Training Course Updates

Staying Ahead of the Threatscape

With 200+ courses, Security Innovation has the most expansive and current software security curriculum in the industry. And just like the threat landscape, it’s constantly changing. That’s why we regularly release new and updated courses throughout the year.

Your voice matters

In addition to emerging trends, customer feedback largely drives course direction. If you would like a more detailed look at our roadmap, please contact us.

Planned Updates at a Glance

While slight changes might be made based on emerging threats and customer demand, our planned future releases include:

Learning Labs MiTRE ATT&CK Framework
Challenge-Based Learning Network-as-Code
Skills Assessment OWASP API
Digital Badges/Certificates OWASP Cloud
Journey Mapping Cyber Exploitation & Defense
Progress Tracking Ethical Hacking
Learning Channels Internet-of-Things

Q1 2021: Release Infographic

Released Course Updates

January 2021 Release

Our Q1 update entails a lot of new and updated content aimed at helping developers prevent certain vulnerabilities and protect data in a variety of development languages and platforms.
Enhanced coding interactions: make it easier to distill complex topics and commit knowledge to memory
Emerging Technologies: learn object-oriented and scripting languages that are quickly becoming industry mainstays
DevSecOps Practices: master tools and methods that calibrate agility with security
Secure Coding Interactivity: challenge developers to find and fix vulnerabilities in code based on learned knowledge

NEW COURSES

COD 287 – Java Application Server Hardening (NEW) COD 384 Protecting Java from Information Disclosure
COD 315 Preventing Vulnerabilities in iOS Code in Swift COD 385 Preventing Race Conditions in Java Code
COD 319 Preventing Vulnerabilities in Android Code in Java COD 386 Preventing Integer Overflows in Java Code
COD 324 Protecting C# from XML Injection

UPDATED COURSES

COD 255 Creating Secure Code – Web API Foundations COD 322 Protecting C# from SQLi
COD 302 Secure C Memory Management COD 323 Using encryption with C#

View Course Catalog

October 2020 Release

Released Courses

Our release this quarter focuses on two areas:

Information Security Compliance: maintain compliance with evolving frameworks and regulatory requirements while reducing organizational exposure
Emerging Technologies: learn object-oriented and scripting languages that are quickly becoming industry mainstays
DevSecOps Practices: master tools and methods that calibrate agility with security
Secure Coding Interactivity: challenge developers to find and fix vulnerabilities in code based on learned knowledge.

DES 206 – Meeting Cloud Governance and Compliance Requirements COD 285 – Develop Secure Angular Applications
DES 312 – Protecting Cardholder Data COD 286 – Creating Secure React User Interfaces
ENG 212 – Implementing Secure Software Operations COD 366 – Create Secure Kotlin Applications
TST 206 – ASVS Requirements for Developers DSO 306 – Implementing Infrastructure as Code
DSO 307 – Secure Secrets Management COD 206 – Creating Secure C++ Code
COD 201 – Secure C Encrypted Network Communications COD 307 – Protecting Data in C++
COD 202 – Secure C Run-Time Protection

View Course Catalog

July 2020 Release

Released Courses

Our release this quarter focuses on two areas:

DevOps: gaining specialized skills to master tools and optimize a DevOps workstream
Emerging Challenges: understand how to secure open-source software and privacy data

DSO 206 Identifying Threats to Containers and Data in a DevSecOps Framework DSO 303 Automating Security Updates
DSO 211 Securing the Open Source Software Supply Chain DSO 304 Securing API Gateways in a DevSecOps Framework
DSO 301 Orchestrating Secure System and Service Configuration DSO 305 Automating CI/CD Pipeline Compliance
DSO 302 Automated Security Testing ENG 151 Fundamentals of Privacy Protection

View Course Catalog

April 2020 Release

Released Courses

In an effort to help organizations improve resiliency of cyber-security environments and reduce cyber-attack surfaces we’ve released courses focused on applying security to components of the infrastructure.

We also introduced Blockchain, Supply Chain, Cloud DevSecOps, Risk Management, Penetration Testing, and OWASP Mobile & IoT courses.

DES 210 – Hardening Linux/Unix Systems DES 276 – OWASP M6: Mitigating Insecure Authorization
DES 305 – Protecting Existing Blockchain Assets DES 277 – OWASP M7: Mitigating Client Code Quality
DES 306 – Creating a Secure Blockchain Network DES 278 – OWASP M8: Mitigating Code Tampering
DSO 205 – Securing the COTS Supply Chain DES 279 – OWASP M9: Mitigating Reverse Engineering
DSO 253 – DevSecOps in the AWS Cloud DES 280 – OWASP M10: Mitigating Extraneous Functionality
DSO 254 – DevSecOps in the Azure Cloud DES 281 – OWASP IoT1: Mitigating Weak, Guessable or Hardccoded Passwords
ENG 352 – Categorizing Systems and Information within the RMF DES 282 – OWASP IoT2: Mitigating Insecure Network Services
ENG 353 – Selecting, Implementing and Assessing Controls within the RMF DES 283 – OWASP IoT3: Mitigating Insecure Ecosystem Interfaces
ENG 354 – Authorizing and Monitoring System Controls within the RMF DES 284 – OWASP IoT4: Mitigating Lack of Secure Update Mechanism
TST 301 – Infrastructure Penetration Testing DES 285 – OWASP IoT5: Mitigating Use of Insecure or Outdated Components
TST 302 – Application Penetration Testing DES 286 – OWASP IoT6: Mitigating Insufficient Privacy Protection
DES 271 – OWASP M1: Mitigating Improper Platform Usage DES 287 – OWASP IoT7: Mitigating Insecure Data Transfer and Storage
DES 272 – OWASP M2: Mitigating Insecure Data Storage DES 288 – OWASP IoT8: Mitigating Lack of Device Management
DES 273 – OWASP M3: Mitigating Insecure Communication DES 289 – OWASP IoT9: Mitigating Insecure Default Settings
DES 274 – OWASP M4: Mitigating Insecure Authentication DES 290 – OWASP IoT10: Mitigating Lack of Physical Hardening

View Course Catalog

January 2020 Release

Released Courses

In response to the increased complexity of modern software systems and attacker techniques getting more sophisticated, this quarter’s release focused primarily on specialized and advanced penetration testing best practices.

We also introduced DevOps, IoT and PCI courses.

DES 151 – Fundamentals of the PCI Secure SLC Standard TST 355 – Penetration Testing for Authorization Vulnerabilities
DES 255 – Securing the IoT Update Process TST 356 – Penetration Testing for XSS
DSO 201 – Fundamentals of Secure DevOps TST 357 – Penetration Testing for Hardcoded Secrets
TST 202 – Penetration Testing Fundamentals TST 358 – Penetration Testing Wireless Networks
TST 351 – Penetration Testing for TLS Vulnerabilities TST 359 – Penetration Testing Network Infrastructure
TST 352 – Penetration Testing for Injection Vulnerabilities TST 360 – Penetration Testing for Authentication Vulnerabilities
TST 353 – Penetration Testing for SQL Injection DES 255 – Securing the IoT Update Process
TST 354 – Penetration Testing for Memory Corruption Vulnerabilities

View Course Catalog

October 2019 Release

Released Courses

As security increasingly becomes a business risk issue, we introduced fundamental courses around the NIST Risk Management Framework (RMF), with more specialized and implementation-specific coverage planned for 2020.

We also introduced our first vulnerability scanning course, which was based on increasing customers’ need to achieve the breadth of test coverage across their entire portfolio of software/IT systems.

  • ENG 251 – Risk Management Foundations
  • ENG 351 – Preparing the Risk Management Framework
  • TST 205 – Performing Vulnerability Scans

UPDATED COURSES

Most of these courses include content updates for newer versions of technologies, programming languages, and methodologies. Design updates include improved interactivity such as drag and drop code exercises and real-world scenarios:

  • COD 141 – Fundamentals of Database Security
  • COD 160 – Fundamentals of Embedded Software Development
  • COD 256 – Creating Secure Code Ruby on Rails Foundations
  • COD 257 – Creating Secure Python Web Applications
  • DES 101 – Fundamentals of Secure Architecture
  • DES 212 – Architecture Risk Analysis and Remediation
  • DES 311 – Creating Secure Application Architecture
  • ENG 205 – Fundamentals of Threat Modeling
  • ENG 211 – How to Create Application Security Design Requirements
  • ENG 311 – Attack Surface Analysis and Reduction
  • ENG 312 – How to Perform a Security Code Review

View Course Catalog

July 2019 Release

Released Courses

This quarter’s theme was largely driven by the increased attack surface of cloud-based systems. We released courses so that teams could better defend architecture, code, and infrastructure.

  • DES 216 – Protecting Cloud Infrastructure
  • DES 218 – Protecting Microservices, Containers, and Orchestration
  • COD 251 – Defending AJAX-enabled Web Applications
  • COD 214 – Creating Secure GO Applications
  • COD 258 – Creating Secure PHP Web Applications
  • COD 267 – Securing Python Microservices

Foreign language versions
We also released the following Chinese (Simplified), Spanish (Latin America) and French (France/European) courses:

  • AWA 102 – Software Security Concepts
  • DES 222 – Applying OWASP 2017 Mitigating Injection
  • DES 223 – Applying OWASP 2017 Mitigating Broken Authentication
  • DES 224 – Applying OWASP 2017 Mitigating Sensitive Data Exposure
  • DES 225 – Applying OWASP 2017 Mitigating XML External Entities
  • DES 226 – Applying OWASP 2017 Mitigating Broken Access Control
  • DES 227 – Applying OWASP 2017 Mitigating Security Misconfiguration
  • DES 228 – Applying OWASP 2017 Mitigating Cross-Site Scripting
  • DES 229 – Applying OWASP 2017 Mitigating Insecure Deserialization
  • DES 230 – Applying OWASP 2017 Mitigating Use of Components with Known Vulnerabilities
  • DES 231 – Applying OWASP 2017 Mitigating Insufficient Logging and Monitoring
  • ENG 312 – How to Perform a Security Code Review
  • TST 201 – Testing for CWE SANS Top 25 Software Errors
  • TST 222 – Testing for OWASP 2017: Injection
  • TST 223 – Testing for OWASP 2017: Broken Authentication
  • TST 224 – Testing for OWASP 2017: Sensitive Data Exposure
  • TST 225 – Testing for OWASP 2017: XML External Entities
  • TST 226 – Testing for OWASP 2017: Broken Access Control\TST 227 – Testing for OWASP 2017: Security Misconfiguration
  • TST 228 – Testing for OWASP 2017: Cross-Site Scripting
  • TST 229 – Testing for OWASP 2017: Insecure Deserialization
  • TST 230 – Testing for OWASP 2017: Use of Components with Known Vulnerabilities
  • TST 231 – Testing for OWASP 2017: Insufficient Logging and Monitoring

UPDATED COURSES

We updated many of our secure coding courses to provide more interactivity and updates to a specific syntax.

  • COD 110 – Fundamentals of Secure Mobile Development
  • COD 152 – Fundamentals of Secure Cloud Development
  • COD 242 – Creating Secure SQL Server and Azure Server Database Applications
  • COD 253 – Creating Secure AWS Cloud Applications
  • COD 254 – Creating Secure Azure Applications
  • COD 317 – Creating Secure iOS Code in Swift
  • COD 318 – Creating Secure Android Code in Java
  • COD 352 – Creating Secure JavaScript and jQuery Code

MODULARIZED COURSES

Creating Secure ASP.NET Applications Series

  • COD 308 – Common ASP.NET Vulnerabilities and Attacks
  • COD 309 – Securing ASP.NET MVC Applications

View Course Catalog

April 2019 Release

Released Courses

This quarter’s releases and updates were primarily focused on securing and defending infrastructure, with a focus on IoT.

  • COD 284 – Secure Java Coding
  • ENG 150 – Meeting Confidentiality, Integrity and Availability Requirements
  • DES 214 – Securing Infrastructure Architecture
  • DES 215 – Defending Infrastructure

UPDATED COURSES

Insecure IoT Series
We updated our Insecure IoT Series to help IT teams secure interfaces, communications, network services, firmware, and authentication/authorization schemes.

  • COD 225 – Insecure IoT Web Interfaces
  • COD 226 – Insecure IoT Authentication and Authorization
  • COD 227 – Insecure IoT Network Services
  • COD 228 – Insecure IoT Communications
  • COD 229 – Insecure IoT Mobile Interface
  • COD 230 – Insecure IoT Firmware

As part of our commitment to timely content, these courses have also undergone updates related to code syntax, design, and interactivity.

  • COD 262 – Fundamentals of Shell and Interpreted Language Security
  • COD 283 – Java Cryptography
  • TST 101 – Fundamentals of Security Testing
  • COD 261 – Threats to Scripts

MODULARIZED COURSES

PCI DSS Series
Previously one course, our PCI DSS v3.2 Best Practices for Developers course has been broken down into four micro-courses:

  • COD 246 – PCI DSS 3: Protecting Stored Cardholder Data
  • COD 247 – PCI DSS 4: Encrypting Transmission of Cardholder Data
  • COD 248 – PCI DSS 6: Develop & Maintain Secure Systems and Applications
  • COD 249 – PCI DSS 11: Regularly Test Security Systems and Processes

Fundamentals of SDLC Security Series
Rather than having to learn all concepts at once, we broke this down into more focused topics for streamlined training.

  • COD 102 – The Role of Software Security
  • COD 103 – Creating Software Security Requirements
  • COD 104 – Designing Secure Software
  • COD 105 – Secure Software Development
  • COD 106 – The Importance of Integration and Testing
  • COD 107 – Secure Software Deployment
  • COD 108 – Software Operations and Maintenance

Secure Scripting Series
Previously one course, we broke this down into four language-specific modules.

  • COD 263 – Secure Bash Scripting
  • COD 264 – Secure Perl Scripting
  • COD 265 – Secure Python Scripting
  • COD 266 – Secure Ruby Scripting

View Course Catalog