The Secure Development Training: 1-Year plan is our default training plan. It was designed to start your learners with beginner level lessons and as the year progresses move them to moderate and then advanced content.
This training plan preset contains 31 lessons spread out over 12 month-long phases and will cover the basics such as the OWASP Top 10 and well known public vulnerabilities. With no more then 1-3 lessons per month, your learners will be able to build a strong foundational knowledge of secure coding principles and best-practices.
The one-year plan contains the following lessons.
Month # |
|
|
|
|
1 | SQL Injection: Part 1 | Command Injection | Reflected Cross-Site Scripting (XSS) |
|
2 | Identification and Authentication Failures | Broken Access Control | Security Misconfiguration |
|
3 | Cryptographic Failures | Security Logging and Monitoring Failures | Vulnerable and Outdated Components |
|
4 | XML External Entities (XXE) | Software and Data Integrity Failures | Cross-Site Request Forgery (CSRF) |
|
5 | Capital One: Part 1 | Capital One: Part 2 | Capital One: Part 3 |
|
6 | Excessive Data Exposure | Broken Function Level Authorization | API Security Misconfiguration | Broken Object Level Authorization |
7 | Mass Assignment | Lack of Resources and Rate Limiting | JSON Web Token (JWT) Authentication Security |
|
8 | XSS in Third-Party Integration | SQL Injection: Part 2 | Stored Cross-Site Scripting (XSS) |
|
9 | Stack Overflow |
|
|
|
10 | Blind XXE | DOM-Based Cross-Site Scripting (XSS) |
|
|
11 | Remote Code Execution |
|
|
|
12 | Apache Struts 2 | MySpace "Samy" Worm |
|
|
โ