Staying Ahead of the Threatscape
With 180+ courses, Security Innovation has the most expansive and current software security curriculum in the industry. And just like the threat landscape, it’s constantly changing. That’s why we regularly release new and updated courses throughout the year.
Your voice matters
In addition to emerging trends, customer feedback largely drives course direction. If you would like a more detailed look at our roadmap, please contact us.
Planned Updates at a Glance
While slight changes might be made based on emerging threats and customer demand, our planned future releases include:
![]() |
OWASP Mobile & IoT | ![]() |
OWASP Application Security Verification Standard (ASVS) |
![]() |
Securing browser-based JavaScript/Typescript |
![]() |
Application & infrastructure pen testing |
![]() |
Securing Blockchain assets and its network | ![]() |
Hardening Linux/Unix systems |
![]() |
Secure DevOps practices | ![]() |
PCI Secure Software Framework |
![]() |
Supply chain security | ![]() |
Privacy principles |
Released Course Updates
October 2020 Release
Our release this quarter focuses on key elements which initially shaped our 2020 Roadmap, including:
NEW COURSES
Information Security Compliance: maintain compliance with evolving frameworks and regulatory requirements while reducing organizational exposure
Emerging Technologies: learn object-oriented and scripting languages that are quickly becoming industry mainstays
DevSecOps Practices: master tools and methods that calibrate agility with security
UPDATED COURSES
Secure Coding Interactivity: challenge developers to find and fix vulnerabilities in code based on learned knowledge
July 2020 Release
Released Courses
Our release this quarter focuses on two areas:
DevOps: gaining specialized skills to master tools and optimize a DevOps workstream
Emerging Challenges: understand how to secure open-source software and privacy data
DSO 206 Identifying Threats to Containers and Data in a DevSecOps Framework | DSO 303 Automating Security Updates |
DSO 211 Securing the Open Source Software Supply Chain | DSO 304 Securing API Gateways in a DevSecOps Framework |
DSO 301 Orchestrating Secure System and Service Configuration | DSO 305 Automating CI/CD Pipeline Compliance |
DSO 302 Automated Security Testing | ENG 151 Fundamentals of Privacy Protection |
April 2020 Release
Released Courses
In an effort to help organizations improve resiliency of cyber-security environments and reduce cyber-attack surfaces we’ve released courses focused on applying security to components of the infrastructure.
We also introduced Blockchain, Supply Chain, Cloud DevSecOps, Risk Management, Penetration Testing, and OWASP Mobile & IoT courses.
DES 210 – Hardening Linux/Unix Systems | DES 276 – OWASP M6: Mitigating Insecure Authorization |
DES 305 – Protecting Existing Blockchain Assets | DES 277 – OWASP M7: Mitigating Client Code Quality |
DES 306 – Creating a Secure Blockchain Network | DES 278 – OWASP M8: Mitigating Code Tampering |
DSO 205 – Securing the COTS Supply Chain | DES 279 – OWASP M9: Mitigating Reverse Engineering |
DSO 253 – DevSecOps in the AWS Cloud | DES 280 – OWASP M10: Mitigating Extraneous Functionality |
DSO 254 – DevSecOps in the Azure Cloud | DES 281 – OWASP IoT1: Mitigating Weak, Guessable or Hardccoded Passwords |
ENG 352 – Categorizing Systems and Information within the RMF | DES 282 – OWASP IoT2: Mitigating Insecure Network Services |
ENG 353 – Selecting, Implementing and Assessing Controls within the RMF | DES 283 – OWASP IoT3: Mitigating Insecure Ecosystem Interfaces |
ENG 354 – Authorizing and Monitoring System Controls within the RMF | DES 284 – OWASP IoT4: Mitigating Lack of Secure Update Mechanism |
TST 301 – Infrastructure Penetration Testing | DES 285 – OWASP IoT5: Mitigating Use of Insecure or Outdated Components |
TST 302 – Application Penetration Testing | DES 286 – OWASP IoT6: Mitigating Insufficient Privacy Protection |
DES 271 – OWASP M1: Mitigating Improper Platform Usage | DES 287 – OWASP IoT7: Mitigating Insecure Data Transfer and Storage |
DES 272 – OWASP M2: Mitigating Insecure Data Storage | DES 288 – OWASP IoT8: Mitigating Lack of Device Management |
DES 273 – OWASP M3: Mitigating Insecure Communication | DES 289 – OWASP IoT9: Mitigating Insecure Default Settings |
DES 274 – OWASP M4: Mitigating Insecure Authentication | DES 290 – OWASP IoT10: Mitigating Lack of Physical Hardening |
January 2020 Release
Released Courses
In response to the increased complexity of modern software systems and attacker techniques getting more sophisticated, this quarter’s release focused primarily on specialized and advanced penetration testing best practices.
We also introduced DevOps, IoT and PCI courses.
DES 151 – Fundamentals of the PCI Secure SLC Standard | TST 355 – Penetration Testing for Authorization Vulnerabilities |
DES 255 – Securing the IoT Update Process | TST 356 – Penetration Testing for XSS |
DSO 201 – Fundamentals of Secure DevOps | TST 357 – Penetration Testing for Hardcoded Secrets |
TST 202 – Penetration Testing Fundamentals | TST 358 – Penetration Testing Wireless Networks |
TST 351 – Penetration Testing for TLS Vulnerabilities | TST 359 – Penetration Testing Network Infrastructure |
TST 352 – Penetration Testing for Injection Vulnerabilities | TST 360 – Penetration Testing for Authentication Vulnerabilities |
TST 353 – Penetration Testing for SQL Injection | DES 255 – Securing the IoT Update Process |
TST 354 – Penetration Testing for Memory Corruption Vulnerabilities |
October 2019 Release
Released Courses
As security increasingly becomes a business risk issue, we introduced fundamental courses around the NIST Risk Management Framework (RMF), with more specialized and implementation-specific coverage planned for 2020.
We also introduced our first vulnerability scanning course, which was based on increasing customers’ need to achieve the breadth of test coverage across their entire portfolio of software/IT systems.
- ENG 251 – Risk Management Foundations
- ENG 351 – Preparing the Risk Management Framework
- TST 205 – Performing Vulnerability Scans
UPDATED COURSES
Most of these courses include content updates for newer versions of technologies, programming languages, and methodologies. Design updates include improved interactivity such as drag and drop code exercises and real-world scenarios:
- COD 141 – Fundamentals of Database Security
- COD 160 – Fundamentals of Embedded Software Development
- COD 256 – Creating Secure Code Ruby on Rails Foundations
- COD 257 – Creating Secure Python Web Applications
- DES 101 – Fundamentals of Secure Architecture
- DES 212 – Architecture Risk Analysis and Remediation
- DES 311 – Creating Secure Application Architecture
- ENG 205 – Fundamentals of Threat Modeling
- ENG 211 – How to Create Application Security Design Requirements
- ENG 311 – Attack Surface Analysis and Reduction
- ENG 312 – How to Perform a Security Code Review
July 2019 Release
Released Courses
This quarter’s theme was largely driven by the increased attack surface of cloud-based systems. We released courses so that teams could better defend architecture, code, and infrastructure.
- DES 216 – Protecting Cloud Infrastructure
- DES 218 – Protecting Microservices, Containers, and Orchestration
- COD 251 – Defending AJAX-enabled Web Applications
- COD 214 – Creating Secure GO Applications
- COD 258 – Creating Secure PHP Web Applications
- COD 267 – Securing Python Microservices
Foreign language versions
We also released the following Chinese (Simplified), Spanish (Latin America) and French (France/European) courses:
- AWA 102 – Software Security Concepts
- DES 222 – Applying OWASP 2017 Mitigating Injection
- DES 223 – Applying OWASP 2017 Mitigating Broken Authentication
- DES 224 – Applying OWASP 2017 Mitigating Sensitive Data Exposure
- DES 225 – Applying OWASP 2017 Mitigating XML External Entities
- DES 226 – Applying OWASP 2017 Mitigating Broken Access Control
- DES 227 – Applying OWASP 2017 Mitigating Security Misconfiguration
- DES 228 – Applying OWASP 2017 Mitigating Cross-Site Scripting
- DES 229 – Applying OWASP 2017 Mitigating Insecure Deserialization
- DES 230 – Applying OWASP 2017 Mitigating Use of Components with Known Vulnerabilities
- DES 231 – Applying OWASP 2017 Mitigating Insufficient Logging and Monitoring
- ENG 312 – How to Perform a Security Code Review
- TST 201 – Testing for CWE SANS Top 25 Software Errors
- TST 222 – Testing for OWASP 2017: Injection
- TST 223 – Testing for OWASP 2017: Broken Authentication
- TST 224 – Testing for OWASP 2017: Sensitive Data Exposure
- TST 225 – Testing for OWASP 2017: XML External Entities
- TST 226 – Testing for OWASP 2017: Broken Access Control\TST 227 – Testing for OWASP 2017: Security Misconfiguration
- TST 228 – Testing for OWASP 2017: Cross-Site Scripting
- TST 229 – Testing for OWASP 2017: Insecure Deserialization
- TST 230 – Testing for OWASP 2017: Use of Components with Known Vulnerabilities
- TST 231 – Testing for OWASP 2017: Insufficient Logging and Monitoring
UPDATED COURSES
We updated many of our secure coding courses to provide more interactivity and updates to a specific syntax.
- COD 110 – Fundamentals of Secure Mobile Development
- COD 152 – Fundamentals of Secure Cloud Development
- COD 242 – Creating Secure SQL Server and Azure Server Database Applications
- COD 253 – Creating Secure AWS Cloud Applications
- COD 254 – Creating Secure Azure Applications
- COD 317 – Creating Secure iOS Code in Swift
- COD 318 – Creating Secure Android Code in Java
- COD 352 – Creating Secure JavaScript and jQuery Code
MODULARIZED COURSES
Creating Secure ASP.NET Applications Series
- COD 308 – Common ASP.NET Vulnerabilities and Attacks
- COD 309 – Securing ASP.NET MVC Applications
April 2019 Release
Released Courses
This quarter’s releases and updates were primarily focused on securing and defending infrastructure, with a focus on IoT.
- COD 284 – Secure Java Coding
- ENG 150 – Meeting Confidentiality, Integrity and Availability Requirements
- DES 214 – Securing Infrastructure Architecture
- DES 215 – Defending Infrastructure
UPDATED COURSES
Insecure IoT Series
We updated our Insecure IoT Series to help IT teams secure interfaces, communications, network services, firmware, and authentication/authorization schemes.
- COD 225 – Insecure IoT Web Interfaces
- COD 226 – Insecure IoT Authentication and Authorization
- COD 227 – Insecure IoT Network Services
- COD 228 – Insecure IoT Communications
- COD 229 – Insecure IoT Mobile Interface
- COD 230 – Insecure IoT Firmware
As part of our commitment to timely content, these courses have also undergone updates related to code syntax, design, and interactivity.
- COD 262 – Fundamentals of Shell and Interpreted Language Security
- COD 283 – Java Cryptography
- TST 101 – Fundamentals of Security Testing
- COD 261 – Threats to Scripts
MODULARIZED COURSES
PCI DSS Series
Previously one course, our PCI DSS v3.2 Best Practices for Developers course has been broken down into four micro-courses:
- COD 246 – PCI DSS 3: Protecting Stored Cardholder Data
- COD 247 – PCI DSS 4: Encrypting Transmission of Cardholder Data
- COD 248 – PCI DSS 6: Develop & Maintain Secure Systems and Applications
- COD 249 – PCI DSS 11: Regularly Test Security Systems and Processes
Fundamentals of SDLC Security Series
Rather than having to learn all concepts at once, we broke this down into more focused topics for streamlined training.
- COD 102 – The Role of Software Security
- COD 103 – Creating Software Security Requirements
- COD 104 – Designing Secure Software
- COD 105 – Secure Software Development
- COD 106 – The Importance of Integration and Testing
- COD 107 – Secure Software Deployment
- COD 108 – Software Operations and Maintenance
Secure Scripting Series
Previously one course, we broke this down into four language-specific modules.
- COD 263 – Secure Bash Scripting
- COD 264 – Secure Perl Scripting
- COD 265 – Secure Python Scripting
- COD 266 – Secure Ruby Scripting