Skip to content
Contact us
  • There are no suggestions because the search field is empty.

Post-Assessment Training Recommendations

This article provides training recommendations for learners; organized by Assessment Category and Assessment Topic areas.

Choosing Content after an Assessment

Not sure what to assign after completing an Assessment?

Security Journey recommends the lessons listed below, organized by Assessment category and Assessment topic areas.

Keep in mind, if you have time constraints and can't assign all lessons associated with a topic, we recommend assigning the first lesson listed. However, our recommendation is to follow up with all lessons listed for that topic.

Secure Coding

Topic Recommended Lesson(s)
Authentication and Authorization Issues CWE-287 Improper Authentication, Broken Authentication, CWE-798 Use of Hard-Coded Credentials, Cryptographic Failures | Use of Hard-Coded Password (Part 1), Cryptographic Failures | Use of Hard-Coded (Part 2)
Concurrency Issues Secure Coding Techniques for Embedded Systems | Part 1
Design and Configuration Flaws CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Path Traversal (CWE-22)
Data Processing Issues CWE-190 Integer Overflow or Wraparound, 
Improper Access Control CWE-862 Missing Authorization, Broken Access Control | Improper Access Control
Injection Flaws CWE-94 Improper Control of Generation of Code ('Code Injection'), Command Injection (CWE-78 -- OS Command Injection)
OWASP Injection CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), SQL Injection: Part 1, SQL Injection: Part 2, SQL Injection: Part 3
OWASP Security Logging and Monitoring Failures Logging and Exception Handling, Security Logging and Monitoring Failures | Insufficient Logging
OWASP Server-Side Request Forgery CWE-918 Server-Side Request Forgery (SSRF), Server-Side Request Forgery (SSRF)
OWASP Software and Data Integrity Failure CWE-502 Deserialization of Untrusted Data, Software and Data Integrity Failures | Overreliance on Cookies
OWASP Vulnerable and Outdated Components Software Supply Chain, Vulnerable and Outdated Components | Using Components with Known Vulnerabilities
OWASP Use of Hard-Coded Credentials CWE-798 Use of Hard-coded Credentials, Cryptographic Failures | Use of Hard-coded Password (Part 1), Cryptographic Failures | Use of Hard-coded Password (Part 2)
OWASP Insecure Design Insecure Design
OWASP Security Misconfiguration Security Misconfigurations | Error Message Containing Sensitive Information
OWASP Identification and Authentication CWE-287 Improper Authentication

Core Security Concepts

Topic  Recommended Lesson(s)
Attack Terminology Introduction to Security, Data Breaches, Attacks, Knowledge Sources
Application and Product Security Core Security Concepts, Six Foundational Truths of Application Security, Software Supply Chain
Data Privacy Privacy and Customer Data Protection, LINDDUN Privacy Threat Modeling
CIA Security Triad Core Security Concepts
Threat Actors Attackers, Social Engineering
Security Organization and Community Prioritizing Security, Translating Security, Security Myths, OWASP Universe, Knowledge Sources
Risk Terminology Risk Management for AppSec
Threat Terminology Threat Landscape, Threat Landscape: Cloud
Security Champions Security Culture and Mindset
Proactive Security Security Business Case
Security Threats and Impact Threat Landscape, Denial of Service (DoS), Social Engineering, Data Breaches

Secure Development & Design

Topic Recommended Lesson(s)
DevSecOps - Build and Deployment DevSecOps Maturity Model Build - Deployment
DevSecOps - Culture and Organization DevSecOps Maturity Model Build - Culture - Organization
DevSecOps - Implementation DevSecOps Maturity Model Implementation - Information Gathering part 1
DevSecOps - Information Gathering DevSecOps Maturity Model Implementation - Information Gathering part 2
DevSecOps - Test and Verification
SDLC - Metrics and Reporting
SDLC - PSIRT Secure Development Lifecycle, Dealing with Vulnerabilities
SDLC - Security Best Practices Secure Coding Best Practices: Part 1, Secure Coding Best Practices: Part 2
SDLC - Security Requirements Secure Development Lifecycle, Security Requirements
SDLC - Security Testing Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Next Generation AppSec Tools
SDLC - Third-Party Testing Secure Development Lifecycle, Penetration Testing and Bug Bounty
STRIDE Methodology Threat Modeling Process
Threat Modeling Process Threat Modeling Basics