Secure Code Training Courses: Features

Most extensive secure code training for developers and beyond.

With over 150 security courses, developers, architects, testers and operations teams are guaranteed to find the perfect fit. From beginner to expert, diverse roles and specialties, finding what you need is a breeze. Security Courses are offered with SaaS-based access or can be hosted on your LMS – whatever is easiest.

Hands-On Interactivity

Our application security training courses are not merely voice-over text or “talking heads.” They are purpose-built modules designed to present complex topics in an interactive, visually appealing way without compromising content integrity.

We strive to include as many complex interactions as possible. For example, we may include an input sanitation simulation to help illustrate the impact of a SQL Injection attack or ask a developer to debug a block of Java code to find the line that enables a reflective cross-site scripting vulnerability.

  • Training platform features at a glance
    • Industry’s largest and most updated software security coverage
    • WCAG and SCORM compliant
    • Ability to “test out” of courses
    • HTML5 responsive player for optimization on desktop, mobile, or tablet
    • Rich individual and group reporting
    • Self-host or opt for our fully-featured LMS
    • Knowledge checks, pre/post assessments
    • Customer Success Program ensures seamless rollout and ongoing ROI


  • Highly Interactive
    • Scenario-based interactions –  learners see results and/or consequences of their choices in a safe environment
    • Sorting exercises –  solidify contextual relationships by showing learner what to do as opposed to telling them
    • Drag & Drop Exercises – hands-on interaction with diagrams for a sense of control over the learning experience


  • Covers dozens of compliance mandates and standards
    • CSSLP: 140 courses covering 7 domains
    • CWE:  135 courses covering 37 weaknesses
    • OWASP:  140 courses covering each risk
    • NERC 89 courses covering 29 controls
    • GDPR 83 courses covering 6 Article
    • ISO 27001:  92 courses covering 67 controls
    • PCI DSS:  127 courses covering 39 requirement
    • NIST 800-53:  141 courses covering guidelines
    • PCI DSS:  127 courses covering 39 requirements
    • HIPAA:  55 courses covering 164.312, 164.308
    • NICE:  155 courses covering 3 categories and 10 areas
    • View all coverage or download compliance mapping
Evaluate our courses yourself. You'll be impressed.

Attack & Defend Approach

Unique in the industry, we combine eLearning courses with CMD+CTRL cyber ranges for a fun yet effective way to develop “Attack & Defend” habits. Similar to flight simulators for airline pilots, CMD+CTRL provides an authentic environment to hone skills after classroom/online training. It is not gamification or based on pattern matching – they are fully featured Web sites with real traffic, technologies, and social components that transform passive learners into formidable competitors. The skills transformation is revolutionary.

Maximize retention with holistic training by adding in CMD+CTRL Cyber Range

Vertical Specific Training

  • Retail

    In addition to our PCI Compliance and OWASP training, we offer all the latest and greatest Web and mobile technologies – and a retail cyber range for teams to practice newly acquired knowledge

  • Financial Services

    We’ve got industry’s largest DevOps and compliance coverage: OWASP, NIST, FS-ISAC, PCI, GDPR and more – plus three banking cyber ranges of increasing degree of difficulty!

  • Technology

    The pace of change with new technologies is dizzying – that is why we cover more than anyone else: cloud, mobile, IoT, web, embedded, containerization, and others. Our SaaS cyber range is the perfect place to assess your teams’ competency.

  • Healthcare

    The end-user and technical training that covers HIPAA fundamentals and security best practices. Perfect for technical and non-technical teams at hospitals, insurance providers, health tech companies, and hybrid entities.

  • Government

    Our short and hard-hitting Security Awareness offering quickly trains users while our technical program is designed for government agencies looking to adopt NIST or NICE Frameworks.