Skip to main content
All CollectionsTraining LibraryRecommended Paths
Recommended Path: Business Learner
Recommended Path: Business Learner

This article describes our Recommended Business Learner Paths.

Rachel Yonan avatar
Written by Rachel Yonan
Updated over 2 months ago

Our Business Learner Paths are designed for individuals involved in software development, such as product managers, UX designers, system admins, and QA engineers to help them support secure development efforts.

The Business Learner training content is organized into three progressive levels:

  • Business Learner Foundational: Introduces the basics of application security, such as the different types of security vulnerabilities, the importance of secure coding practices, and the role of security testing.

  • Business Learner Intermediate: Takes a deeper dive into application security, covering threat modeling, risk assessment, and security controls.

  • Business Learner Advanced: Covers cutting-edge application security topics, such as DevSecOps, secure design, and common weaknesses.
    โ€‹

Foundational Business Learner

Video Only | Total Learning Path Duration: 4 hours and 8 minutes

Introduction to Security Journey

Introduction to Security

Core Security Concepts

Attacks

Attackers

Threat Landscape

The Hacker Mindset

Social Engineering

Security Myths

Security Culture and Mindset

Data Breaches

Security Business Case

Prioritizing Security

Translating Security

Risk Managment for AppSec

Privacy and Customer Data Protection

Dealing with Vulnerabilities

Security at Home

Tips for Secure Remote Work

OWASP Universe

Knowledge Sources

Threat Landscape: Cloud

IoT Threat Landscape

Secure Development Lifecycle

Intermediate Business Learner

Video Only | Total Learning Path Duration: 4 hours and 40 minutes

Six Foundational Truths of Application Security

Security Requirements

Threat Modeling Basics

Threat Modeling Process

Threat Modeling Examples

Threat Modeling Manifesto

Input Validation

Output Encoding

Authentication Theory

Authorization Theory

Logging and Exception Handling

Cryptography

Software Supply Chain

OWASP Top 10 | Part 1

OWASP Top 10 | Part 2

OWASP Top 10 | Part 3

Injection: SQL and Command

Cross Site Request Forgery (CSRF)

Cross-Site Scripting (XSS) | Part 1

Cross-Site Scripting (XSS) | Part 2

Buffer Overflows and Remote Code Execution

Denial of Service (DoS)

Server-Side Request Forgery

Insecure Communication

Advanced: Business Learner

Video Only | Total Learning Path Duration: 4 hours and 57 minutes

AppSec in an Agile World | Part 1

AppSec in an Agile World | Part 2

AppSec in a DevOps World

Security Behaviors for DevOps

CWE Top 25 | Part 1

CWE Top 25 | Part 2

CWE Top 25 | Part 3

CWE Top 25 | Part 4

Static Application Security Testing (SAST)

Dynamic Application Security Testing (DAST)

Vulnerability Scanning

Next Generation AppSec Tools

Penetration Testing and Bug Bounty

Thinking like a Penetration Tester

Intro to Secure Development

Designing a Secure App or Product

Secure Design Principles | Part 1

Secure Design Principles | Part 2

Secure Design Principles in Action: Part 1

Secure Design Principles in Action: Part 2

Intro to Secure Coding

Securing the Development Environment

Protecting your Code Repository

Secure the Release

Related Articles
Recommended Path: Cloud Engineer
Recommended Path: Data Scientist
Recommended Path: DevSecOps
Recommended Path: Privacy Engineer
Recommended Path: Tester
Did this answer your question?