Training Course Updates

Staying Ahead of the Threatscape

With 180+ courses, Security Innovation has the most expansive and current software security curriculum in the industry. And just like the threat landscape, it’s constantly changing. That’s why we regularly release new and updated courses throughout the year.

Your voice matters

In addition to emerging trends, customer feedback largely drives course direction. If you would like a more detailed look at our roadmap, please contact us.

Planned Updates at a Glance

While slight changes might be made based on emerging threats and customer demand, our planned future releases include:

OWASP Mobile & IoT OWASP Application Security Verification Standard (ASVS)
Securing browser-based JavaScript/Typescript applications Application & infrastructure pen testing
Securing Blockchain assets and its network Hardening Linux/Unix systems
Secure DevOps practices PCI Secure Software Framework
Supply chain security Privacy principles

Released Course Updates

January 2020 Release

In response to the increased complexity of modern software systems and attacker techniques getting more sophisticated, this quarter’s release focused primarily on specialized and advanced penetration testing best practices.

We also introduced DevOps, IoT and PCI courses.

DES 151 – Fundamentals of the PCI Secure SLC Standard TST 355 – Penetration Testing for Authorization Vulnerabilities
DES 255 – Securing the IoT Update Process TST 356 – Penetration Testing for XSS
DSO 201 – Fundamentals of Secure DevOps TST 357 – Penetration Testing for Hardcoded Secrets
TST 202 – Penetration Testing Fundamentals TST 358 – Penetration Testing Wireless Networks
TST 351 – Penetration Testing for TLS Vulnerabilities TST 359 – Penetration Testing Network Infrastructure
TST 352 – Penetration Testing for Injection Vulnerabilities TST 360 – Penetration Testing for Authentication Vulnerabilities
TST 353 – Penetration Testing for SQL Injection DES 255 – Securing the IoT Update Process
TST 354 – Penetration Testing for Memory Corruption Vulnerabilities

October, 2019 Release


As security increasingly becomes a business risk issue, we introduced fundamental courses around the NIST Risk Management Framework (RMF), with more specialized and implementation specific coverage planned for 2020.

We also introduced our first vulnerability scanning course, which was based on increasing customers need to achieve breadth of test coverage across their entire portfolio of software/IT systems.

ENG 251 – Risk Management Foundations
ENG 351 – Preparing the Risk Management Framework
TST 205 – Performing Vulnerability Scans


Most of these courses include content updates for newer versions of technologies, programming languages, and methodologies. Design updates include improved interactivity such as drag and drop code exercises and real-world scenarios:
COD 141 – Fundamentals of Database Security
COD 160 – Fundamentals of Embedded Software Development
COD 256 – Creating Secure Code Ruby on Rails Foundations
COD 257 – Creating Secure Python Web Applications
DES 101 – Fundamentals of Secure Architecture
DES 212 – Architecture Risk Analysis and Remediation
DES 311 – Creating Secure Application Architecture
ENG 205 – Fundamentals of Threat Modeling
ENG 211 – How to Create Application Security Design Requirements
ENG 311 – Attack Surface Analysis and Reduction
ENG 312 – How to Perform a Security Code Review

July, 2019 Release


This quarter’s theme was largely driven by the increased attack surface of cloud-based systems. We released courses so that teams could better defend architecture, code and infrastructure.

DES 216 – Protecting Cloud Infrastructure
DES 218 – Protecting Microservices, Containers, and Orchestration
COD 251 – Defending AJAX-enabled Web Applications
COD 214 – Creating Secure GO Applications
COD 258 – Creating Secure PHP Web Applications
COD 267 – Securing Python Microservices

Foreign language versions
We also released the following Chinese (Simplified), Spanish (Latin America) and French (France/European) courses:

AWA 102 – Software Security Concepts
DES 222 – Applying OWASP 2017 Mitigating Injection
DES 223 – Applying OWASP 2017 Mitigating Broken Authentication
DES 224 – Applying OWASP 2017 Mitigating Sensitive Data Exposure
DES 225 – Applying OWASP 2017 Mitigating XML External Entities
DES 226 – Applying OWASP 2017 Mitigating Broken Access Control
DES 227 – Applying OWASP 2017 Mitigating Security Misconfiguration
DES 228 – Applying OWASP 2017 Mitigating Cross-Site Scripting
DES 229 – Applying OWASP 2017 Mitigating Insecure Deserialization
DES 230 – Applying OWASP 2017 Mitigating Use of Components with Known Vulnerabilities
DES 231 – Applying OWASP 2017 Mitigating Insufficient Logging and Monitoring
ENG 312 – How to Perform a Security Code Review
TST 201 – Testing for CWE SANS Top 25 Software Errors
TST 222 – Testing for OWASP 2017: Injection
TST 223 – Testing for OWASP 2017: Broken Authentication
TST 224 – Testing for OWASP 2017: Sensitive Data Exposure
TST 225 – Testing for OWASP 2017: XML External Entities
TST 226 – Testing for OWASP 2017: Broken Access Control\TST 227 – Testing for OWASP 2017: Security Misconfiguration
TST 228 – Testing for OWASP 2017: Cross-Site Scripting
TST 229 – Testing for OWASP 2017: Insecure Deserialization
TST 230 – Testing for OWASP 2017: Use of Components with Known Vulnerabilities
TST 231 – Testing for OWASP 2017: Insufficient Logging and Monitoring


We updated many of our secure coding courses to provide more interactivity and updates to specific syntax.

COD 110 – Fundamentals of Secure Mobile Development
COD 152 – Fundamentals of Secure Cloud Development
COD 242 – Creating Secure SQL Server and Azure Server Database Applications
COD 253 – Creating Secure AWS Cloud Applications
COD 254 – Creating Secure Azure Applications
COD 317 – Creating Secure iOS Code in Swift
COD 318 – Creating Secure Android Code in Java
COD 352 – Creating Secure JavaScript and jQuery Code


Creating Secure ASP.NET Applications Series

COD 308 – Common ASP.NET Vulnerabilities and Attacks
COD 309 – Securing ASP.NET MVC Applications

April, 2019 Release


This quarter’s releases and updates were primarily focused on securing and defending infrastructure, with a focus on IoT.

  • COD 284 – Secure Java Coding
  • ENG 150 – Meeting Confidentiality, Integrity and Availability Requirements
  • DES 214 – Securing Infrastructure Architecture
  • DES 215 – Defending Infrastructure


Insecure IoT Series
We updated our Insecure IoT Series to help IT teams secure interfaces, communications, network services, firmware, and authentication/authorization schemes.

  • COD 225 – Insecure IoT Web Interfaces
  • COD 226 – Insecure IoT Authentication and Authorization
  • COD 227 – Insecure IoT Network Services
  • COD 228 – Insecure IoT Communications
  • COD 229 – Insecure IoT Mobile Interface
  • COD 230 – Insecure IoT Firmware

As part of our commitment to timely content, these courses have also undergone updates related to code syntax, design, and interactivity.

  • COD 262 – Fundamentals of Shell and Interpreted Language Security
  • COD 283 – Java Cryptography
  • TST 101 – Fundamentals of Security Testing
  • COD 261 – Threats to Scripts


PCI DSS Series
Previously one course, our PCI DSS v3.2 Best Practices for Developers course has been broken down into four micro-courses:

  • COD 246 – PCI DSS 3: Protecting Stored Cardholder Data
  • COD 247 – PCI DSS 4: Encrypting Transmission of Cardholder Data
  • COD 248 – PCI DSS 6: Develop & Maintain Secure Systems and Applications
  • COD 249 – PCI DSS 11: Regularly Test Security Systems and Processes

Fundamentals of SDLC Security Series
Rather than having to learn all concepts at once, we broke this down into more focused topics for streamlined training.

  • COD 102 – The Role of Software Security
  • COD 103 – Creating Software Security Requirements
  • COD 104 – Designing Secure Software
  • COD 105 – Secure Software Development
  • COD 106 – The Importance of Integration and Testing
  • COD 107 – Secure Software Deployment
  • COD 108 – Software Operations and Maintenance

Secure Scripting Series
Previously one course, we broke this down into four language specific modules.

  • COD 263 – Secure Bash Scripting
  • COD 264 – Secure Perl Scripting
  • COD 265 – Secure Python Scripting
  • COD 266 – Secure Ruby Scripting