Q4 CMD+CTRL UPDATE: 3 NEW COURSES AND 10 NEW LABS
Security Innovation is proud to announce the addition of thirteen new courses and labs to the CMD+CTRL training catalog for Q4 2023. These offerings focus on alternative development methods, the next generation of Web Application Firewall, Secure Coding labs based on CWE Top 25 vulnerabilities, and MITRE ATT&CK® Enterprise Techniques and Mitigations. This new content will be available to learners on October 17, 2023.
The content release includes:
- 3 New Courses
- 8 IDE Code Correct Skill Labs
- 2 MITRE ATT&CK® Skill Labs
- 1 Updated Course
In addition, we have deprecated ten learn labs and replaced them with specific and more relevant use cases for each vulnerability category.
New CMD+CTRL Courses
As always, CMD+CTRL courses provide learners with a foundational understanding of the latest issues faced by software development organizations. This quarter, we focus on leveraging Self-Service App Portals, Web Applications, and API Protection Services.
API 251 – Implementing Web Application and API Protection (WAAP)
API security breaches are on the rise, with nearly 2/3 of all cloud breach incidents involving misconfigured APIs. The release of API 251 – Implementing Web Application and API Protection (WAAP) is timely, providing learners with the knowledge and skills to implement Web Applications and API Protection (WAAP) securely.
Mitigating LCNC (Low-Code/No-Code) Vulnerabilities
With the projected growth of Low-Code/No-Code (LCNC) platforms, Security Innovation releases two courses introducing the most prominent security and privacy risks for low-code/no-code applications, as described by the OWASP Low-code/No-code Top 10 guidelines.
DES 361 – Mitigating LCNC (Low-Code/No-Code) Account Impersonation
This course provides learners with the knowledge and skills to mitigate the risks associated with Low-code/No-code (LCNC) Account impersonation, aligning with the OWASP Low-code/No-code Top 10 guidelines.
DES 362 – Mitigating LCNC (Low-Code/No-Code) Authorization Misuse
This course is designed to educate learners on mitigating the risks associated with LCNC Authorization Misuse and is aligned with the OWASP Low-code/No-code Top 10 guidelines.
New CMD+CTRL Skill Labs
Our eight new secure coding Skill Labs are available only in CMD+CTRL Base Camp and use an IDE to find and correct insecure code based on vulnerabilities related to null pointer dereference, path traversal, and integer overflow. Additionally, we are introducing two new labs based on tactics used by adversaries related to credential access and mitigations, as described by the MITRE ATT&CK® Framework.
LAB 287, 288 – Defending Applications Null Pointer Dereference
This lab assesses the learner’s ability to defend applications against null pointer dereference attacks that cause a crash or exit.
LAB 289, 290, 291, 292 – Defending Applications Against Path Traversal
This lab assesses the learner’s ability to defend applications against path traversal attacks.
LAB 293, 294 – Defending Applications Against Integer Overflow
This lab assesses the learner’s ability to defend Java applications against integer overflow attacks.
LAB 317 – ATT&CK: Testing for Plaintext Secrets in Files
This lab uses the MITRE ATT&CK® framework to help learners understand how attackers may search for improperly stored secrets in files.
LAB 318 – ATT&CK: Log Analysis
This lab assesses the learner’s ability to perform log analysis to detect anomalies.
To learn more about Skill and Learn Labs, click here.
For more information about course updates and enhancement details, click here.