; you will be able to recognize where and how to implement authorization in WCF.
Authorization in Web API

After watching this video; you will be able to recognize where and how to implement authorization in ASP.NET Web API.
Command Injection Mitigation

After watching this video; you will be able to describe how to mitigate against command injection at the base .NET Framework level.
Config File Encryption

After watching this video; you will be able to recognize how to encrypt relevant sections of the .NET configuration files.
Content Spoofing Mitigation

After watching this video; you will be able to describe JavaScript behaviors that can lead to security breaches and how to mitigate against them.
CORS Preflight Scrutiny

After watching this video; you will be able to describe CORS Preflight requests and how to secure them in ASP.Net Web API.
Error Message Security

After watching this video; you will be able to recognize how error message handling can be exploited and how to deal with this.
HttpOnly Cookie Flag

After watching this video; you will be able to describe the HttpOnly Cookie Flag and how to apply it in ASP.NET and ASP.NET MVC.
Identify Top 10 Threats

After watching this video; you will be able to identify the OWASP Top 10 exploits in a real-world scenario.
Insecure Direct Object Reference Mitigation

After watching this video; you will be able to identify mitigations to Insecure Direct Object Reference at the database level.
Insecure Web.config Setting Mitigation

After watching this video; you will be able to recognize the impacts of various web.config file settings.
Introduction to the OWASP Project

After watching this video; you will be able to describe the history of the OWASP Project.
Introduction to the

After watching this video; you will be able to understand the OWASP Top 10 list and recognize its patterns in your own applications.
Microsoft Anti-cross Site Scripting Library

After watching this video; you will be able to use the Microsoft Anti-cross Site Scripting Library.
Mitigate Security

After watching this video; you will be able to identify mitigations for OWASP Top 10 violations in a given scenario.
NuGet Packages Security

After watching this video; you will be able to recognize how to handle security when using NuGet packages.
Output Encoding

After watching this video; you will be able to describe how to appropriately encode output into a page to avoid script injection; XSS; and other exploits.
Password Hashing

After watching this video; you will be able to describe password hashing and its application.
Password Policies

After watching this video; you will be able to implement password policies in ASP.NET and ASP.NET MVC.
Releasing Resources to Avoid Pool Exhaustion

After watching this video; you will be able to describe how inadequately releasing types can lead to denial of service.
Session State in ASP.NET MVC

After watching this video; you will be able to describe how session state works in ASP.NET and ASP.NET MVC.
SSL and Transport Security

After watching this video; you will be able to describe SSL/HTTPS security.
Symmetric Encryption in .NET

After watching this video; you will be able to describe when and how to use encryption in .NET.
Trusted versus SQL Authentication

After watching this video; you will be able to identify the SQL Server authentication models.
Web Parameter Tampering Mitigation

After watching this video; you will be able to describe how to mitigate web parameter tampering in ASP.NET MVC and JavaScript.
Multi-factor Authentication

After watching this video; you will be able to describe Multi-Factor Authentication and how it can be implemented in ASP.NET MVC.
Defense in Depth

After watching this video; you will be able to define the Defense in Depth principle.
OWASP Top 10: A4 Apply Least Privilege

After watching this video, you will be able to demonstrate how to apply the least privilege principle.
OWASP Top 10: A9 Vulnerabilities

After watching this video, you will be able to review different types of vulnerabilities.
OWASP Top 10: A5 Monitoring

After watching this video, you will be able to demonstrate how to monitor for vulnerabilities.
OWASP Top 10: A3 - Reviewing XSS Attacks

After watching this video, you will be able to review an XSS attack.
OWASP Top 10: A7 - Analyzing Log Rotation Files

After watching this video, you will be able to analyze Linux log rotation files for a Linux web server.
OWASP Top 10: A6 - Analyzing Sensitive Network Traffic

After watching this video, you will be able to analyze sensitive network traffic in Linux.
OWASP Top 10: A6 - Sensitive Data Exposure Exploits

After watching this video, you will be able to review how sensitive data exposure can be exploited and what kind of access is needed to exploit it.
OWASP Top 10: A9 - Shopping Cart Component Flaw

After watching this video, you will be able to purchase merchandise at an unauthorized discount.
OWASP Top 10: A1 - Execute a SQL Injection Attack

After watching this video, you will be able to inject SQL commands into a web form field.
OWASP Top 10: A5 - Configure a Web Application Firewall

After watching this video, you will be able to enable protection for a web app through a WAF.
OWASP Top 10: A2 - Exploit Password Reset Pages

After watching this video, you will be able to retrieve sensitive data through password reset pages.
OWASP Top 10: A6 - Demonstrating Sensitive Exposure Attacks

After watching this video, you will be able to provide examples of sensitive data exposure attacks.
OWASP Top 10: A7 - Scan for Web Servers

After watching this video, you will be able to use nmap to scan a network.
OWASP Top 10: A7 - Analyze HTTP Traffic Using WireShark

After watching this video, you will be able to describe the client/server HTTP exchange.
OWASP Top 10: A7 - Scan a Web App for Vulnerabilities

After watching this video, you will be able to use online web app scanners.
OWASP Top 10: A10 and A9 Security Risks

After watching this video, you will be able to describe what A10 and A9 are and how they affect web application security.
OWASP Top 10: A9 - Vulnerable Component Attacks

After watching this video, you will be able to provide examples of vulnerable component attacks.
OWASP Top 10: A9 - Vulnerable Component Impacts

After watching this video, you will be able to list the technical and business impacts of vulnerable components.
OWASP Top 10: A9 - Vulnerable Component Detection

After watching this video, you will be able to describe how easy it is to detect vulnerable components and how common they are.
OWASP Top 10: A4 - Use Forced Browsing to Access Data

After watching this video, you will be able to guess URLs and parameters to gain access to web pages and data.
OWASP Top 10: A9 - Vulnerable Component Exploits

After watching this video, you will be able to describe how vulnerable components can be exploited and what kind of access is needed to exploit them.
OWASP Top 10: A10 - Unprotected API Impacts

After watching this video, you will be able to list the technical and business impacts of underprotected APIs.
OWASP Top 10: A10 - Underprotected API Detection

After watching this video, you will be able to describe how easy it is to detect underprotected APIs and how common they are.
OWASP Top 10: A10 - Underprotected API Exploits

After watching this video, you will be able to describe how underprotected APIs can be exploited and what kind of access is needed to exploit it.
OWASP Top 10: A10 - Underprotected APIs

After watching this video, you will be able to define what an underprotected API is.
OWASP Top 10: How can A5 and A1 be exploited

After watching this video, you will be able to explain how A5 and A1 can be exploited by attackers.
OWASP Top 10: A1 - Injection Attacks

After watching this video, you will be able to provide examples of Injection attacks.
OWASP Top 10: A1 - Injection Impacts

After watching this video, you will be able to list the technical and business impacts of injection attacks.
OWASP Top 10: A1 - Injection Detection

After watching this video, you will be able to describe how easy it is to detect injection and how common it is.
OWASP Top 10: A9 - Using Components With Known Vulnerabilities

After watching this video, you will be able to specify what a vulnerable component is.
OWASP Top 10: A10 - Unprotected API Examples

After watching this video, you will be able to provide examples of underprotected API attacks.
OWASP Top 10: A4 Overview

After watching this video, you will be able to describe A4 in general terms.
OWASP Top 10: A5 Overview

After watching this video, you will be able to describe A5 in general terms.
OWASP Top 10: A6 Overview

After watching this video, you will be able to describe A6 in general terms.
OWASP Top 10: A7 Overview

After watching this video, you will be able to describe A7 in general terms.
OWASP Top 10: A8 Overview

After watching this video, you will be able to describe A8 in general terms.
OWASP Top 10: A9 Overview

After watching this video, you will be able to describe A9 in general terms.
OWASP Top 10: A10 Overview

After watching this video, you will be able to describe A10 in general terms.
OWASP Top 10: A2 - Session Management Attacks

After watching this video, you will be able to provide examples of Broken Authentication and Session Management attacks.
OWASP Top 10: A2 -Session Management Impacts

After watching this video, you will be able to the technical and business impacts of Broken Authentication and Session Management.
OWASP Top 10: A1 - Injection Exploits

After watching this video, you will be able to specify how injection can be exploited and what kind of access is needed to exploit it.
OWASP Top 10: A1 - Injection

After watching this video, you will be able to explain what Injection is.
OWASP Top 10: A5 - Security Misconfiguration Attacks

After watching this video, you will be able to provide examples of Security Misconfiguration attacks.
OWASP Top 10: A5 - Security Misconfiguration Impacts

After watching this video, you will be able to list the technical and business impacts of security misconfigurations.
OWASP Top 10: A5 - Security Misconfiguration Detection

After watching this video, you will be able to recognize how easy it is to detect security misconfigurations and how common they are.
OWASP Top 10: A5 - Security Misconfiguration Exploits

After watching this video, you will be able to specify how security misconfiguration can be exploited and what kind of access is needed to exploit it.
OWASP Top 10: A5 - Security Misconfigurations

After watching this video, you will be able to explain what Security Misconfigurations are.
OWASP Top 10: What Can An Attacker Do With A4 and A2

After watching this video, you will be able to what an attacker can access if they exploit A4 or A2.
OWASP Top 10: A2 - Session Management Vulnerability Detection

After watching this video, you will be able to how easy it is to detect Broken Authentication and Session Management and how common they are.
OWASP Top 10: A6 - Sensitive Data Exposure Attacks

After watching this video, you will be able to describe how various attacks can result in sensitive data exposure.
OWASP Top 10: A2 - Session Management Exploits

After watching this video, you will be able to how Broken Authentication and Session Management can be exploited and what kind of access is needed to exploit it.
OWASP Top 10: A2 - Broken Authentication and Session Management

After watching this video, you will be able to explain what Broken Authentication and Session Management is.
OWASP Top 10: A4 - Broken Access Control Attacks

After watching this video, you will be able to provide examples of Broken Access Control attacks.
OWASP Top 10: A4 - Broken Access Control Impacts

After watching this video, you will be able to the technical and business impacts of Broken Access Control.
OWASP Top 10: A4 - Broken Access Control Detection

After watching this video, you will be able to how easy it is to detect Broken Access Control and how common they are.
OWASP Top 10: A4 - Broken Access Control Exploits

After watching this video, you will be able to how Broken Access Control can be exploited and what kind of access is needed to exploit it.
OWASP Top 10: A4 - Broken Access Control

After watching this video, you will be able to explain what Broken Access Control is.
OWASP Top 10: Describe the Impact of A7 and A6

After watching this video, you will be able to describe the impact of these exploits on the business and technical sides.
OWASP Top 10: A6 - Sensitive Data Exposure Impacts

After watching this video, you will be able to list the technical and business impacts of sensitive data exposure.
OWASP Top 10: A6 - Sensitive Data Exposure Detection

After watching this video, you will be able to describe how easy it is to detect sensitive data exposure and how common it is.
OWASP Top 10: A6 - Sensitive Data Exposure Exploits Overview

After watching this video, you will be able to describe how sensitive data exposure can be exploited.
OWASP Top 10: A6 - Sensitive Data Exposure

After watching this video, you will be able to describe what sensitive data exposure is.
OWASP Top 10: A7 - Insufficient Attack Protection Attacks

After watching this video, you will be able to discuss attacks that take advantage of insufficient attack protection.
OWASP Top 10: A7 - Insufficient Attack Protection Impacts

After watching this video, you will be able to list the technical and business impacts of insufficient attack protection.
OWASP Top 10: A7 - Insufficient Attack Protection Detection

After watching this video, you will be able to detect insufficient attack protection and note how common it is.
OWASP Top 10: A7 - Insufficient Attack Protection Exploits

After watching this video, you will be able to exploit insufficient attack protection and what kind of access is needed to exploit it.
OWASP Top 10: A7 - Insufficient Attack Protection

After watching this video, you will be able to describe what insufficient attack protection is.
OWASP Top 10: Exploit CSRF and XSS

After watching this video, you will be able to describe how CSRF and XSS can be exploited by an attacker.
OWASP Top 10: A3 - XSS Attacks

After watching this video, you will be able to provide examples of XSS attacks.
OWASP Top 10: A3 - XSS Impacts

After watching this video, you will be able to list the technical and business impacts of XSS.
OWASP Top 10: A3 - XSS Detection

After watching this video, you will be able to detect XSS and how common it is.
OWASP Top 10: A3 - XSS Exploits

After watching this video, you will be able to exploit XSS and what kind of access is needed to exploit it.
OWASP Top 10: A3 - Cross-site Scripting (XSS)

After watching this video, you will be able to describe what Cross-site Scripting (XSS) is.
OWASP Top 10: A8 - CSRF Attacks

After watching this video, you will be able to provide examples of CSRF attacks.
OWASP Top 10: A8 - CSRF Impacts

After watching this video, you will be able to list technical and business impacts of CSRFs.
OWASP Top 10: A8 - CSRF Detection

After watching this video, you will be able to detect CSRF and how common they are.
OWASP Top 10: A8 - CSRF Exploits

After watching this video, you will be able to exploit CSRF and what kind of access is needed to exploit it.
OWASP Top 10: A8 - Cross-site Request Forgery (CSRF)

After watching this video, you will be able to explain what Cross-site Request Forgery (CSRF) is.
OWASP Top 10: List OWASP Top 10 Exploits

After watching this video, you will be able to describe all 10 exploits on the OWASP Top 10 list.
OWASP Top 10: A1 Overview

After watching this video, you will be able to describe A1 in general terms.
OWASP Top 10: A2 Overview

After watching this video, you will be able to describe A2 in general terms.
OWASP Top 10: A3 Overview

After watching this video, you will be able to describe A3 in general terms.

Join The 50,000+ Companies That Have Purchased Training from TrainUp.com

50K+ Companies Trained
Including 90% Of Fortune 500 Companies Have Purchased Training With TrainUp.com
300K+ Courses & Videos
Live Instructor-Led (Classroom & Virtual), Self-Paced E-learning & Custom OnSite Training Solutions From Leading Training Providers
800+ Expert Instructors
Industry-Leading Subject Matter Experts (SMEs).Tenured &
Award-Winning Instructor Network

Terms and Conditions

Please read these Terms and Conditions carefully before using Capital One Spring member exclusives (the “Service”) at TrainUp.com.

Your access to and use of the Service is conditioned upon your acceptance of and compliance with these Terms. These Terms apply to all Capital One Spring members who wish to access or use the Service and by accessing or using the Service you agree to be bound by these Terms.

This site uses cookies. We will never sell or rent your information. By signing up for a TrainUp.com account as a Capital One Spring member, you will receive emails in relationship to your content registration and monthly updates. You will only receive emails from TrainUp.com and never a third-party source.

By signing up for a free TrainUp.com account you will be asked to provide basic information about yourself and company, If you wish to purchase any product or service made available through the Service, you may be asked to supply certain additional information relevant to your purchase.

The Service may employ the use of third-party services to allow access to course contents. By submitting your information, you grant us the right to provide the information to these third parties as needed to support your use of the service.

You acknowledge and agree that TrainUp.com shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods or services available on or through any such third party web sites or services.

We may terminate or suspend your account and bar access to the service immediately, without prior notice or liability, under our sole discretion, for any reason whatsoever and without limitation, including but not limited to a breach of the Terms. If you wish to terminate your account, you may simply discontinue using the service.