Staying Ahead of the Threatscape
With 200+ courses, Security Innovation has the most expansive and current software security curriculum in the industry. And just like the threat landscape, it’s constantly changing. That’s why we regularly release new and updated courses throughout the year.
Your voice matters
In addition to emerging trends, customer feedback largely drives course direction. If you would like a more detailed look at our roadmap, please contact us.
Planned Updates at a Glance
While slight changes might be made based on emerging threats and customer demand, our planned future releases include:
 |
Learning Labs | |
MiTRE ATT&CK Framework |
|
Challenge-Based Learning | |
Network-as-Code |
|
Skills Assessment | |
OWASP API |
|
Digital Badges/Certificates | |
OWASP Cloud |
|
Journey Mapping | |
Cyber Exploitation & Defense |
|
Progress Tracking | |
Ethical Hacking |
|
Learning Channels | |
Internet-of-Things |
Released Course Updates
April 2021 Release
Our Q2 update entails a lot of new and updated content focuses on attack and test techniques teams need to safeguard their software and infrastructure.
Addition of MiTRE ATT&CK Framework coverage to understand attack techniques on software systems and infrastructure
“Shift Right” to examine exposure points from an external perspective and defend applications, servers, systems, networks, and data from malicious attacks
Consolidated related OWASP and CWE content based on the evolvement of new risks, weaknesses, vulnerabilities, and exploit techniques to eliminate redundancy
Identify and eliminate vulnerabilities during development to keep pace as development teams take on more test functions with new genre of courses; Software Development Testing (SDT)
NEW COURSES
January 2021 Release
Released Courses
Our release this quarter focuses on two areas:
Enhanced coding interactions: make it easier to distill complex topics and commit knowledge to memory
Emerging Technologies: learn object-oriented and scripting languages that are quickly becoming industry mainstays
DevSecOps Practices: master tools and methods that calibrate agility with security
Secure Coding Interactivity: challenge developers to find and fix vulnerabilities in code based on learned knowledge
| COD 287 – Java Application Server Hardening | COD 386 Preventing Integer Overflows in Java Code |
| COD 315 Preventing Vulnerabilities in iOS Code in Swift | COD 255 Creating Secure Code – Web API Foundations |
| COD 384 Protecting Java from Information Disclosure | COD 302 Secure C Memory Management |
| COD 385 Preventing Race Conditions in Java Code | COD 322 Protecting C# from SQLi |
| COD 319 Preventing Vulnerabilities in Android Code in Java | COD 323 Using encryption with C# |
| COD 324 Protecting C# from XML Injection |
October 2020 Release
Released Courses
Our release this quarter focuses on two areas:
Information Security Compliance: maintain compliance with evolving frameworks and regulatory requirements while reducing organizational exposure
Emerging Technologies: learn object-oriented and scripting languages that are quickly becoming industry mainstays
DevSecOps Practices: master tools and methods that calibrate agility with security
Secure Coding Interactivity: challenge developers to find and fix vulnerabilities in code based on learned knowledge.
| DES 206 – Meeting Cloud Governance and Compliance Requirements | COD 285 – Develop Secure Angular Applications |
| DES 312 – Protecting Cardholder Data | COD 286 – Creating Secure React User Interfaces |
| ENG 212 – Implementing Secure Software Operations | COD 366 – Create Secure Kotlin Applications |
| TST 206 – ASVS Requirements for Developers | DSO 306 – Implementing Infrastructure as Code |
| DSO 307 – Secure Secrets Management | COD 206 – Creating Secure C++ Code |
| COD 201 – Secure C Encrypted Network Communications | COD 307 – Protecting Data in C++ |
| COD 202 – Secure C Run-Time Protection | |
July 2020 Release
Released Courses
Our release this quarter focuses on two areas:
DevOps: gaining specialized skills to master tools and optimize a DevOps workstream
Emerging Challenges: understand how to secure open-source software and privacy data
| DSO 206 Identifying Threats to Containers and Data in a DevSecOps Framework | DSO 303 Automating Security Updates |
| DSO 211 Securing the Open Source Software Supply Chain | DSO 304 Securing API Gateways in a DevSecOps Framework |
| DSO 301 Orchestrating Secure System and Service Configuration | DSO 305 Automating CI/CD Pipeline Compliance |
| DSO 302 Automated Security Testing | ENG 151 Fundamentals of Privacy Protection |
April 2020 Release
Released Courses
In an effort to help organizations improve resiliency of cyber-security environments and reduce cyber-attack surfaces we’ve released courses focused on applying security to components of the infrastructure.
We also introduced Blockchain, Supply Chain, Cloud DevSecOps, Risk Management, Penetration Testing, and OWASP Mobile & IoT courses.
| DES 210 – Hardening Linux/Unix Systems | DES 276 – OWASP M6: Mitigating Insecure Authorization |
| DES 305 – Protecting Existing Blockchain Assets | DES 277 – OWASP M7: Mitigating Client Code Quality |
| DES 306 – Creating a Secure Blockchain Network | DES 278 – OWASP M8: Mitigating Code Tampering |
| DSO 205 – Securing the COTS Supply Chain | DES 279 – OWASP M9: Mitigating Reverse Engineering |
| DSO 253 – DevSecOps in the AWS Cloud | DES 280 – OWASP M10: Mitigating Extraneous Functionality |
| DSO 254 – DevSecOps in the Azure Cloud | DES 281 – OWASP IoT1: Mitigating Weak, Guessable or Hardccoded Passwords |
| ENG 352 – Categorizing Systems and Information within the RMF | DES 282 – OWASP IoT2: Mitigating Insecure Network Services |
| ENG 353 – Selecting, Implementing and Assessing Controls within the RMF | DES 283 – OWASP IoT3: Mitigating Insecure Ecosystem Interfaces |
| ENG 354 – Authorizing and Monitoring System Controls within the RMF | DES 284 – OWASP IoT4: Mitigating Lack of Secure Update Mechanism |
| TST 301 – Infrastructure Penetration Testing | DES 285 – OWASP IoT5: Mitigating Use of Insecure or Outdated Components |
| TST 302 – Application Penetration Testing | DES 286 – OWASP IoT6: Mitigating Insufficient Privacy Protection |
| DES 271 – OWASP M1: Mitigating Improper Platform Usage | DES 287 – OWASP IoT7: Mitigating Insecure Data Transfer and Storage |
| DES 272 – OWASP M2: Mitigating Insecure Data Storage | DES 288 – OWASP IoT8: Mitigating Lack of Device Management |
| DES 273 – OWASP M3: Mitigating Insecure Communication | DES 289 – OWASP IoT9: Mitigating Insecure Default Settings |
| DES 274 – OWASP M4: Mitigating Insecure Authentication | DES 290 – OWASP IoT10: Mitigating Lack of Physical Hardening |
January 2020 Release
Released Courses
In response to the increased complexity of modern software systems and attacker techniques getting more sophisticated, this quarter’s release focused primarily on specialized and advanced penetration testing best practices.
We also introduced DevOps, IoT and PCI courses.
| DES 151 – Fundamentals of the PCI Secure SLC Standard | TST 355 – Penetration Testing for Authorization Vulnerabilities |
| DES 255 – Securing the IoT Update Process | TST 356 – Penetration Testing for XSS |
| DSO 201 – Fundamentals of Secure DevOps | TST 357 – Penetration Testing for Hardcoded Secrets |
| TST 202 – Penetration Testing Fundamentals | TST 358 – Penetration Testing Wireless Networks |
| TST 351 – Penetration Testing for TLS Vulnerabilities | TST 359 – Penetration Testing Network Infrastructure |
| TST 352 – Penetration Testing for Injection Vulnerabilities | TST 360 – Penetration Testing for Authentication Vulnerabilities |
| TST 353 – Penetration Testing for SQL Injection | DES 255 – Securing the IoT Update Process |
| TST 354 – Penetration Testing for Memory Corruption Vulnerabilities |