Skip to content
Contact us
  • There are no suggestions because the search field is empty.

Post-Assessment Training Recommendations

This article provides training recommendations for learners; organized by Assessment Category and Assessment Topic areas.

Choosing Content after an Assessment

Not sure what to assign after a learner completes an Assessment?

Security Journey provides recommended follow-up lessons aligned to each Assessment category and topic area. These recommendations help reinforce concepts, address skill gaps, and deepen understanding based on how learners performed.

How to use the recommendations:

  • Each Assessment topic includes a list of suggested lessons.
  • If you are short on time and cannot assign all lessons in a topic, we recommend assigning at least the first lesson in the list.
  • For the most effective learning experience, we recommend assigning all lessons associated with the topic whenever possible.

Use these curated lesson recommendations to build targeted post-Assessment learning paths and ensure learners receive the right content at the right time.

 

Secure Coding

Topic Recommended Lesson(s)
Authentication and Authorization Issues CWE-287 Improper Authentication, Broken Authentication, CWE-798 Use of Hard-Coded Credentials, Cryptographic Failures | Use of Hard-Coded Password (Part 1), Cryptographic Failures | Use of Hard-Coded (Part 2)
Concurrency Issues Secure Coding Techniques for Embedded Systems | Part 1
Design and Configuration Flaws CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Path Traversal (CWE-22)
Data Processing Issues CWE-190 Integer Overflow or Wraparound, 
Improper Access Control CWE-862 Missing Authorization, Broken Access Control | Improper Access Control
Injection Flaws CWE-94 Improper Control of Generation of Code ('Code Injection'), Command Injection (CWE-78 -- OS Command Injection)
OWASP Injection CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), SQL Injection: Part 1, SQL Injection: Part 2, SQL Injection: Part 3
OWASP Security Logging and Monitoring Failures Logging and Exception Handling, Security Logging and Monitoring Failures | Insufficient Logging
OWASP Server-Side Request Forgery CWE-918 Server-Side Request Forgery (SSRF), Server-Side Request Forgery (SSRF)
OWASP Software and Data Integrity Failure CWE-502 Deserialization of Untrusted Data, Software and Data Integrity Failures | Overreliance on Cookies
OWASP Vulnerable and Outdated Components Software Supply Chain, Vulnerable and Outdated Components | Using Components with Known Vulnerabilities
OWASP Use of Hard-Coded Credentials CWE-798 Use of Hard-coded Credentials, Cryptographic Failures | Use of Hard-coded Password (Part 1), Cryptographic Failures | Use of Hard-coded Password (Part 2)
OWASP Insecure Design Insecure Design
OWASP Security Misconfiguration Security Misconfigurations | Error Message Containing Sensitive Information
OWASP Identification and Authentication CWE-287 Improper Authentication

Core Security Concepts

Topic  Recommended Lesson(s)
Attack Terminology Introduction to Security, Data Breaches, Attacks, Knowledge Sources
Application and Product Security Core Security Concepts, Six Foundational Truths of Application Security, Software Supply Chain
Data Privacy Privacy and Customer Data Protection, LINDDUN Privacy Threat Modeling
CIA Security Triad Core Security Concepts
Threat Actors Attackers, Social Engineering
Security Organization and Community Prioritizing Security, Translating Security, Security Myths, OWASP Universe, Knowledge Sources
Risk Terminology Risk Management for AppSec
Threat Terminology Threat Landscape, Threat Landscape: Cloud
Security Champions Security Culture and Mindset
Proactive Security Security Business Case
Security Threats and Impact Threat Landscape, Denial of Service (DoS), Social Engineering, Data Breaches

Secure Development & Design

Topic Recommended Lesson(s)
DevSecOps - Build and Deployment DevSecOps Maturity Model Build - Deployment
DevSecOps - Culture and Organization DevSecOps Maturity Model Build - Culture - Organization
DevSecOps - Implementation DevSecOps Maturity Model Implementation - Information Gathering part 1
DevSecOps - Information Gathering DevSecOps Maturity Model Implementation - Information Gathering part 2
DevSecOps - Test and Verification
SDLC - Metrics and Reporting
SDLC - PSIRT Secure Development Lifecycle, Dealing with Vulnerabilities
SDLC - Security Best Practices Secure Coding Best Practices: Part 1, Secure Coding Best Practices: Part 2
SDLC - Security Requirements Secure Development Lifecycle, Security Requirements
SDLC - Security Testing Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Next Generation AppSec Tools
SDLC - Third-Party Testing Secure Development Lifecycle, Penetration Testing and Bug Bounty
STRIDE Methodology Threat Modeling Process
Threat Modeling Process Threat Modeling Basics

Artificial Intelligence and Large Language Models

Topic Recommended Lesson(s)
AI/LLM Core Security Introduction to AI/LLM Security, Secure Development Leveraging LLMs, Governance for AI/LLM Systems
AI/LLM Training Data and Model Poisoning AI/LLM | Training Data Poisoning, Data Science Engineering for AI/LLM, Model Engineering for AI/LLM
AI/LLM Supply Chain Vulnerabilities AI/LLM | Supply Chain Vulnerabilities, AI/LLM Security Toolchain
AI/LLM Vector and Embedding Weakness AI/LLM Vector and Embedding Weaknesses, CTF AI Module | Rag Hijack, CTF AI Module | RAG
 AI/LLM Prompt Security AI Prompt Injection, AI/LLM | Prompt Leakage, CTF AI Module | Prompt Leak: I, CTF AI Module | Prompt Leak: II, CTF AI Module | Prompt Leak: III, CTF AI Module | Prompt Leak: IV 
AI/LLM Sensitive Information Disclosure AI/LLM | Sensitive Information Disclosure
, LLM Enterprise Security
AI/LLM Improper Output Handling AI/LLM | improper Output Handling
, Application and Plugin Security for AI/LLM
AI/LLM Excessive Agency AI/LLM | Excessive Agency: Prompt Security
, AI/LLM | Excessive Agency: Human in the Loop, AI/LLM | Excessive Agency: Insecure Plugin Design
AI/LLM Unbounded Consumption AI/LLM Unbounded Consumption
AI/LLM Model Theft AI/LLM | Model Theft
Model Engineering for AI/LLM
AI/LLM Misinformation AI/LLM | Misinformation