The Secure Coding Training: 2 Year Plan assigns 2-3 lessons per month for 24 months.
Year 1 has 31 lessons covering the basics such as the OWASP Top 10 and well known public vulnerabilities, plus much more.
Year 2 has 25 lessons covering more advanced topics such as Oauth Implementation, Docker, Security Configuration Management and Reverse Engineering for iOS, to name a few.
You can easily customize this training plan and change the lesson frequency to turn it into a 3 year plan. These lessons are seen as the most critical secure coding training content to keep your organization safe.
Year 1
Year one of the Secure Coding Training: 2 Year Plan includes the following lessons.
Month # | |||
1 | SQL Injection: Part 1 | Command Injection | Reflected Cross-Site Scripting (XSS) |
2 | Identification and Authentication Failures | Broken Access Control | Security Misconfiguration |
3 | Cryptographic Failures | Security Logging and Monitoring Failures | Vulnerable and Outdated Components |
4 | XML External Entities (XXE) | Software and Data Integrity Failures | Server-Side Request Forgery (SSRF) |
5 | Excessive Data Exposure | Broken Function Level Authorization | API Security Misconfiguration |
6 | SQL Injection: Part 2 | Stored Cross-Site Scripting (XSS) | Insecure Design |
7 | Capital One: Part 1 | Capital One: Part 2 | Capital One: Part 3 |
8 | Improper Assets Management | Lack of Resources and Rate Limiting | Broken Object Level Authorization |
9 | Mass Assignment | JSON Web Token (JWT) Authentication Security | Cross-Site Request Forgery (CSRF) |
10 | SQL Injection: Part 3 | DOM-Based Cross-Site Scripting (XSS) | |
11 | Stack Overflow | ClickJacking | |
12 | MySpace "Samy" Worm | Remote Code Execution |
Year 2
Year two of the Secure Coding Training: 2 Year Plan includes the following lessons.
Month # | |||
1 | Apache Struts 2 | Blind XXE | |
2 | OAuth Implementation Vulnerabilities: Part 1 | OAuth Implementation Vulnerabilities: Part 2 | |
3 | Threat Modeling | XSS in Third-Party Integration | |
4 | Off-By-One | Heap Overflow | |
5 | Abusing the $where operator | Using comparison operators | User input as keys |
6 | Docker Introduction | Dockerfile Introduction | Docker Image Scanning |
7 | Docker Container Hardening | Docker Secret Handling | |
8 | Commit Hooks | Static Application Security Testing (SAST) | |
9 | Dynamic Application Security Testing (DAST) | Security Unit Tests | |
10 | Security Configuration Management | Infrastructure as Code | |
11 | Format String | ||
12 | Reverse Engineering (iOS) | Code Tampering (Android) |