Overview
The Secure Developer – Core Learning Path introduces application security’s fundamental and primary drivers. The curriculum provides individuals with an understanding of the importance of secure software development while preparing them to perform at the organizational level. Learners will gain in-depth knowledge of security principles, attacks, tools, and processes to develop secure software. By introducing the OWASP Top 10, learners are prepared to identify the most critical web application security risks, appropriately address those vulnerabilities, and prevent software flaws that enable cyberattacks.
Upon successful completion of this path, you will have the knowledge and skills to:
- Define the value of having secure applications
- Integrate secure software development practices into all phases of the software development lifecycle
- Explain the anatomy of an application attack
- Apply best practices to protect all components of the software
- Identify and mitigate the most common application security risks
- Implement a security strategy based on your organization’s risk
- Produce well-secured software
NOTE: This Learning Path is considered principal to all Elite Secure Developer Learning Paths. Learn and Skill labs are elective training modules that help transform concepts into tangible skills through hands-on, realistic examples of real-world threat scenarios.
Courses
- AWA 101 – Fundamentals of Application Security
- AWA 102 – Secure Software Concepts
- COD 102 – The Role of Software Security
- COD 103 – Creating Software Security Requirements
- COD 104 – Designing Secure Software
- COD 105 – Secure Software Development
- COD 106 – The Importance of Software Integration and Testing
- COD 107 – Secure Software Deployment
- COD 108 – Software Operations and Maintenance
- DES 232 – Mitigating OWASP 2021 Injection
- DES 233 – Mitigating OWASP 2021 Identification and Authentication Failures
- DES 234 – Mitigating OWASP 2021 Cryptographic Failures
- DES 235 – Mitigating OWASP 2021 Insecure Design
- DES 236 – Mitigating OWASP 2021 Broken Access Control
- DES 237 – Mitigating OWASP 2021 Security Misconfiguration
- DES 238 – Mitigating OWASP 2021 Server-Side Request Forgery (SSRF)
- DES 239 – Mitigating OWASP 2021 Software and Data Integrity Failures
- DES 240 – Mitigating OWASP 2021 Vulnerable and Outdated Components
- DES 241 – Mitigating OWASP 2021 Security Logging and Monitoring Failures
- LAB 101 – Identifying Broken Access Control Vulnerabilities
- LAB 103 – Identifying Broken User Authentication Vulnerabilities
- LAB 106 – Identifying Cross-Site Scripting Vulnerabilities
- LAB 107 – Identifying Injection Vulnerabilities
- LAB 109 – Identifying Security Misconfiguration Vulnerabilities
- LAB 110 – Identifying Sensitive Data Exposure Vulnerability Identification
- LAB 113 – Identifying Cryptographic Failures
- LAB 115 – Identifying Reflective XSS
- LAB 119 – Identifying Persistent XSS
- LAB 120 – Identifying XML Injection
- LAB 121 – Identifying Vulnerable and Outdate Components
- LAB 127 – Identifying Security Logging and Monitoring Failures
- LAB 129 – Identifying Error Message Containing Sensitive Information
- LAB 133 – Identifying Exposure of Sensitive Information Through Environmental Variables (NEW)
Overview
The Secure Developer – Advanced Learning Path explores different models, standards, frameworks, and security concepts that you can use to understand security issues and improve the security posture of your applications. The curriculum provides individuals with an understanding of how to ensure security is part of software design. Learners will gain in-depth knowledge of security practices that must be considered within every phase of the development lifecycle to help secure software applications and data. By introducing the DevSecOps philosophies, learners are prepared to focus on time saving but effective techniques that maximize security resources all while shortening system development lifecycles and providing continuous delivery of high-quality software.
Upon successful completion of this path, you will have the knowledge and skills to:
- Use NIST and MITRE ATT&CK security frameworks to identify and categorize potential threats
- Identify and apply relevant cryptographic technologies to secure applications and data
- Apply techniques to remove architecture weak spots and avoid vulnerability propagation
- Implement a zero-trust architecture
- Create a threat model for application scenarios
- Manage identities, privileges, and secrets securely
- Understand, create, and articulate security requirements as part of a software requirement document
- Determine which types of automated tests should be performed at various stages of the SDLC
NOTE: This Learning Path is considered principal to all Elite Secure Developer Learning Paths. Learn and Skill labs are elective training modules that help transform concepts into tangible skills through hands-on, realistic examples of real-world threat scenarios.
Courses
- CYB 250 – Cyber Threat Hunting: Tactics, Techniques, and Procedures (TTP)
- CYB 310 – Using Cyber Supply Chain Risk Management(C-SCRM) to Mitigate Threats to IT/OT
- DES 204 – The Role of Cryptography in Application Development
- DES 212 – Architecture Risk Analysis and Remediation
- DES 311 – Creating Secure Application Architecture
- DSO 212 – Fundamentals of Zero Trust Security
- DSO 302 – Automated Security Testing
- DSO 307 – Secure Secrets Management
- ENG 205 – Fundamentals of Threat Modeling
- ENG 211 – How to Create Application Security Design Requirements
- ENG 212 – Implementing Secure Software Operations
- ENG 312 – How to Perform a Security Code Review
- ENG 320 – Using the Software Composition Analysis (SCA) to Secure Open Source Components
Overview
The Elite Secure Developer – Cloud Learning Path is designed for those responsible for the design, development, and deployment of cloud applications. The curriculum consists of a variety of courses that provide the knowledge and skills required to apply secure coding best practices in all phases of cloud application and platform development. Learners will gain a clear understanding of how to mitigate cloud computing risks. The Elite Secure Developer – Cloud Learning Path covers key application security topics, including:
- Big Data” and it introduces security challenges
- Cloud computing characteristics, service and deployment models, and regulatory requirements
- Platform-specific secure coding best practices including AWS, Azure, and/or GCP
NOTE: Secure Developer – Core and Advanced Learning paths are considered principal to all Elite Secure Developer Learning Paths. All Learn and Skill labs are elective training modules that help transform concepts into tangible skills through hands-on, realistic examples of real-world threat scenarios.
Courses
- COD 152 – Fundamentals of Secure Cloud Development
- COD 267 –Securing Python Microservices
- DES 206 – Meeting Cloud Governance and Compliance Requirements
- DES 215 – Defending Infrastructure
- DES 216 – Defending Cloud Infrastructure
- DES 218 – Protecting Microservices, Containers, and Orchestration
- DES 313 – Hardening a Kubernetes Cluster
- DES 314 – Hardening the Docker Engine
Overview
Learning paths may include elective course content that is not required to complete SI-CSC certification exams successfully. These additional courses are suggested based on alignment with the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. To understand how courses map to this framework, please contact us.
Courses
- API 210 – Mitigating APIs Lack of Resources & Rate Limiting
- API 211 – Mitigating APIs Broken Object Level Authorization
- API 213 – Mitigating APIs Mass Assignment
- API 214 – Mitigating APIs Improper Asset Management
- API 250 – Controlling Access to the Kubernetes API
- COD 214 – Creating Secure GO Applications
- COD 241 – Creating Secure Oracle Database Applications
- COD 252 – Securing Google Platform Applications & Data
- COD 253 – Creating Secure AWS Cloud Applications
- COD 254 – Creating Secure Azure Applications
- COD 255 – Creating Secure Code – Web API Foundations
- COD 259 – Node.js Threats and Vulnerabilities
- COD 261 – Threats to Scripts
- DES 101 – Fundamentals of Secure Architecture
- DES 207 – Mitigating OWASP API Security Top 10
- DES 208 – Defending Against the CSA Top 11 Threats to Cloud Computing
- DES 209 – Authentication and Lifecycle Management
- DES 214 – Securing Infrastructure Architecture
- DES 219 – Securing Google’s Firebase Platform
- DES 261 – Securing Serverless Environments
- DES 281 – OWASP IoT1: Mitigating Weak, Guessable or Hardcoded Passwords
- DES 282 – OWASP IoT2: Mitigating Insecure Network Services
- DES 283 – OWASP IoT3: Mitigating Insecure Ecosystem Interfaces
- DES 284 – OWASP IoT4: Mitigating Lack of Secure Update Mechanism
- DES 285 – OWASP IoT5: Mitigating Use of Insecure or Outdated Components
- DES 286 – OWASP IoT6: Mitigating Insufficient Privacy Protection
- DES 287 – OWASP IoT7: Mitigating Insecure Data Transfer and Storage
- DES 288 – OWASP IoT8: Mitigating Lack of Device Management
- DES 289 – OWASP IoT9: Mitigating Insecure Default Settings
- DES 290 – OWASP IoT10 Mitigating Lack of Physical Hardening
- DSO 211 – Identifying threats to containers in a DevSecOps Framework
- DSO 253 – DevSecOps in the AWS cloud
- DSO 254 – DevSecOps in the azure cloud
- DSO 256 – DevSecOps in the Google Cloud Platform
- DSO 301 – Orchestrating Secure System and Service Configuration
- DSO 304 – Securing API Gateways in a DevSecOps Framework
- DSO 305 – Automating CI/CD Pipeline Compliance
- DSO 306 – Implementing Infrastructure as Code
- ENG 311 – Attack Surface Analysis & Reduction
- LAB 102 – Identifying Broken Object-Level Authorization Vulnerabilities
- LAB 104 – Identifying Business Logic Flaw Vulnerabilities
- LAB 105 – Identifying Credential Dumping Vulnerabilities
- LAB 108 – Identifying Reverse Engineering Vulnerabilities
- LAB 111 – Identifying Server-Side Request Forgery
- LAB 122 – Identifying Insecure APIs
- LAB 123 – Identifying Vertical Privilege Escalation
- LAB 131 – Identifying Improper Restriction of XML External Entity Reference
- LAB 132 – Identifying Exposed Services
- LAB 134 – Identifying Plaintext Storage of a Password
- LAB 135 – Identifying URL Redirection to Untrusted Site
- LAB 136 – Identifying Improper Neutralization of Script in Attributes in a Web Page
- LAB 137 – Identifying Improper Authorization
- LAB 138 – Identifying Authorization Bypass Through User-Controlled Key
- LAB 139 – Identifying Use of a Key Past its Expiration Date
- LAB 310 – ATT&CK: File and Directory Permissions Modification
- LAB 311 – ATT&CK: File and Directory Discovery
- LAB 315 – ATT&CK: Updating Vulnerable Java Web Application Server Software
- LAB 321 – ATT&CK: Password Cracking
- LAB 322 – ATT&CK: Exploiting Windows File Sharing Server with External Remote Services
- LAB 323 – ATT&CK: Exploiting Vulnerable Java Web Application Server Software
- LAB 324 – ATT&CK: Exploiting Java Web Application Server Misconfiguration
- LAB 330 – ATT&CK: Exploiting Java SQL Injection to Extract Password Hashes
- LAB 331 – ATT&CK: Network Service Discovery
- LAB 332 – ATT&CK: Network Share Discovery
- LAB 334 – ATT&CK: Create Account
- LAB 335 – ATT&CK: Unsecured Credentials
- LAB 336 – ATT&CK Data from Local System
- LAB 337 – ATT&CK Valid Accounts
Learning Path Details
Number of Courses: 8
Total Duration: 3 hours
Total CPE Credits: 4