Staying Ahead of the Threatscape
With 200+ courses, Security Innovation has the most expansive and current software security curriculum in the industry. And just like the threat landscape, it’s constantly changing. That’s why we regularly release new and updated courses throughout the year.
Your voice matters
In addition to emerging trends, customer feedback largely drives course direction. If you would like a more detailed look at our roadmap, please contact us.
Q4 2022 Release
October 2022
Security Innovation is proud to add 15+ courses and labs to the CMD+CTRL training catalog in Q4 2022 concentrating primarily in areas such as Enterprise System Architecture, Secure Software Development and Vulnerability Assessment.
New content includes:
- (4) IDE Code Correct Skill Labs
- (4) MITRE ATT&CK Skill Labs
- (4) Vulnerability Identification Learn Labs
- (5) New Courses
In addition, 7 courses have been reworked to meet Security Innovation instructional design standards and eliminate redundant topics.
This release incorporates the recent introduction of CMD+CTRL Labs, which reinforce computer-based training courses by guiding your team through practical, hands-on exercises. Each of these “simulations” provide learners with vivid examples of real-world threat scenarios, then helps transform those experiences into tangible skills they can apply every day.
SKILL LABS
Skill Labs are technical exercises designed to modernize your software development teams’ security skills. Skill labs give coders the tools they need to both respond to, and fix, software security issues – in safe, simulated environments.
This quarter, we’ll show you how error messages can reveal sensitive information to potential attackers. We’ve also developed several labs utilizing the MITRE ATT&CK® framework to reveal techniques that attackers use to identify the target’s network services and shares, create user accounts, and find unsecured credentials – so you can guard against them in future.
* Note: Skill Labs are only available to CMD+CTRL Base Camp subscribers.
LEARN LAB
Learn Labs are fun, bite-sized simulations that sharpen the software security skills of your entire team. They’ll identify common application security vulnerabilities, understand their impacts, and exploit them — all from the attacker’s point of view.
This quarter, learners will use Labs to identify potential weaknesses in your applications, such as identifying when changing a password is a bit too easy, or how failure to properly monitor security logs can lead to problems.
NEW COURSES
The following courses will be added to the CMD+CTRL online learning catalog concentrating in areas such as Enterprise System Architecture, Secure Software Development and Incident Response. Each course will be accessible via all Security Innovation Hosting Platforms (SI Shared & Dedicated Portals) and SCORM Cloud Services.
As always, CMD+CTRL courses grant learners a foundational understanding of the latest issues being faced by today’s software development organizations. This quarter, we pay special attention to securing hybrid cloud environments and how APIs can expose information about your network topology. We also introduce the concept of Threat Hunting: using security frameworks to identify stealthy attackers that have already slipped past your initial security defenses.
UPDATED COURSES
The following courses are part of the Secure Software Development Series. Each course has been updated to meet current instructional design standards with knowledge checks replaced by learner interactions.
July 2022 Release
Security Innovation’s July release incorporates the recent introduction of CMD+CTRL Labs, which reinforce computer-based training courses by guiding your team through practical, hands-on exercises. Each of these “simulations” provide learners with vivid examples of real-world threat scenarios, then helps transform those experiences into tangible skills they can apply every day.
Our training program helps secure your software – and your organization – by offering two distinct lab types: Skill Labs and Learn Labs. See below for details on new labs on tap for this quarter:
SKILL LABS
Skill Labs are technical exercises designed to modernize your software development teams’ security skills. Skill labs give learners the tools they need to both respond to, and fix, software security issues – in safe, simulated environments.
New Skill Labs for Q2 2022 incorporate a virtual IDE to find and fix insecure code:
* Note: Skill Labs are only available to CMD+CTRL Base Camp subscribers.
LEARN LAB Updates
Learn Labs are fun, bite-sized simulations that sharpen the software security skills of your entire team. They’ll identify common application security vulnerabilities, understand their impacts, and exploit them — all from the attacker’s point of view. Hints and guidance are based on each participant’s level of competency – and begin to build both an offensive and defensive mindset.
NEW COURSES
The following courses will be added to the CMD+CTRL online learning catalog concentrating in areas such as Enterprise System Architecture, Secure Software Development and Incident Response, will become available July 29, 2022. Each course will be accessible via all Security Innovation Hosting Platforms (SI Shared & Dedicated Portals) and SCORM Cloud Services.
As always, CMD+CTRL courses grant learners a foundational understanding of the latest issues being faced by today’s software development organizations.
UPDATED COURSES
These 3 courses have been completely reworked to accommodate changes introduced in the OWASP Top 10 framework when the 2017 Top 10 was replaced by the updated 2021 version.
April 2022
Security Innovation’s April release incorporates the introduction of a completely new type of learning experience, SKILL LABS, which is available only for the new CMD+CTRL Base Camp platform. CMD+CTRL Skill Labs utilizes virtual machines to enable completely realistic environments which are appropriate for Intermediate to Advanced-level developers and cybersecurity professionals.
Many of these new Skill Labs concentrate on the use of an emulated IDE to both find and fix insecure code, while others use the MiTRE ATT&CK Framework to help defenders learn to choose appropriate defensive strategies when dealing with cyber-attacks.
Continuing down the path of vulnerability identification, Security Innovation has prioritized seven additional labs to help learners to step up their cybersecurity abilities:
NEW! SKILL LABS
LEARN LAB Updates
The following Learn Labs finalizes the transition we began in Q1 from the OWASP 2017 standard to the latest 2021 standard. They also align with the latest OWASP 2021 Testing and Mitigations series and challenges found in the CMD+CTRL Cyber Ranges. Finally, we added coverage for Cloud & API vulnerabilities according to CSA Top 11 and OWASP API Top 10.
COURSE Updates
The following courses featuring updates to the latest 2021 OWASP Top 10 standard are now accessible via all Security Innovation Hosting Platforms (SI Shared & Dedicated Portals) and SCORM Cloud Services.
Supplementary updates on May 31
February 2022 Release
In 2022, Security Innovation plans to ramp up the use of labs in our training program, as it has proven to be an effective (and popular) way to reinforce the concepts introduced in our online training courses.
Our first series of labs, released in October of 2021, helped learners to tap into the mindset of an attacker by helping them to recognize common code vulnerabilities. These first labs were based on the industry guidelines provided by OWASP – a non-profit foundation dedicated to improving the security of software.
Continuing down the path of vulnerability identification, Security Innovation has prioritized seven additional labs to help learners to step up their cybersecurity abilities:
NEW LABS
October 2021 Release
Our Q4 update consist of new content focused on vulnerability identification techniques, secure Infrastructure-as-Code (IaC) deployments, web API and Cloud Service best practices, and cloud penetration testing. New learning experiences build in-demand skills while establishing a real-world connection that accounts for exposure to cyber-attacks, disruption, interruption, and many other impacts.
Unify daily experiences and intellect with learning labs while driving the transfer of training after the formal learning intervention
Secure Infrastructure as Code (IaC) deployments by leveraging security features and capabilities of Terraform
Identify unique vulnerabilities within authentic enterprise applications using various techniques
Learn API Security based on OWASP guidelines to understand and mitigate risks of application programming interfaces (APIs)
Follow CSA Top 11 Threats to Cloud Computing guidelines regarding what secure practices to follow when planning and establishing cloud environments
Learn Pen Testing fundamentals to protect and defend cloud services from common vulnerabilities and misconfigurations for the top 3 cloud service providers
NEW LABS
NEW COURSES
July 2021 Release
Our Q3 update includes new and updated courses focused on Cloud Best Practices for Enterprise organizations, as well as attack and test techniques that teams need to safeguard their software and infrastructure – all while using the Google Cloud Platform.
New Courses! Google Cloud Platform
COD 252 – Securing Google Platform Applications & Data
This course provides the knowledge and skills to implement and leverage GCP security features, manage secrets, and protect applications and data against common threats.
DSO 256 – DevSecOps in the Google Cloud Platform
This course focuses on centralized monitoring, operations, and logging. Learn to store, view, search, analyze, and alert on log data and events. Gain visibility into the performance, availability, and health of your applications and infrastructure to ensure reliable operation.
Updated Courses! Secure Enterprise Infrastructure Series
The Security Innovation course development team is bringing additional interactive elements to many of our existing training modules in order to increase engagement and to provide a better experience for learners. Let us know what you think of the improvements!
• DES 214 Securing Infrastructure Architecture
• DES 215 Defending Infrastructure
• DES 216 Protecting Cloud Infrastructure
• DES 218 Protecting Microservices, Containers, and Orchestration
April 2021 Release
Released Courses
Our release this quarter focuses on two areas:
Our Q2 update entails a lot of new and updated content that focuses on attack and test techniques teams need to safeguard their software and infrastructure.
Addition of MiTRE ATT&CK Framework coverage to understand attack techniques on software systems and infrastructure
“Shift Right” to examine exposure points from an external perspective and defend applications, servers, systems, networks, and data from malicious attacks
Consolidated related OWASP and CWE content based on the evolvement of new risks, weaknesses, vulnerabilities, and exploit techniques to eliminate redundancy
Identify and eliminate vulnerabilities during development to keep pace as development teams take on more test functions with a new genre of courses; Software Development Testing (SDT)
January 2021 Release
Released Courses
Our release this quarter focuses on two areas:
Enhanced coding interactions: make it easier to distill complex topics and commit knowledge to memory
Emerging Technologies: learn object-oriented and scripting languages that are quickly becoming industry mainstays
DevSecOps Practices: master tools and methods that calibrate agility with security
Secure Coding Interactivity: challenge developers to find and fix vulnerabilities in code based on learned knowledge
| COD 287 – Java Application Server Hardening | COD 386 Preventing Integer Overflows in Java Code |
| COD 315 Preventing Vulnerabilities in iOS Code in Swift | COD 255 Creating Secure Code – Web API Foundations |
| COD 384 Protecting Java from Information Disclosure | COD 302 Secure C Memory Management |
| COD 385 Preventing Race Conditions in Java Code | COD 322 Protecting C# from SQLi |
| COD 319 Preventing Vulnerabilities in Android Code in Java | COD 323 Using encryption with C# |
| COD 324 Protecting C# from XML Injection |