Security Journey

The Secure Coding Training: 2 Year Plan assigns 2-3 lessons per month for 24 months.

Year 1 has 31 lessons covering the basics such as the OWASP Top 10 and well known public vulnerabilities, plus much more. 

Year 2 has 25 lessons covering more advanced topics such as Oauth Implementation, Docker, Security Configuration Management and Reverse Engineering for iOS, to name a few. 

- Year 1 has 31 lessons covering the basics such as the OWASP Top 10 and well known public vulnerabilities, plus much more. 
- Year 2 has 25 lessons covering more advanced topics such as Oauth Implementation, Docker, Security Configuration Management and Reverse Engineering for iOS, to name a few. 

You can easily customize this training plan and change the lesson frequency to turn it into a 3 year plan. These lessons are seen as the most critical secure coding training content to keep your organization safe.

___________________________________________________________

Year one of the Secure Coding Training: 2 Year Plan includes the following lessons.

Year two of the Secure Coding Training: 2 Year Plan includes the following lessons.

What lessons are included in the Secure Development Training: 2-Year Plan preset?

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

Track the progress of all tickets related to your company

Tickets portal

{assigneeName} needs more information from you

Month #
1	SQL Injection: Part 1	Command Injection	Reflected Cross-Site Scripting (XSS)
2	Identification and Authentication Failures	Broken Access Control	Security Misconfiguration
3	Cryptographic Failures	Security Logging and Monitoring Failures	Vulnerable and Outdated Components
4	XML External Entities (XXE)	Software and Data Integrity Failures	Server-Side Request Forgery (SSRF)
5	Excessive Data Exposure	Broken Function Level Authorization	API Security Misconfiguration
6	SQL Injection: Part 2	Stored Cross-Site Scripting (XSS)	Insecure Design
7	Capital One: Part 1	Capital One: Part 2	Capital One: Part 3
8	Improper Assets Management	Lack of Resources and Rate Limiting	Broken Object Level Authorization
9	Mass Assignment	JSON Web Token (JWT) Authentication Security	Cross-Site Request Forgery (CSRF)
10	SQL Injection: Part 3	DOM-Based Cross-Site Scripting (XSS)
11	Stack Overflow	ClickJacking
12	MySpace "Samy" Worm	Remote Code Execution

Month #
1	Apache Struts 2	Blind XXE
2	OAuth Implementation Vulnerabilities: Part 1	OAuth Implementation Vulnerabilities: Part 2
3	Threat Modeling	XSS in Third-Party Integration
4	Off-By-One	Heap Overflow
5	Abusing the $where operator	Using comparison operators	User input as keys
6	Docker Introduction	Dockerfile Introduction	Docker Image Scanning
7	Docker Container Hardening	Docker Secret Handling
8	Commit Hooks	Static Application Security Testing (SAST)
9	Dynamic Application Security Testing (DAST)	Security Unit Tests
10	Security Configuration Management	Infrastructure as Code
11	Format String
12	Reverse Engineering (iOS)	Code Tampering (Android)

Year 1

Month #

Year 2

Month #