Training Course Updates

Staying Ahead of the Threatscape

With 200+ courses, Security Innovation has the most expansive and current software security curriculum in the industry. And just like the threat landscape, it’s constantly changing. That’s why we regularly release new and updated courses throughout the year.

Your voice matters

In addition to emerging trends, customer feedback largely drives course direction. If you would like a more detailed look at our roadmap, please contact us.

Planned Updates at a Glance

While slight changes might be made based on emerging threats and customer demand, our planned future releases include:

Learning Labs MiTRE ATT&CK Framework
Challenge-Based Learning Network-as-Code
Skills Assessment OWASP API
Digital Badges/Certificates OWASP Cloud
Journey Mapping Cyber Exploitation & Defense
Progress Tracking Ethical Hacking
Learning Channels Internet-of-Things

Released Course Updates

April 2021 Release

Our Q2 update entails a lot of new and updated content focuses on attack and test techniques teams need to safeguard their software and infrastructure.
Addition of MiTRE ATT&CK Framework coverage to understand attack techniques on software systems and infrastructure
“Shift Right” to examine exposure points from an external perspective and defend applications, servers, systems, networks, and data from malicious attacks
Consolidated related OWASP and CWE content based on the evolvement of new risks, weaknesses, vulnerabilities, and exploit techniques to eliminate redundancy
Identify and eliminate vulnerabilities during development to keep pace as development teams take on more test functions with new genre of courses; Software Development Testing (SDT)

NEW COURSES

View Course Catalog

January 2021 Release

Released Courses

Our release this quarter focuses on two areas:

Enhanced coding interactions: make it easier to distill complex topics and commit knowledge to memory
Emerging Technologies: learn object-oriented and scripting languages that are quickly becoming industry mainstays
DevSecOps Practices: master tools and methods that calibrate agility with security
Secure Coding Interactivity: challenge developers to find and fix vulnerabilities in code based on learned knowledge

COD 287 – Java Application Server Hardening COD 386 Preventing Integer Overflows in Java Code
COD 315 Preventing Vulnerabilities in iOS Code in Swift COD 255 Creating Secure Code – Web API Foundations
COD 384 Protecting Java from Information Disclosure COD 302 Secure C Memory Management
COD 385 Preventing Race Conditions in Java Code COD 322 Protecting C# from SQLi
COD 319 Preventing Vulnerabilities in Android Code in Java COD 323 Using encryption with C#
COD 324 Protecting C# from XML Injection

View Course Catalog

October 2020 Release

Released Courses

Our release this quarter focuses on two areas:

Information Security Compliance: maintain compliance with evolving frameworks and regulatory requirements while reducing organizational exposure
Emerging Technologies: learn object-oriented and scripting languages that are quickly becoming industry mainstays
DevSecOps Practices: master tools and methods that calibrate agility with security
Secure Coding Interactivity: challenge developers to find and fix vulnerabilities in code based on learned knowledge.

DES 206 – Meeting Cloud Governance and Compliance Requirements COD 285 – Develop Secure Angular Applications
DES 312 – Protecting Cardholder Data COD 286 – Creating Secure React User Interfaces
ENG 212 – Implementing Secure Software Operations COD 366 – Create Secure Kotlin Applications
TST 206 – ASVS Requirements for Developers DSO 306 – Implementing Infrastructure as Code
DSO 307 – Secure Secrets Management COD 206 – Creating Secure C++ Code
COD 201 – Secure C Encrypted Network Communications COD 307 – Protecting Data in C++
COD 202 – Secure C Run-Time Protection

View Course Catalog

July 2020 Release

Released Courses

Our release this quarter focuses on two areas:

DevOps: gaining specialized skills to master tools and optimize a DevOps workstream
Emerging Challenges: understand how to secure open-source software and privacy data

DSO 206 Identifying Threats to Containers and Data in a DevSecOps Framework DSO 303 Automating Security Updates
DSO 211 Securing the Open Source Software Supply Chain DSO 304 Securing API Gateways in a DevSecOps Framework
DSO 301 Orchestrating Secure System and Service Configuration DSO 305 Automating CI/CD Pipeline Compliance
DSO 302 Automated Security Testing ENG 151 Fundamentals of Privacy Protection

View Course Catalog

April 2020 Release

Released Courses

In an effort to help organizations improve resiliency of cyber-security environments and reduce cyber-attack surfaces we’ve released courses focused on applying security to components of the infrastructure.

We also introduced Blockchain, Supply Chain, Cloud DevSecOps, Risk Management, Penetration Testing, and OWASP Mobile & IoT courses.

DES 210 – Hardening Linux/Unix Systems DES 276 – OWASP M6: Mitigating Insecure Authorization
DES 305 – Protecting Existing Blockchain Assets DES 277 – OWASP M7: Mitigating Client Code Quality
DES 306 – Creating a Secure Blockchain Network DES 278 – OWASP M8: Mitigating Code Tampering
DSO 205 – Securing the COTS Supply Chain DES 279 – OWASP M9: Mitigating Reverse Engineering
DSO 253 – DevSecOps in the AWS Cloud DES 280 – OWASP M10: Mitigating Extraneous Functionality
DSO 254 – DevSecOps in the Azure Cloud DES 281 – OWASP IoT1: Mitigating Weak, Guessable or Hardccoded Passwords
ENG 352 – Categorizing Systems and Information within the RMF DES 282 – OWASP IoT2: Mitigating Insecure Network Services
ENG 353 – Selecting, Implementing and Assessing Controls within the RMF DES 283 – OWASP IoT3: Mitigating Insecure Ecosystem Interfaces
ENG 354 – Authorizing and Monitoring System Controls within the RMF DES 284 – OWASP IoT4: Mitigating Lack of Secure Update Mechanism
TST 301 – Infrastructure Penetration Testing DES 285 – OWASP IoT5: Mitigating Use of Insecure or Outdated Components
TST 302 – Application Penetration Testing DES 286 – OWASP IoT6: Mitigating Insufficient Privacy Protection
DES 271 – OWASP M1: Mitigating Improper Platform Usage DES 287 – OWASP IoT7: Mitigating Insecure Data Transfer and Storage
DES 272 – OWASP M2: Mitigating Insecure Data Storage DES 288 – OWASP IoT8: Mitigating Lack of Device Management
DES 273 – OWASP M3: Mitigating Insecure Communication DES 289 – OWASP IoT9: Mitigating Insecure Default Settings
DES 274 – OWASP M4: Mitigating Insecure Authentication DES 290 – OWASP IoT10: Mitigating Lack of Physical Hardening

View Course Catalog

January 2020 Release

Released Courses

In response to the increased complexity of modern software systems and attacker techniques getting more sophisticated, this quarter’s release focused primarily on specialized and advanced penetration testing best practices.

We also introduced DevOps, IoT and PCI courses.

DES 151 – Fundamentals of the PCI Secure SLC Standard TST 355 – Penetration Testing for Authorization Vulnerabilities
DES 255 – Securing the IoT Update Process TST 356 – Penetration Testing for XSS
DSO 201 – Fundamentals of Secure DevOps TST 357 – Penetration Testing for Hardcoded Secrets
TST 202 – Penetration Testing Fundamentals TST 358 – Penetration Testing Wireless Networks
TST 351 – Penetration Testing for TLS Vulnerabilities TST 359 – Penetration Testing Network Infrastructure
TST 352 – Penetration Testing for Injection Vulnerabilities TST 360 – Penetration Testing for Authentication Vulnerabilities
TST 353 – Penetration Testing for SQL Injection DES 255 – Securing the IoT Update Process
TST 354 – Penetration Testing for Memory Corruption Vulnerabilities

View Course Catalog