Overview
The Secure Developer – Core Learning Path introduces application security’s fundamental and primary drivers. The curriculum provides individuals with an understanding of the importance of secure software development while preparing them to perform at the organizational level. Learners will gain in-depth knowledge of security principles, attacks, tools, and processes to develop secure software. By introducing the OWASP Top 10, learners are prepared to identify the most critical web application security risks, appropriately address those vulnerabilities, and prevent software flaws that enable cyberattacks.
Upon successful completion of this path, you will have the knowledge and skills to:
- Define the value of having secure applications
- Integrate secure software development practices into all phases of the software development lifecycle
- Explain the anatomy of an application attack
- Apply best practices to protect all components of the software
- Identify and mitigate the most common application security risks
- Implement a security strategy based on your organization’s risk
- Produce well-secured software
NOTE: This Learning Path is considered principal to all Elite Secure Developer Learning Paths. Learn and Skill labs are elective training modules that help transform concepts into tangible skills through hands-on, realistic examples of real-world threat scenarios.
Courses
- AWA 101 – Fundamentals of Application Security
- AWA 102 – Secure Software Concepts
- COD 102 – The Role of Software Security
- COD 103 – Creating Software Security Requirements
- COD 104 – Designing Secure Software
- COD 105 – Secure Software Development
- COD 106 – The Importance of Software Integration and Testing
- COD 107 – Secure Software Deployment
- COD 108 – Software Operations and Maintenance
- DES 232 – Mitigating OWASP 2021 Injection
- DES 233 – Mitigating OWASP 2021 Identification and Authentication Failures
- DES 234 – Mitigating OWASP 2021 Cryptographic Failures
- DES 235 – Mitigating OWASP 2021 Insecure Design
- DES 236 – Mitigating OWASP 2021 Broken Access Control
- DES 237 – Mitigating OWASP 2021 Security Misconfiguration
- DES 238 – Mitigating OWASP 2021 Server-Side Request Forgery (SSRF)
- DES 239 – Mitigating OWASP 2021 Software and Data Integrity Failures
- DES 240 – Mitigating OWASP 2021 Vulnerable and Outdated Components
- DES 241 – Mitigating OWASP 2021 Security Logging and Monitoring Failures
- LAB 101 – Identifying Broken Access Control Vulnerabilities
- LAB 103 – Identifying Broken User Authentication Vulnerabilities
- LAB 106 – Identifying Cross-Site Scripting Vulnerabilities
- LAB 107 – Identifying Injection Vulnerabilities
- LAB 109 – Identifying Security Misconfiguration Vulnerabilities
- LAB 110 – Identifying Sensitive Data Exposure Vulnerability Identification
- LAB 113 – Identifying Cryptographic Failures
- LAB 115 – Identifying Reflective XSS
- LAB 119 – Identifying Persistent XSS
- LAB 120 – Identifying XML Injection
- LAB 121 – Identifying Vulnerable and Outdate Components
- LAB 127 – Identifying Security Logging and Monitoring Failures
- LAB 129 – Identifying Error Message Containing Sensitive Information
- LAB 133 – Identifying Exposure of Sensitive Information Through Environmental Variables (NEW)
Overview
Sorry, no courses available
Overview
Sorry, no courses available
Overview
Learning paths may include elective course content that is not required to complete SI-CSC certification exams successfully. These additional courses are suggested based on alignment with the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. To understand how courses map to this framework, please contact us.
Courses
- DES 101 – Fundamentals of Secure Architecture
- LAB 102 – Identifying Broken Object-Level Authorization Vulnerabilities
- LAB 104 – Identifying Business Logic Flaw Vulnerabilities
- LAB 105 – Identifying Credential Dumping: Vulnerability Identification
- LAB 108 – Identifying Reverse Engineering Vulnerabilities
- LAB 111 – Identifying Server-Side Request Forgery
- LAB 114 – Identifying Cookie Tampering
- LAB 116 – Identifying Forceful Browsing
- LAB 117 – Identifying Hidden Form Field
- LAB 118 – Identifying Weak File Upload Validation
- LAB 122 – Identifying Insecure APIs
- LAB 123 – Identifying Vertical Privilege Escalation
- LAB 124 – Identifying Horizontal Privilege Escalation
- LAB 125 – Identifying Buffer Overflow
- LAB 126 – Identifying Information Leakage
- LAB 128 – Identifying Unverified Password Change
- LAB 130 – Identifying Generation of Predictable Numbers or Identifiers
- LAB 131 – Identifying Improper Restriction of XML External Entity Reference (NEW)
- LAB 132 – Identifying Exposed Services (NEW)
- LAB 134 – Identifying Plaintext Storage of a Password
- LAB 135 – Identifying URL Redirection to Untrusted Site
- LAB 136 – Identifying Improper Neutralization of Script in Attributes in a Web Page
Learning Path Details
Number of Courses: 19
Number of Labs: 14
Total Duration: 5 Hours
Total CPE Credits: 7