Recommended Paths (Video and Hands On): Topic

AI/LLM Security (Video and Hands On)

Deep dive into AI/LLM security. Starting from foundational topics, working through the OWASP Top 10 threats, and touching on critical business considerations when working with Generative AI.

Total Learning Path Duration: 4 hours and 17 minutes

Introduction to AI/LLM Security

Data Science Engineering for AI/LLM

AI/LLM | Training Data Poisoning (HackEDU)

AI/LLM | Supply Chain Vulnerabilities (HackEDU)

AI/LLM | Sensitive Information Disclosure (HackEDU)

Model Engineering for AI/LLM

AI/LLM | Model Denial of Service (HackEDU)

AI/LLM | Overreliance (HackEDU)

Model Theft

Application and Plugin Security for AI/LLM

AI/LLM | Prompt Injection (HackEDU)

AI/LLM | Insecure Output Handeling (HackEDU)

AI/LLM | Insecure Plugin Design (HackEDU)

AI/LLM | Excessive Agency (HackEDU)

AI/LLM Security Toolchain

Secure Development Leveraging LLMs

LLM Enterprise Security

Governance for AI/LLM Systems

CWE Top 25

Learn the top 25 weakness to software applications and how to prevent them.

Total Learning Path Duration: 1 hour

CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CWE-787 Out-of-bound Write

CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)

CWE-352 Cross-Site Request Forgery (CSRF)

CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

CWE-125 Out-of-Bound Read

CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

CWE-416 Use After Free

CWE-862 Missing Authorization

CWE-434 Unrestricted Upload of File with Dangerous Type

CWE-94 Improper Control of Generation of Code (‘Code Injection’)

CWE-20 Improper Input Validation

CWE-77 Improper Neutralization of Special Elements used in a Command (‘Command Injection’)

CWE-287 Improper Authentication

CWE-269 Improper Privilege Managment

CWE-502 Deserialization of Untrusted Data

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CWE-863 Incorrect Authorization

CWE-918 Server-Side Request Forgery (SSRF)

CWE-119 Improper Restriction of Operations within the Bound of a Memory Buffer

CWE-476 NULL Pointer Dereference

CWE-798 Use of Hard-coded Credentials

CWE-190 Integer Outflow or Wraparound

CWE-400 Uncontrolled Resource Consumption

CWE-306 Missing Authentication for Critical Function

OWASP API Top 10

Learn about the top ten threats to web API's. (Video + Hands On)

Total Learning Path Duration: 2 hours and 56 minutes

OWASP API Top 10 | Part 1

Broken Object Level Authorization (2023) (HackEDU)

Broken Authentication (HackEDU)

Broken Object Property Level Authorization (HackEDU)

OWASP API Top 10 | Part 2

Unrestricted Resource Consumption (HackEDU)

Broken Function Level Authorization (2023) (HackEDU)

Unrestricted Access to Sensitive Business Flows (HackEDU)

OWASP API Top 10 | Part 3

Server-Side Request Forgery

API Security Misconfiguration (HackEDU)

Improper Inventory Managment (HackEDU)

Unsafe Consumption of APIs (HackEDU)

OWASP Top 10 Proactive Security Controls

Proactive controls are a catalog of better practices, a set of items developers can embrace and implement in their code bases to avoid many common security issues. (Video Only)

Total Learning Path Duration: 42 minutes

OWASP Proactive Controls | Implement Access Control

OWASP Proactive Controls | Cryptography to Protect Data

OWASP Proactive Controls | Validate Input and Handle Exceptions

OWASP Proactive Controls | Address Security From the Start

OWASP Proactive Controls | Secure by Default Configuration

OWASP Proactive Controls | Keep Your Components Secure

OWASP Proactive Controls | Secure Digital Identities

OWASP Proactive Controls | Leverage Browser Security Features

OWASP Proactive Controls | Implement Logging and Monitoring

OWASP Proactive Controls | Stop Server Side Request Forgery

Software Supply Chain Security

This course provides an in-depth exploration of the tools, frameworks, and best practices essential for securing the software supply chain. (Video Only)

Total Learning Path Duration: 2 hours and 3 minutes

Introduction to Software Supply Chain Security

Secure Supply Chain Consumption Framework (S2C2F) | Part 1

Secure Supply Chain Consumption Framework (S2C2F) | Part 2

S2C2F: Implementation Guide | Part 1

S2C2F: Implementation Guide | Part 2

Software Component Verification Standard (SCVS) | Part 1

Software Component Verification Standard (SCVS) | Part 2

Software Component Verification Standard (SCVS) | Part 3

Software Bill of Materials (SBOM) | Part 1

Software Bill of Materials (SBOM) | Part 2

Recommended Paths (Video and Hands On): Topic

This article describes all our Topic Based Learning Paths.

AI/LLM Security (Video and Hands On)

Deep dive into AI/LLM security. Starting from foundational topics, working through the OWASP Top 10 threats, and touching on critical business considerations when working with Generative AI.

Total Learning Path Duration: 4 hours and 17 minutes

CWE Top 25

Learn the top 25 weakness to software applications and how to prevent them.

Total Learning Path Duration: 1 hour

OWASP API Top 10

Learn about the top ten threats to web API's. (Video + Hands On)

Total Learning Path Duration: 2 hours and 56 minutes

OWASP Top 10 Proactive Security Controls

Proactive controls are a catalog of better practices, a set of items developers can embrace and implement in their code bases to avoid many common security issues. (Video Only)

Total Learning Path Duration: 42 minutes

Software Supply Chain Security

This course provides an in-depth exploration of the tools, frameworks, and best practices essential for securing the software supply chain. (Video Only)

Total Learning Path Duration: 2 hours and 3 minutes