Overview
The Secure Developer – Core Learning Path introduces application security’s fundamental and primary drivers. The curriculum provides individuals with an understanding of the importance of secure software development while preparing them to perform at the organizational level. Learners will gain in-depth knowledge of security principles, attacks, tools, and processes to develop secure software. By introducing the OWASP Top 10, learners are prepared to identify the most critical web application security risks, appropriately address those vulnerabilities, and prevent software flaws that enable cyberattacks.
Upon successful completion of this path, you will have the knowledge and skills to:
- Define the value of having secure applications
- Integrate secure software development practices into all phases of the software development lifecycle
- Explain the anatomy of an application attack
- Apply best practices to protect all components of the software
- Identify and mitigate the most common application security risks
- Implement a security strategy based on your organization’s risk
- Produce well-secured software
NOTE: This Learning Path is considered principal to all Elite Secure Developer Learning Paths. Learn and Skill labs are elective training modules that help transform concepts into tangible skills through hands-on, realistic examples of real-world threat scenarios.
Courses
- AWA 101 – Fundamentals of Application Security
- AWA 102 – Secure Software Concepts
- COD 102 – The Role of Software Security
- COD 103 – Creating Software Security Requirements
- COD 104 – Designing Secure Software
- COD 105 – Secure Software Development
- COD 106 – The Importance of Software Integration and Testing
- COD 107 – Secure Software Deployment
- COD 108 – Software Operations and Maintenance
- DES 232 – Mitigating OWASP 2021 Injection
- DES 233 – Mitigating OWASP 2021 Identification and Authentication Failures
- DES 234 – Mitigating OWASP 2021 Cryptographic Failures
- DES 235 – Mitigating OWASP 2021 Insecure Design
- DES 236 – Mitigating OWASP 2021 Broken Access Control
- DES 237 – Mitigating OWASP 2021 Security Misconfiguration
- DES 238 – Mitigating OWASP 2021 Server-Side Request Forgery (SSRF)
- DES 239 – Mitigating OWASP 2021 Software and Data Integrity Failures
- DES 240 – Mitigating OWASP 2021 Vulnerable and Outdated Components
- DES 241 – Mitigating OWASP 2021 Security Logging and Monitoring Failures
- LAB 113 – Identifying Cryptographic Failures
- LAB 115 – Identifying Reflective XSS
- LAB 119 – Identifying Persistent XSS
- LAB 120 – Identifying XML Injection
- LAB 121 – Identifying Vulnerable and Outdate Components
- LAB 123 – Identifying Vertical Privilege Escalation
- LAB 127 – Identifying Security Logging and Monitoring Failures
- LAB 129 – Identifying Error Message Containing Sensitive Information
- LAB 133 – Identifying Exposure of Sensitive Information Through Environmental Variables
- LAB 137 – Identifying Improper Authorization
Overview
The Secure Developer – Advanced Learning Path explores different models, standards, frameworks, and security concepts that you can use to understand security issues and improve the security posture of your applications. The curriculum provides individuals with an understanding of how to ensure security is part of software design. Learners will gain in-depth knowledge of security practices that must be considered within every phase of the development lifecycle to help secure software applications and data. By introducing the DevSecOps philosophies, learners are prepared to focus on time saving but effective techniques that maximize security resources all while shortening system development lifecycles and providing continuous delivery of high-quality software.
Upon successful completion of this path, you will have the knowledge and skills to:
- Use NIST and MITRE ATT&CK security frameworks to identify and categorize potential threats
- Identify and apply relevant cryptographic technologies to secure applications and data
- Apply techniques to remove architecture weak spots and avoid vulnerability propagation
- Implement a zero-trust architecture
- Create a threat model for application scenarios
- Manage identities, privileges, and secrets securely
- Understand, create, and articulate security requirements as part of a software requirement document
- Determine which types of automated tests should be performed at various stages of the SDLC
NOTE: This Learning Path is considered principal to all Elite Secure Developer Learning Paths. Learn and Skill labs are elective training modules that help transform concepts into tangible skills through hands-on, realistic examples of real-world threat scenarios.
Courses
- API 251 – Implementing Web Application and API Protection (WAAP)
- CYB 250 – Cyber Threat Hunting: Tactics, Techniques, and Procedures (TTP)
- CYB 310 – Using Cyber Supply Chain Risk Management(C-SCRM) to Mitigate Threats to IT/OT
- DES 204 – The Role of Cryptography in Application Development
- DES 212 – Architecture Risk Analysis and Remediation
- DES 311 – Creating Secure Application Architecture
- DES 361 – Mitigating LCNC (Low-Code/No-Code) Account Impersonation
- DES 362 – Mitigating LCNC (Low-Code/No-Code) Authorization Misuse
- DSO 212 – Fundamentals of Zero Trust Security
- DSO 302 – Automated Security Testing
- DSO 307 – Secure Secrets Management
- ENG 205 – Fundamentals of Threat Modeling
- ENG 211 – How to Create Application Security Design Requirements
- ENG 212 – Implementing Secure Software Operations
- ENG 312 – How to Perform a Security Code Review
- ENG 320 – Using the Software Composition Analysis (SCA) to Secure Open Source Components
Overview
The Elite Secure Developer –Ruby on Rails Learning Path includes a variety of security courses that are designed for those responsible for writing server-side web application logic in Ruby, around the frame rails. The curriculum provides best practices and techniques for secure application development.
Upon successful completion of this path, you will have the knowledge and skills to:
- Understand various classes of vulnerabilities
- Build strong session management
- Prevent vulnerabilities commonly found in Rails applications
NOTE: This Learning Path is considered tertiary to Core and Advanced Secure Developer Learning Paths. Learn and Skill labs are elective training modules that help transform concepts into tangible skills through hands-on, realistic examples of real-world threat scenarios.
Courses
- COD 251 – Defending AJAX-enabled Web Applications
- COD 255 – Creating Secure Code – Web API Foundations
- COD 256 – Creating Secure Code Ruby on Rails Foundations
- COD 259 – Node.js Threats and Vulnerabilities
- COD 352 – Creating Secure JavaScript and jQuery Code
- COD 361 – HTML5 Secure Threats
- COD 362 – HTML5 Built-In Security Features
- COD 363 – Securing HTML5 Data
- COD 364 – Security HTML5 Connectivity
- DES 207 – Mitigating OWASP API Security Top 10
- DSO 304 – Securing API Gateways in a DevSecOps Framework
- DSO 306 – Implementing Infrastructure as Code
- LAB 223 – Defending Node.js Applications Against SQL Injection
- LAB 233 – Defending Node.js Applications Against XSS
- LAB 242 – Defending Node.js Applications Against eXternal XML Entity (XXE) Vulnerabilities
- LAB 245 – Defending Node.js Applications Against Plaintext Password Storage
- LAB 246 – Defending Node.js Applications Against Weak AES ECB Mode Encryption
- LAB 247 – Defending Node.js Applications Against Weak PRNG
- LAB 248 – Defending Node.js Applications Against Parameter Tampering
- LAB 262 – Defending Node.js Applications Against Sensitive Information in Error Messages
- LAB 265 – Defending Node.js Applications Against Sensitive Information in Log Files
- LAB 269 – Defending Node.js Applications Against Deserialization of Untrusted Data
- LAB 273 – Defending Node.js Applications Against SSRF
- LAB 277 – Defending Node.js Applications Against Command Injection
- LAB 281 – Defending Node.js Applications Against Dangerous File Upload
- LAB 285 – Defending Node.js Applications Against RegEx DoS
- LAB 291 – Defending Node.js Applications Against Path Traversal
- SDT 301 – Testing for Injection
- SDT 303 – Testing for Cryptographic Failures
Overview
Learning paths may include elective course content that is not required to complete SI-CSC certification exams successfully. These additional courses are suggested based on alignment with the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. To understand how courses map to this framework, please contact us.
Courses
- COD 257 – Creating Secure Python Web Applications
- COD 283 – Java Cryptography
- COD 284 – Secure Java Coding
- COD 287 – Java Application Server Hardening
- DES 101 – Fundamentals of Secure Architecture
- LAB 111 – Identifying Server-Side Request Forgery
- LAB 114 – Identifying Cookie Tampering
- LAB 116 – Identifying Forceful Browsing
- LAB 117 – Identifying Hidden Form Field
- LAB 118 – Identifying Weak File Upload Validation
- LAB 122 – Identifying Insecure APIs
- LAB 123 – Identifying Vertical Privilege Escalation
- LAB 124 – Identifying Horizontal Privilege Escalation
- LAB 125 – Identifying Buffer Overflow
- LAB 126 – Identifying Information Leakage
- LAB 128 – Identifying Unverified Password Change
- LAB 130 – Identifying Generation of Predictable Numbers or Identifiers
- LAB 131 – Identifying Improper Restriction of XML External Entity Reference
- LAB 132 – Identifying Exposed Services
- LAB 134 – Identifying Plaintext Storage of a Password
- LAB 135 – Identifying URL Redirection to Untrusted Site
- LAB 136 – Identifying Improper Neutralization of Script in Attributes in a Web Page
- LAB 222 – Defending Python Applications Against SQL Injection
- LAB 228 – Defending Java Applications Against Weak AES ECB Mode Encryption
- LAB 229 – Defending Java Applications Against Weak PRNG
- LAB 230 – Defending Java Applications Against XSS
- LAB 231 – Defending Python Applications Against XSS
- LAB 234 – Defending Java Applications Against Parameter Tampering
- LAB 235 – Defending Java Applications Against Plaintext Password Storage
- LAB 236 – Defending Java Applications Against Sensitive Information in Error Messages
- LAB 237 – Defending Java Applications from SQL Injection
- LAB 240 – Defending Java Applications Against eXternal XML Entity (XXE) Vulnerabilities
- LAB 243 – Defending Python Applications Against eXternal XML Entity (XXE) Vulnerabilities
- LAB 244 – Defending Java Applications Against Security Misconfiguration
- LAB 249 – Defending Python Applications Against Plaintext Password Storage
- LAB 252 – Defending Python Applications Against Weak AES ECB Mode Encryption
- LAB 253 – Defending Python Applications Against Weak PRNG
- LAB 254 – Defending Python Applications Against Parameter Tampering
- LAB 261 – Defending Python Applications Against Sensitive Information in Error Messages
- LAB 263 – Defending Java Applications Against Sensitive Information in Log Files
- LAB 264 – Defending Python Applications Against Sensitive Information in Log Files
- LAB 267 – Defending Java Applications Against Deserialization of Untrusted Data
- LAB 268 – Defending Python Applications Against Deserialization of Untrusted Data
- LAB 271 – Defending Java Applications Against SSRF
- LAB 272 – Defending Python Applications Against SSRF
- LAB 275 – Defending Java Applications Against Command Injection
- LAB 276 – Defending Python Applications Against Command Injection
- LAB 279 – Defending Java Applications Against Dangerous File Upload
- LAB 280 – Defending Python Applications Against Dangerous File Upload
- LAB 283 – Defending Java Applications Against RegEx DoS
- LAB 284 – Defending Python Applications Against RegEx DoS
- LAB 287 – Defending Java Applications Against Null Pointer Dereference
- LAB 289 – Defending Java Applications Against Path Traversal
- LAB 290 – Defending Python Applications Against Path Traversal
- LAB 293 – Defending Java Applications Against Integer Overflow
Learning Path Details
Number of Courses: 14
Number of Labs: 15
Total Duration: 9 hours
Total CPE Credits: 10