Training Course Updates

Staying Ahead of the Threatscape

With 240+ courses and 100+ labs, Security Innovation has the industry’s most expansive and current software security curriculum. And just like the threat landscape, it’s constantly changing. That’s why we regularly release new and updated courses throughout the year.

In addition to emerging trends, customer feedback primarily drives course direction. Don’t hesitate to contact us for a more detailed look at our roadmap.

Quarterly Release Graphic

Q1 2024 Release

February 2024

Security Innovation is proud to add eleven new courses and labs to the CMD+CTRL training catalog in Q1 2024. Concentrating primarily on AI Privacy and Risk, .NET Programming, Secure Android Development, Secure Coding labs based on CWE Top 25 vulnerabilities, and Host Vulnerability Scanning. All new content will be available to learners on February 14, 2024.

This content release includes:

  • (2) New Courses
  • (8) IDE Code Correct Skill Labs
  • (1) MITRE ATT&CK® Skill Lab
  • (3) Updated Courses

 

NEW SKILL LABS

Our nine new Skill Labs are available only in CMD+CTRL Base Camp and use an IDE to find and correct insecure code based on vulnerabilities related to Canonicalization and XPath Injection.

Additionally, we are introducing three new labs based on specific techniques and mitigations described by the MITRE ATT&CK® Framework.

 

NEW COURSES

As always, CMD+CTRL courses grant learners a foundational understanding of the latest issues faced by software development organizations. This quarter, we focus on .NET programming and Generative Artificial Intelligence.

 

UPDATED COURSES

The following course has been updated to reflect any changes to the technology, platforms, products, or compliance requirements that may have occurred since the release of the prior course version. Content was revised and updated to enhance clarity, improve flow, and be more concise with new interactions added. For a detailed list of changes to each course, please get in touch with your Customer Success Manager directly.


2023 Quarterly Releases

Q4 2023 Release

October 2023

Security Innovation is proud to add thirteen new courses and labs to the CMD+CTRL training catalog for Q4 2023. Concentrating primarily on alternative development methods, the next generation of Web Application Firewall, Secure Coding labs based on CWE Top 25 vulnerabilities, and MITRE ATT&CK® Enterprise Techniques and Mitigations; all new content will be available to learners on October 17, 2023.

This content release includes:

  • (8) IDE Code Correct Skill Labs
  • (2) MITRE ATT&CK® Skill Labs
  • (3) New Courses
  • (1) Updated Course

In addition, we’ve deprecated ten learn labs and replaced them with specific and more relevant use cases for each vulnerability category.

NEW SKILL LABS

Our eight new Skill Labs are available only in CMD+CTRL Base Camp and use an IDE to find and correct insecure code based on vulnerabilities related to Null Pointer Dereference, Path Traversal, and Integer Overflow.

Additionally, we are introducing two new labs based on specific techniques and mitigations described by the MITRE ATT&CK® Framework.

 

NEW COURSES

As always, CMD+CTRL courses grant learners a foundational understanding of the latest issues faced by software development organizations. This quarter we focus on areas such as leveraging Self-Service App Portals, Web Applications, and API Protection Services.

 

UPDATED COURSES

The following course has been updated to reflect any changes to the technology, platforms, products, or compliance requirements that may have occurred since the release of the prior course version. Roughly 70% of the content was revised and updated to enhance clarity, improve flow, and be more concise with new interactions added. For a detailed list of changes to the course, please get in touch with your Customer Success Manager directly.

Q3 2023 Release

July 2023

Security Innovation is proud to add a combined twenty-one new courses and labs to the CMD+CTRL training catalog for Q3 2023. Concentrating primarily on NICE Framework Work Roles such as Software Developer, Network Operations Specialist, amongst several others; all new content will be available to learners on July 25, 2023. Focuses include Secure Software Development, Infrastructure Design, Systems Integration, Risk Management, Vulnerability Assessment, and several others.

This content release includes:

  • (12) IDE Code Correct Skill Labs
  • (2) MITRE ATT&CK Skill Labs
  • (3) Vulnerability Identification Learn Labs
  • (4) New Courses
  • (2) Updated Courses

In addition, we’ve deprecated one course based on Oracles announcement of their own deprecation of Java Security Manager.

NEW SKILL LABS

Our twelve new secure coding Skill Labs are available only in CMD+CTRL Base Camp and use an IDE to both find and correct insecure code based on vulnerabilities related to credential storage, input validation, and forced browsing.

Additionally, we are introducing two new labs based on techniques used by adversaries related to execute both Network Service Discovery and Software Discovery techniques as described by the MITRE ATT&CK® Framework.

 

NEW LEARN LABS

Learn Labs are fun, bite-sized simulations that sharpen the software security skills of your entire team. They’ll identify common application security vulnerabilities, understand their impacts, and exploit them all from the attacker’s point of view.
Consistent with Security Innovation’s overarching “Beyond the Code” mantra, Learn Labs keep organizations safe by highlighting vulnerabilities that can be recognized by most anyone involved in the SDLC — not just those closest to the code. Our focus this quarter is on vulnerabilities that can be found on a Cloud Infrastructure and Cloud-Native Applications.

 

NEW COURSES

As always, CMD+CTRL courses grant learners a foundational understanding of the latest issues faced by software development organizations. This quarter we focus on areas such as leveraging Artificial Intelligence, Cyber-Supply Chain Risk Management, Infrastructure-as-Code Security, and Java Programming.

 

UPDATED COURSES

The following are essential courses to our Java learning content. Each course has been updated to meet current graphic, interaction, and instructional design standards. Content has been changed to reflect any changes to the technology; platforms; products; or compliance requirements that may have occurred since release of the prior course version. For a detailed list of changes to each course please contact your Customer Success Manager directly.

Q2 2023 Release

April 2023

Security Innovation is proud to add a combined twenty-one new courses and labs to the CMD+CTRL training catalog for Q2 2023. Available to learners on April 25, 2023, our new training content focuses on areas such as Secure Software Development, Infrastructure Design, Systems Integration, Risk Management, and Vulnerability Assessment.

This content release includes:

  • (12) IDE Code Correct Skill Labs
  • (2) MITRE ATT&CK Skill Labs
  • (4) Vulnerability Identification Learn Labs
  • (3) New Courses

In addition, we’ve reworked 6 courses to meet Security Innovation instructional design standards and eliminate redundancies.

NEW SKILL LABS

Our twelve new secure coding Skill Labs are available only in CMD+CTRL Base Camp and use an IDE to both find and correct insecure code based on vulnerabilities related to credential storage, input validation, and forced browsing.

Additionally, we are introducing two new labs based on techniques used by adversaries related to execute both Discovery and Command and Control tactics as described by the MITRE ATT&CK Framework.

 

NEW LEARN LABS

Learn Labs are fun, bite-sized simulations that sharpen the software security skills of your entire team. They’ll identify common application security vulnerabilities, understand their impacts, and exploit them all from the attacker’s point of view.

Consistent with Security Innovation’s overarching “Beyond the Code” mantra, Learn Labs keep organizations safe by highlighting vulnerabilities that can be recognized by most anyone involved in the SDLC — not just those closest to the code. Our focus this quarter is on vulnerabilities that can be found on a Cloud Infrastructure and Cloud-Native Applications.

 

NEW COURSES

As always, CMD+CTRL courses grant learners a foundational understanding of the latest issues faced by software development organizations. This quarter we focus on areas such as leveraging serverless computing and backend-as-a-service.

 

UPDATED COURSES

The following courses have been updated to meet current instructional design standards and eliminate redundancies.

 

Course Language Localization

The following courses have been localized to French Canadian and will be available in the CMD+CTRL online learning catalog on April 25, 2023. Each course will be accessible via all Security Innovation Hosting Platforms (SI Shared & Dedicated Portals) and SCORM Cloud Services.

  • COD 102 Challenges in Application Security
  • COD 103 Creating Software Security Requirements
  • COD 104 Designing Secure Software
  • COD 105 Secure Software Development
  • COD 106 The Importance of Software Integration and Testing
  • COD 107 Secure Software Deployment
  • COD 108 Software Operations and Maintenance

Q1 2023 Release

January 2023

Security Innovation is proud to add 20 courses and labs to the CMD+CTRL training catalog in Q1 2023, concentrating primarily on Enterprise System Architecture, Secure Software Development, and Vulnerability Assessment.

New content includes:

  • (12) IDE Code Correct Skill Labs
  • (2) MITRE ATT&CK Skill Labs
  • (2) Vulnerability Identification Learn Labs
  • (4) New Courses

In addition, four courses have been reworked to meet Security Innovation’s instructional design standards and eliminate redundant topics.

This release incorporates the recent introduction of CMD+CTRL Labs, which reinforces computer-based training courses by guiding your team through practical, hands-on exercises. Each of these “simulations” provides learners with vivid examples of real-world threat scenarios, then helps transform those experiences into tangible skills they can apply every day.

NEW SKILL LABS

Skill Labs are technical exercises designed to modernize your software development teams’ security skills. Skill labs give coders the tools to respond to and fix software security issues in safe, simulated environments.

This quarter, we’ll show you how error messages can reveal sensitive information to potential attackers. We’ve also developed several labs utilizing the MITRE ATT&CK® framework to reveal techniques that attackers use to identify the target’s network services and shares, create user accounts, and find unsecured credentials – so you can guard against them in the future.

 

NEW LEARN LABS

Learn Labs are fun, bite-sized simulations that sharpen the software security skills of your entire team. They’ll identify common application security vulnerabilities, understand their impacts, and exploit them all from the attacker’s point of view.

This quarter, learners will use Learn Labs to identify potential weaknesses in your applications, such as identifying when changing a password is a bit too easy or how failure to adequately monitor security logs can lead to problems.

 

NEW COURSES

The following courses will be added to the CMD+CTRL online learning catalog concentrating on Enterprise System Architecture, Secure Software Development, and Incident Response. Each course will be accessible via all Security Innovation Hosting Platforms (Base Camp, SI Shared, and Dedicated Portals) and SCORM Cloud Services.

As always, CMD+CTRL courses grant learners a foundational understanding of the latest issues faced by today’s software development organizations. This quarter, we pay special attention to securing hybrid cloud environments and how APIs can expose information about your network topology. We also introduce the concept of Threat Hunting: using security frameworks to identify stealthy attackers that have already slipped past your initial security defenses.

 

UPDATED COURSES

The following courses are part of the Secure Enterprise Infrastructure Series. Each course has been updated to meet current instructional design standards, with knowledge checks replaced by learner interactions.

2022 Quarterly Releases

Q4 2022 Release

October 2022

Security Innovation is proud to add 15+ courses and labs to the CMD+CTRL training catalog in Q4 2022 concentrating primarily in areas such as Enterprise System Architecture, Secure Software Development and Vulnerability Assessment.

New content includes:

  • (4) IDE Code Correct Skill Labs
  • (4) MITRE ATT&CK Skill Labs
  • (4) Vulnerability Identification Learn Labs
  • (5) New Courses

In addition, 7 courses have been reworked to meet Security Innovation instructional design standards and eliminate redundant topics.

This release incorporates the recent introduction of CMD+CTRL Labs, which reinforce computer-based training courses by guiding your team through practical, hands-on exercises. Each of these “simulations” provide learners with vivid examples of real-world threat scenarios, then helps transform those experiences into tangible skills they can apply every day.

NEW SKILL LABS

Skill Labs are technical exercises designed to modernize your software development teams’ security skills. Skill labs give coders the tools they need to both respond to, and fix, software security issues – in safe, simulated environments.

This quarter, we’ll show you how error messages can reveal sensitive information to potential attackers. We’ve also developed several labs utilizing the MITRE ATT&CK® framework to reveal techniques that attackers use to identify the target’s network services and shares, create user accounts, and find unsecured credentials – so you can guard against them in future.

 

NEW LEARN LABS

Learn Labs are fun, bite-sized simulations that sharpen the software security skills of your entire team. They’ll identify common application security vulnerabilities, understand their impacts, and exploit them — all from the attacker’s point of view.

This quarter, learners will use Labs to identify potential weaknesses in your applications, such as identifying when changing a password is a bit too easy, or how failure to properly monitor security logs can lead to problems.

 

NEW COURSES

The following courses will be added to the CMD+CTRL online learning catalog concentrating in areas such as Enterprise System Architecture, Secure Software Development and Incident Response. Each course will be accessible via all Security Innovation Hosting Platforms (SI Shared & Dedicated Portals) and SCORM Cloud Services.

As always, CMD+CTRL courses grant learners a foundational understanding of the latest issues being faced by today’s software development organizations. This quarter, we pay special attention to securing hybrid cloud environments and how APIs can expose information about your network topology. We also introduce the concept of Threat Hunting: using security frameworks to identify stealthy attackers that have already slipped past your initial security defenses.

 

UPDATED COURSES

The following courses are part of the Secure Software Development Series. Each course has been updated to meet current instructional design standards with knowledge checks replaced by learner interactions.

Q3 2022 Release

July 2022

Security Innovation’s July release incorporates the recent introduction of CMD+CTRL Labs, which reinforce computer-based training courses by guiding your team through practical, hands-on exercises. Each of these “simulations” provide learners with vivid examples of real-world threat scenarios, then helps transform those experiences into tangible skills they can apply every day.

Our training program helps secure your software – and your organization – by offering two distinct lab types: Skill Labs and Learn Labs.

NEW SKILL LABS

Skill Labs are technical exercises designed to modernize your software development teams’ security skills. Skill labs give learners the tools they need to both respond to, and fix, software security issues – in safe, simulated environments.

New Skill Labs for Q2 2022 incorporate a virtual IDE to find and fix insecure code:

 

NEW LEARN LABS

Learn Labs are fun, bite-sized simulations that sharpen the software security skills of your entire team. They’ll identify common application security vulnerabilities, understand their impacts, and exploit them — all from the attacker’s point of view. Hints and guidance are based on each participant’s level of competency – and begin to build both an offensive and defensive mindset.

 

NEW COURSES

The following courses will be added to the CMD+CTRL online learning catalog concentrating in areas such as Enterprise System Architecture, Secure Software Development and Incident Response, will become available July 29, 2022. Each course will be accessible via all Security Innovation Hosting Platforms (SI Shared & Dedicated Portals) and SCORM Cloud Services.

As always, CMD+CTRL courses grant learners a foundational understanding of the latest issues being faced by today’s software development organizations.

 

UPDATED COURSES

These 3 courses have been completely reworked to accommodate changes introduced in the OWASP Top 10 framework when the 2017 Top 10 was replaced by the updated 2021 version.

Q2 2022 Release

April 2022

Security Innovation’s April release incorporates the introduction of a completely new type of learning experience, SKILL LABS, which is available only for the new CMD+CTRL Base Camp platform. CMD+CTRL Skill Labs utilizes virtual machines to enable completely realistic environments which are appropriate for Intermediate to Advanced-level developers and cybersecurity professionals.

Many of these new Skill Labs concentrate on the use of an emulated IDE to both find and fix insecure code, while others use the MiTRE ATT&CK Framework to help defenders learn to choose appropriate defensive strategies when dealing with cyber-attacks.

Continuing down the path of vulnerability identification, Security Innovation has prioritized seven additional labs to help learners to step up their cybersecurity abilities.

NEW SKILL LABS

 

UPDATED LEARN LABS

The following Learn Labs finalizes the transition we began in Q1 from the OWASP 2017 standard to the latest 2021 standard. They also align with the latest OWASP 2021 Testing and Mitigations series and challenges found in the CMD+CTRL Cyber Ranges. Finally, we added coverage for Cloud & API vulnerabilities according to CSA Top 11 and OWASP API Top 10.

 

UPDATED COURSES

The following courses featuring updates to the latest 2021 OWASP Top 10 standard are now accessible via all Security Innovation Hosting Platforms (SI Shared & Dedicated Portals) and SCORM Cloud Services.

Supplementary updates on May 31

Q1 2022 Release

February 2022

In 2022, Security Innovation plans to ramp up the use of labs in our training program, as it has proven to be an effective (and popular) way to reinforce the concepts introduced in our online training courses.

Our first series of labs, released in October of 2021, helped learners to tap into the mindset of an attacker by helping them to recognize common code vulnerabilities. These first labs were based on the industry guidelines provided by OWASP – a non-profit foundation dedicated to improving the security of software.

Continuing down the path of vulnerability identification, Security Innovation has prioritized seven additional labs to help learners to step up their cybersecurity abilities.

NEW LEARN LABS

2021 Quarterly Releases

Q4 2021 Release

October 2021

Our Q4 update consist of new content focused on vulnerability identification techniques, secure Infrastructure-as-Code (IaC) deployments, web API and Cloud Service best practices, and cloud penetration testing. New learning experiences build in-demand skills while establishing a real-world connection that accounts for exposure to cyber-attacks, disruption, interruption, and many other impacts.

Unify daily experiences and intellect with learning labs while driving the transfer of training after the formal learning intervention

Secure Infrastructure as Code (IaC) deployments by leveraging security features and capabilities of Terraform

Identify unique vulnerabilities within authentic enterprise applications using various techniques

Learn API Security based on OWASP guidelines to understand and mitigate risks of application programming interfaces (APIs)

Follow CSA Top 11 Threats to Cloud Computing guidelines regarding what secure practices to follow when planning and establishing cloud environments

Learn Pen Testing fundamentals to protect and defend cloud services from common vulnerabilities and misconfigurations for the top 3 cloud service providers

NEW LEARN LABS

NEW COURSES

Q3 2021 Release

July 2021

Our Q3 update includes new and updated courses focused on Cloud Best Practices for Enterprise organizations, as well as attack and test techniques that teams need to safeguard their software and infrastructure – all while using the Google Cloud Platform.

Google Cloud Platform

COD 252 – Securing Google Platform Applications & Data
This course provides the knowledge and skills to implement and leverage GCP security features, manage secrets, and protect applications and data against common threats.

DSO 256 – DevSecOps in the Google Cloud Platform
This course focuses on centralized monitoring, operations, and logging. Learn to store, view, search, analyze, and alert on log data and events. Gain visibility into the performance, availability, and health of your applications and infrastructure to ensure reliable operation.

Secure Enterprise Infrastructure Series

The Security Innovation course development team is bringing additional interactive elements to many of our existing training modules in order to increase engagement and to provide a better experience for learners. Let us know what you think of the improvements!

DES 214 Securing Infrastructure Architecture
DES 215 Defending Infrastructure
DES 216 Protecting Cloud Infrastructure
DES 218 Protecting Microservices, Containers, and Orchestration

Q2 2021 Release

April 2021

Our release this quarter focuses on two areas:

Our Q2 update entails a lot of new and updated content focusing on attack and test techniques teams need to safeguard their software and infrastructure.

Addition of MiTRE ATT&CK Framework coverage to understand attack techniques on software systems and infrastructure.

“Shift Right” to examine exposure points from an external perspective and defend applications, servers, systems, networks, and data from malicious attacks.

Consolidated related OWASP and CWE content based on the evolvement of new risks, weaknesses, vulnerabilities, and exploit techniques to eliminate redundancy.

Identify and eliminate vulnerabilities during development to keep pace as development teams take on more test functions with a new genre of courses; Software Development Testing (SDT).

Q1 2021 Release

January 2021

Our release this quarter focuses on two areas:

Enhanced coding interactions: make it easier to distill complex topics and commit knowledge to memory
Emerging Technologies: learn object-oriented and scripting languages that are quickly becoming industry mainstays
DevSecOps Practices: master tools and methods that calibrate agility with security
Secure Coding Interactivity: challenge developers to find and fix vulnerabilities in code based on learned knowledge.

COD 287 – Java Application Server Hardening COD 386 Preventing Integer Overflows in Java Code
COD 315 Preventing Vulnerabilities in iOS Code in Swift COD 255 Creating Secure Code – Web API Foundations
COD 384 Protecting Java from Information Disclosure COD 302 Secure C Memory Management
COD 385 Preventing Race Conditions in Java Code COD 322 Protecting C# from SQLi
COD 319 Preventing Vulnerabilities in Android Code in Java COD 323 Using encryption with C#
COD 324 Protecting C# from XML Injection