Recommended Path: Web Developer - Backend
This article describes our Recommended Web Developer - Backend Paths.
Foundational: Web Developer
Foundational principles of application security for web developers. (Video + Hands On)
Total Learning Path Duration: 4 hours 24 minutes
Introduction to Security Journey
Broken Access Control (HackEDU)
Privacy and Customer Data Protection
Six Foundational Truths of Application Security
Secure Design Principles | Part 1
Secure Design Principles | Part 2
Intermediate: Web Developer
Technical deep dive into the threats and security controls relevant to web developers. (Video + Hands On)
Total Learning Path Duration: 5 hours 5 minutes
Identification and Authentication Failures (HackEDU)
Logging and Exception Handling
OWASP Session Managment Cheat Sheet
OWASP Key Managment Cheat Sheet
OWASP Secrets Managment Cheat Sheet | Part 1
OWASP Secrets Managment Cheat Sheet | Part 2
Static Application Security Testing (SAST)
Static Application Security Testing (SAST) (HackEDU)
Dynamic Application Security Testing (DAST)
Dynamic Application Security Testing (DAST) (HackEDU)
Advanced: Apex
Learn how to identify and remediate the common weaknesses in Apex code and lighting web applications. (Video + Hands On)
Total Learning Path Duration: 3 hours 42 minutes
Designing a Secure App or Product
Secure Design Principles in Action: Part 1
Secure Design Principles in Action: Part 2
Producing Clean, Maintainable, and Secure Code
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Common Apex Weaknesses | Part 1
Common Apex Weaknesses | Part 2
Common Apex Weaknesses | Part 3
Communication Weaknesses in Apex
Advanced: API
Secure design, secure coding, and specialized API security topics, ranging from the threat landscape, OWASP Top 10 for API, authentication, authorization, and best practices. (Video + Hands On)
Total Learning Path Duration: 5 hours 9 minutes
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Broken Object Level Authorization (2023) (HackEDU)
Broken Authentication (HackEDU)
Broken Object Property Level Authorization (HackEDU)
Unrestricted Resource Consumption (HackEDU)
Broken Function Level Authorization (2023) (HackEDU)
Unrestricted Access to Sensitive Business Flows (HackEDU)
API Security Misconfiguration (HackEDU)
Improper Inventory Managment (HackEDU)
Unsafe Consumption of APIs (HackEDU)
API: Authentication and Authorization
API: Security Best Practices, Part 1
API: Security Best Practices, Part 2
Advanced: Blockchain (Solidity)
Designing secure applications, secure coding, then specialty topics in Blockchain security ranging from crypto wallet security, cryptocurrency scams, blockchain threats, and secure coding in solidity. (Video + Hands On)
Total Learning Path Duration: 5 hours 59 minutes
Designing a Secure App or Product
Secure Design Principles in Action: Part 1
Secure Design Principles in Action: Part 2
Producing Clean, Maintainable, and Secure Code
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Securing the Development Environment
Protecting your Code Repository
Introduction to Blockchain Security
Personal Cryptocurrency Wallet Security
Blockchain Threat Landscape | Part 1
Blockchain Threat Landscape | Part 2
Smart Contract Security Best Practices
Smart Contract Weaknesses | Part 1
Smart Contract Weaknesses | Part 2
Smart Contract Weaknesses | Part 3
Smart Contract Weaknesses | Part 4
Smart Contract Security Toolchain
Smart Contract Threat Modeling
Advanced: C#
Secure design, coding best practices, vulnerability mitigation, and advanced topics in authentication, authorization, and error handling for C# developers. (Video + Hands On)
Total Learning Path Duration: 5 hours and 55 minutes
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Producing Clean, Maintainable, and Secure Code
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
C#: Input Validation: Syntactic and Semantic
Reflected Cross-Site Scripting (XSS) (HackEDU)
SQL Injection: Part 1 (HackEDU)
XML External Entities (XXE) (HackEDU)
C#: Serialization and Deserialization
C#: Authentication: Basic and Windows
C#: Authorization: Simple, Role and View Based
Broken Function Level Authorization (HackEDU)
C#: Error Handling and Exceptions
Advanced: C++ (Backend)
Secure application design, secure coding, and specialized C++ security topics, ranging from SQL Injections, XSS threats, authorization, and SSRF. (Video + Hands On)
Total Learning Path Duration: 5 hours and 43 minutes
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Producing Clean, Maintainable, and Secure Code
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
SQL Injection: Part 1 (HackEDU)
SQL Injection: Part 2 (HackEDU)
SQL Injection: Part 3 (HackEDU)
Reflected Cross-Site Scripting (XSS) (HackEDU)
Stored Cross-Site Scripting (XSS) (HackEDU)
XML External Entities (XXE) (HackEDU)
Broken Object Level Authorization (HackEDU)
Broken Function Level Authorization (HackEDU)
Excessive Data Exposure (HackEDU)
Secure Password Storage: Part 1 (HackEDU)
Server-Side Request Forgery (SSRF) (HackEDU)
Diffie-Hellman Key Exchange (HackEDU)
Advanced: Clojure
Secure development, coding best practices, vulnerability mitigation, and advanced topics in authentication, authorization, and logging for Clojure developers. (Video + Hands On)
Total Learning Path Duration: 5 hours and 29 minutes
Designing a Secure App or Product
Producing Clean, Maintainable, and Secure Code
Clojure Cryptographic Failures
Cryptographic Failures (HackEDU)
SQL Injection: Part 1 (HackEDU)
SQL Injection: Part 2 (HackEDU)
SQL Injection: Part 3 (HackEDU)
Clojure Security Misconfigurations
Security Misconfigurations (HackEDU)
Clojure Vulnerable and Outdated Components
Clojure Identification and Authentication Failures
Clojure Software and Data Integrity Failures
Software and Data Integrity Failures (HackEDU)
XML External Entities (XXE) (HackEDU)
Clojure Security Logging and Monitoring Failures
Security Logging and Monitoring Failures (HackEDU)
Clojure Server-Side Request Forgery (SSRF)
Server-Side Request Forgery (SSRF) (HackEDU)
Advanced: COBOL
Secure application design, secure coding, and specialized COBOL security topics, ranging from logging, supply chain, input management, and mainframe security. (Video Only)
Total Learning Path Duration: 4 hours and 56 minutes
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Producing Clean, Maintainable, and Secure Code
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Securing the Development Environment
Protecting your Code Repository
Introduction to COBOL Security
COBOL Secure Logging Practices
COBOL Exception and Error Handling
Advanced: Go
Secure application design, secure coding, and specialized Go security topics, ranging from securing database interactions, error handling, password storage, and addressing OWASP Top 10 threats to web applications. (Video + Hands On)
Total Learning Path Duration: 5 hours 16 minutes
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Producing Clean, Maintainable, and Secure Code
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Encoding, Hashing, and Encryption (HackEDU)
SQL Injection: Part 1 (HackEDU)
Server-Side Request Forgery (SSRF) (HackEDU)
Secure Database Interactions in Go
Secure Password Storage: Part 1 (HackEDU)
Advanced: Java (Backend)
Secure design, coding best practices, vulnerability mitigation, and advanced topics in authentication, authorization, and error handling for Java developers. (Video + Hands On)
Total Learning Path Duration: 5 hours 39 minutes
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Producing Clean, Maintainable, and Secure Code
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Java: Input Validation: Syntactic and Semantic
Reflected Cross-Site Scripting (XSS) (HackEDU)
Java: Parameterization with SQL
SQL Injection: Part 1 (HackEDU)
Java: Securely Working with XML
XML External External Entities (XXE) (HackEDU)
Java: Serialization and Deserialization
Java: Authentication: Basic and Kerberos
Java: Authorization: Simple, Role, and View-based
Broken Function Level Authorization (HackEDU)
Java: Error Handling and Exceptions
Advanced: JavaScript (Node.js)
Secure design, coding excellence, and advanced Node.js security techniques, fostering expertise in vulnerability prevention, input validation, output encoding, and proactive threat mitigation. (Video + Hands On)
Total Learning Path Duration: 5 hours 36 minutes
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Producing Clean, Maintainable, and Secure Code
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Node.js: Validating and Sanitizing Input
Node.js: OWASP Top 10 | Part 1
Broken Function Level Authorization (HackEDU)
Encoding, Hashing, and Encryption (HackEDU)
DOM-Based Cross-Site Scripting (XSS) (HackEDU)
Node.js: OWASP Top 10 | Part 2
XML External Entities (XXE) (HackEDU)
Node.js: OWASP Top 10 | Part 3
Server-Side Request Forgery (SSRF) (HackEDU)
Advanced: Kotlin (Backend)
Secure application design, secure coding, and specialized Kotlin security topics, ranging from SQL Injections, XSS, XML, authorization, and password management. (Video + Hands On)
Total Learning Path Duration: 5 hours 51 minutes
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Producing Clean, Maintainable, and Secure Code
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
SQL Injection: Part 1 (HackEDU)
SQL Injection: Part 2 (HackEDU)
SQL Injection: Part 3 (HackEDU)
Reflected Cross-Site Scripting (XSS) (HackEDU)
Stored Cross-Site Scripting (XSS) (HackEDU)
Server-Side Request Forgery (SSRF) (HackEDU)
XML External Entities (XXE) (HackEDU)
Security Misconfiguration (HackEDU)
Broken Object Level Authorization (HackEDU)
Broken Function Level Authorization (HackEDU)
Excessive Data Exposure (HackEDU)
Secure Password Storage: Part 1 (HackEDU)
Secure Password Storage: Part 2 (HackEDU)
Secure Password Storage: Part 3 (HackEDU)
Diffie-Hellman Key Exchange (HackEDU)
Advanced: Perl
Total Learning Path Duration: 5 hours 43 minutes
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Producing Clean, Maintainable, and Secure Code
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Securing the Development Environment
SQL Injection: Part 1 (HackEDU)
Reflected Cross-Site Scripting (XSS) (HackEDU)
Stored Cross-Site Scripting (XSS) (HackEDU)
Software and Data Integrity Failures (HackEDU)
Security Logging and Monitoring Failures (HackEDU)
Server-Side Request Forgery (SSRF) (HackEDU)
XML External Entities (XXE) (HackEDU)
Security Misconfiguration (HackEDU)
Secure Password Storage: Part 1 (HackEDU)
Secure Password Storage: Part 2 (HackEDU)
Secure Password Storage: Part 3 (HackEDU)
Diffie-Hellman Key Exchange (HackEDU)
Advanced: PHP (CodeIgniter)
From secure design to coding best practices and advanced PHP security, cover principles of secure development, code reviews, threat awareness, and CodeIgniter security. (Video + Hands On)
Total Learning Path Duration: 4 hours 53 minutes
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Producing Clean, Maintainable, and Secure Code
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Functions Vulnerable to Injection Attacks in PHP
SQL Injection: Part 1 (HackEDU)
Broken Function Level Authorization (HackEDU)
Stored Cross-Site Scripting (XSS) (HackEDU)
Static Analysis Security Testing with PHP
Secure Password Storage Part 1 (HackEDU)
Input Validation in Codeigniter
Advanced: PHP (Laravel)
From secure design to coding best practices and advanced PHP security, cover principles of secure development, code reviews, threat awareness, and Laravel security. (Video + Hands On)
Total Learning Path Duration: 4 hours 55 minutes
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Producing Clean, Maintainable, and Secure Code
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Functions Vulnerable to Injection Attacks in PHP
SQL Injection: Part 1 (HackEDU)
Broken Function Level Authorization (HackEDU)
Stored Cross-Site Scripting (XSS) (HackEDU)
Static Analysis Security Testing with PHP
Secure Password Storage Part 1 (HackEDU)
Authentication and Authorization in Laravel
Advanced: PHP (Symfony)
From secure design to coding best practices and advanced PHP security, cover principles of secure development, code reviews, threat awareness, and Symfony security. (Video + Hands On)
Total Learning Path Duration: 4 hours 54 minutes
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Producing Clean, Maintainable, and Secure Code
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Functions Vulnerable to Injection Attacks in PHP
SQL Injection: Part 1 (HackEDU)
Broken Function Level Authorization (HackEDU)
Stored Cross-Site Scripting (XSS) (HackEDU)
Static Analysis Security Testing with PHP
Secure Password Storage Part 1 (HackEDU)
Authentication and Authorization in Symfony
Advanced: Python
Secure application design, secure coding, and specialized Python security topics, ranging from the threat landscape, input validation, OS interactions, and secure secrets handling. (Video + Hands On)
Total Learning Path Duration: 6 hours
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Producing Clean, Maintainable, and Secure Code
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Introduction to Python Security
Secure Code Constructs in Python
Reflected Cross-Site Scripting (XSS) (HackEDU)
Secure Coding with Python | Part 1
Secure Coding with Python | Part 2
Secure Coding with Python | Part 3
SQL Injection: Part 1 (HackEDU)
Secure OS Interactions with Python
Secure Serialization with Python
Storing and Using Secrets with Python
Encoding, Hashing, and Encryption (HackEDU)
Secure Password Storage: Part 1 (HackEDU)
Advanced: Python (Django)
Secure application design, secure coding, and specialized Python security topics, ranging from the threat landscape, input validation, OS interactions, and Django best practices. (Video + Hands On)
Total Learning Path Duration: 6 hours 13 minutes
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Producing Clean, Maintainable, and Secure Code
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Introduction to Python Security
Secure Code Constructs in Python
Reflected Cross-Site Scripting (XSS) (HackEDU)
Secure Coding with Python | Part 1
Secure Coding with Python | Part 2
Secure Coding with Python | Part 3
SQL Injection: Part 1 (HackEDU)
Secure Serialization with Python
Storing and Using Secrets with Python
Secure Password Storage: Part 1 (HackEDU)
Django Security Best Practices | Part 1
Django Security Best Practices | Part 2
Advanced: Ruby (RoR)
Secure application design, secure coding, and specialized Ruby security topics, ranging from the threat landscape, input validation, OWASP Top 10, and supply chain security. (Video + Hands On)
Total Learning Path Duration: 5 hours 32 minutes
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Producing Clean, Maintainable, and Secure Code
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Secure Coding with Ruby | Part 1
Secure Coding with Ruby | Part 2
Secure Coding with Ruby | Part 3
Building a Secure Rails Application
SQL Injection: Part 1 (HackEDU)
XML External Entities (XXE) (HackEDU)
Secure Password Storage: Part 1 (HackEDU)
The Ruby Secure Software Supply Chain
Advanced: Rust
Secure application design, secure coding, and specialized Rust security topics, ranging from input validation, Unsafe Rust and FFI, OWASP Top 10, and seure error handling. (Video + Hands On)
Total Learning Path Duration: 4 hours 50 minutes
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Producing Clean, Maintainable, and Secure Code
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
SQL Injection: Part 1 (HackEDU)
Secure Password Storage: Part 1 (HackEDU)
Server-Side Request Forgery (SSRF) (HackEDU)
Rust Secure Software Supply Chain
Advanced: Scala
Designing resilient applications, applying secure design principles, secure coding, and addressing specialized Scala security topics, like input validation, vulnerability handling, and error mitigation. (Video + Hands On)
Total Learning Path Duration: 5 hours 39 minutes
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Producing Clean, Maintainable, and Secure Code
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Introduction to Scala Security
Broken Function Level Authorization (HackEDU)
SQL Injection: Part 1 (HackEDU)
XML External Entities (XXE) (HackEDU)
Server-Side Request Forgery (SSRF) (HackEDU)
Scala Secure Software Supply Chain
Secure Error Handling with Scala
Advanced: TypeScript (Backend)
Secure design, secure coding, and advanced back-end TypeScript security techniques, including principles of secure development, best practices, and code reviews. (Video + Hands On)
Total Learning Path Duration: 5 hours 16 minutes
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Producing Clean, Maintainable, and Secure Code
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
TypeScript: Introduction to TypeScript Security
TypeScript: Secure Constructs with TypeScript Part 1
Secure Password Storage: Part 1 (HackEDU)
TypeScript: Secure Constructs with TypeScript Part 2
DOM-Based Cross-Site Scripting (XSS) (HackEDU)
TypeScript: Secure Coding with TypeScript Part 1
Broken Function Level Authorization (HackEDU)
TypeScript: Secure Coding with TypeScript Part 2
Encoding, Hashing, and Encryption (HackEDU)
TypeScript: Input Validation for TypeScript
SQL Injection: Part 1 (HackEDU)
TypeScript: TypeScript Secure Build Toolchain
XML External Entities (XXE) (HackEDU)
Server-Side Request Forgery (SSRF) (HackEDU)