The Secure Coding Training: 2 Year Plan assigns 2-3 lessons per month for 24 months.
Year 1 has 31 lessons covering the basics such as the OWASP Top 10 and well known public vulnerabilities, plus much more.
Year 2 has 25 lessons covering more advanced topics such as Oauth Implementation, Docker, Security Configuration Management and Reverse Engineering for iOS, to name a few.
You can easily customize this training plan and change the lesson frequency to turn it into a 3 year plan. These lessons are seen as the most critical secure coding training content to keep your organization safe.
Year 1
Year one of the Secure Coding Training: 2 Year Plan includes the following lessons.
Month # |
|
|
|
1 | SQL Injection: Part 1 | Command Injection | Reflected Cross-Site Scripting (XSS) |
2 | Identification and Authentication Failures | Broken Access Control | Security Misconfiguration |
3 | Cryptographic Failures | Security Logging and Monitoring Failures | Vulnerable and Outdated Components |
4 | XML External Entities (XXE) | Software and Data Integrity Failures | Server-Side Request Forgery (SSRF) |
5 | Excessive Data Exposure | Broken Function Level Authorization | API Security Misconfiguration |
6 | SQL Injection: Part 2 | Stored Cross-Site Scripting (XSS) | Insecure Design |
7 | Capital One: Part 1 | Capital One: Part 2 | Capital One: Part 3 |
8 | Improper Assets Management | Lack of Resources and Rate Limiting | Broken Object Level Authorization |
9 | Mass Assignment | JSON Web Token (JWT) Authentication Security | Cross-Site Request Forgery (CSRF) |
10 | SQL Injection: Part 3 | DOM-Based Cross-Site Scripting (XSS) |
|
11 | Stack Overflow | ClickJacking |
|
12 | MySpace "Samy" Worm | Remote Code Execution |
|
Year 2
Year two of the Secure Coding Training: 2 Year Plan includes the following lessons.
Month # |
|
|
|
1 | Apache Struts 2 | Blind XXE |
|
2 | OAuth Implementation Vulnerabilities: Part 1 | OAuth Implementation Vulnerabilities: Part 2 |
|
3 | Threat Modeling | XSS in Third-Party Integration |
|
4 | Off-By-One | Heap Overflow |
|
5 | Abusing the $where operator | Using comparison operators | User input as keys |
6 | Docker Introduction | Dockerfile Introduction | Docker Image Scanning |
7 | Docker Container Hardening | Docker Secret Handling |
|
8 | Commit Hooks | Static Application Security Testing (SAST) |
|
9 | Dynamic Application Security Testing (DAST) | Security Unit Tests
|
|
10 | Security Configuration Management | Infrastructure as Code |
|
11 | Format String |
|
|
12 | Reverse Engineering (iOS) | Code Tampering (Android) |
|