John's Security: AppSec Certificates

1. Strategy
   1. Security Framework: NIST CSF from Pluralsight by Mike Woolard
2. CSSLP
   1. Secure Software Concepts for CSSLP® from Pluralsight by Kevin Henry
   2. Secure Software Implementation for CSSLP® from Pluralsight by Kevin Henry
   3. Secure Software Testing for CSSLP® from Pluralsight by Kevin Henry
   4. Secure Software Supply Chain for CSSLP® from Pluralsight by Kevin Henry
3. Developer Security Champion
   1. Introduction to Security Champion for Developers from Pluralsight by Kat DeLorean Seymour
   2. Developer Security Champion: OWASP Top 10 from Pluralsight by Kat DeLorean Seymour
   3. Developer Security Champion: API Security from Pluralsight by Gavin Johnson-Lynn
   4. Developer Security Champion: Data Protection Standards from Pluralsight by Kevin James
   5. Developer Security Champion: Encrypted Communications from Pluralsight by Henry Been
   6. Developer Security Champion: Secure Authentication Implementation from Pluralsight by Gavin Johnson-Lynn
   7. Developer Security Champion: Vulnerability Testing from Pluralsight by Christian Wenz
4. Programming
   1. OWASP Top 10: Broken Access Control from Codecademy
   2. OWASP Top 10: Identification and Authentication Failures from Codecademy
   3. Learn about CSRF Attacks from Codecademy
   4. OWASP Top 10 from Snyk
   5. Snyk Top 10 from Snyk
   6. Security for Developers from Snyk
5. Access
   1. Introduction to OAuth 2.0 and OpenID Connect from Pragmatic Web Security by Dr. Philippe De Ryck
   2. OAuth2 and OpenID Connect: Easy Now from Pluralsight by Roland Guijt
6. API
   1. API Security Architect from API Academy
7. Software Supply Chain Security (SSCS)
   1. Secure Coding: Using Components with Known Vulnerabilities from Pluralsight by Peter Mosmans
   2. Security Hot Takes: SBOMs from Pluralsight by Aaron Rosenmund, Brandon DeVault
   3. Saviynt Supply Chain Risk Management Training from KnowBe4
8. Container Security
   1. Painless Vulnerability Management from Chainguard
   2. Container Infrastructure Analysis with Trivy from Pluralsight by Zach Roof
9. Kubernetes
   1. Kubernetes Security: Cluster Setup from Pluralsight by Antonio Jesús Piedra
   2. Kubernetes Security: Cluster Hardening from Pluralsight by Erik Whitaker
   3. Kubernetes Security: Minimizing Microservice Vulnerabilities from Pluralsight by Justin Boyer
   4. Kubernetes Security: Implementing Supply Chain Security from Pluralsight by Antonio Jesús Piedra
10. DevOps
    1. Certified DevOps Information Security Engineer (DevOps-SEC) from DevOps Academy
11. SecOps
    1. Red Team Operations: Target and Capability Development from Pluralsight by Aaron Rosenmund
    2. Red Team Tools for Emulated Adversary Techniques with MITRE ATT&CK from Pluralsight by Aaron Rosenmund
    3. Blue Team Tools: Defense against Adversary Activity Using MITRE Techniques from Pluralsight by Aaron Rosenmund
    4. Detect, Prioritize, and Remediate Cloud Security Risks with Datadog CSM from Datadog
12. AWS
    1. AWS: Identity and Access Management from Whizlabs
    2. Introduction to AWS Identity and Access Management (IAM) from Simplilearn
    3. Introduction to AWS Trusted Advisor from Simplilearn
    4. Getting Started with AWS Security Hub from Simplilearn
    5. Introduction to AWS Security Token Services (STS) from Simplilearn
    6. Getting Started with AWS Control Tower from Simplilearn
13. Snyk
    1. Application Analysis with Snyk from Pluralsight by Hiren Gadhvi
14. Vulnerability Examples
    1. Apache Commons Text Vulnerability: What You Should Know from Pluralsight by Bri Frost, Brandon DeVault
    2. Atlassian RCE Vulnerabilities: What You Should Know from Pluralsight by Michael Teske, Matthew Lloyd Davies
    3. Log4j Vulnerability: What You Should Know from Pluralsight by Bri Frost, Brandon DeVault
    4. regreSSHion - an OpenSSH RCE Vulnerability: What You Should Know from Pluralsight by Michael Teske, Matthew Lloyd Davies
    5. XZ Backdoor Supply Chain Vulnerability: What You Should Know from Pluralsight by Aaron Rosenmund, Matthew Lloyd Davies

Strategy (1)

Security Framework: NIST CSF from Pluralsight by Mike Woolard

CSSLP (4)

Secure Software Concepts for CSSLP® from Pluralsight by Kevin Henry

Secure Software Implementation for CSSLP® from Pluralsight by Kevin Henry

Secure Software Testing for CSSLP® from Pluralsight by Kevin Henry

Secure Software Supply Chain for CSSLP® from Pluralsight by Kevin Henry

Developer Security Champion (7)

Introduction to Security Champion for Developers from Pluralsight by Kat DeLorean Seymour

Developer Security Champion: OWASP Top 10 from Pluralsight by Kat DeLorean Seymour

Developer Security Champion: API Security from Pluralsight by Gavin Johnson-Lynn

Developer Security Champion: Data Protection Standards from Pluralsight by Kevin James

Developer Security Champion: Encrypted Communications from Pluralsight by Henry Been

Developer Security Champion: Secure Authentication Implementation from Pluralsight by Gavin Johnson-Lynn

Developer Security Champion: Vulnerability Testing from Pluralsight by Christian Wenz

Programming (6)

OWASP Top 10: Broken Access Control from Codecademy

OWASP Top 10: Identification and Authentication Failures from Codecademy

Learn about CSRF Attacks from Codecademy

OWASP Top 10 from Snyk

Snyk Top 10 from Snyk

Security for Developers from Snyk

Access (2)

Introduction to OAuth 2.0 and OpenID Connect from Pragmatic Web Security by Dr. Philippe De Ryck

• John's Pragmatic Web Security online profile

OAuth2 and OpenID Connect: Easy Now from Pluralsight by Roland Guijt

API (1)

API Security Architect from API Academy

Software Supply Chain Security (SSCS) (3)

Secure Coding: Using Components with Known Vulnerabilities from Pluralsight by Peter Mosmans

Security Hot Takes: SBOMs from Pluralsight by Aaron Rosenmund, Brandon DeVault

Saviynt Supply Chain Risk Management Training from KnowBe4

Container Security (2)

Painless Vulnerability Management from Chainguard

• John's Credly online profile
• John's Chainguard online credential

Container Infrastructure Analysis with Trivy from Pluralsight by Zach Roof

Kubernetes (4)

Kubernetes Security: Cluster Setup from Pluralsight by Antonio Jesús Piedra

Kubernetes Security: Cluster Hardening from Pluralsight by Erik Whitaker

Kubernetes Security: Minimizing Microservice Vulnerabilities from Pluralsight by Justin Boyer

Kubernetes Security: Implementing Supply Chain Security from Pluralsight by Antonio Jesús Piedra

DevOps (1)

Certified DevOps Information Security Engineer (DevOps-SEC) from DevOps Academy

• John's DevOps Academy online credential

SecOps (4)

Red Team Operations: Target and Capability Development from Pluralsight by Aaron Rosenmund

Red Team Tools for Emulated Adversary Techniques with MITRE ATT&CK from Pluralsight by Aaron Rosenmund

Blue Team Tools: Defense against Adversary Activity Using MITRE Techniques from Pluralsight by Aaron Rosenmund

Detect, Prioritize, and Remediate Cloud Security Risks with Datadog CSM from Datadog

• John's Datadog online credential

AWS (6)

AWS: Identity and Access Management from Whizlabs

• John's Whizlabs online credential

Introduction to AWS Identity and Access Management (IAM) from Simplilearn

Introduction to AWS Trusted Advisor from Simplilearn

Getting Started with AWS Security Hub from Simplilearn

Introduction to AWS Security Token Services (STS) from Simplilearn

Getting Started with AWS Control Tower from Simplilearn

Snyk (1)

Application Analysis with Snyk from Pluralsight by Hiren Gadhvi

Vulnerability Examples (5)

Apache Commons Text Vulnerability: What You Should Know from Pluralsight by Bri Frost, Brandon DeVault

Atlassian RCE Vulnerabilities: What You Should Know from Pluralsight by Michael Teske, Matthew Lloyd Davies

Log4j Vulnerability: What You Should Know from Pluralsight by Bri Frost, Brandon DeVault

regreSSHion - an OpenSSH RCE Vulnerability: What You Should Know from Pluralsight by Michael Teske, Matthew Lloyd Davies

XZ Backdoor Supply Chain Vulnerability: What You Should Know from Pluralsight by Aaron Rosenmund, Matthew Lloyd Davies