Recommended Paths (Video and Hands On): Topic
This article describes all our Topic Based Learning Paths.
AI/LLM Security (Video and Hands On)
Deep dive into AI/LLM security. Starting from foundational topics, working through the OWASP Top 10 threats, and touching on critical business considerations when working with Generative AI.
Total Learning Path Duration: 4 hours and 17 minutes
Introduction to AI/LLM Security
AI/LLM | Sensitive Information Disclosure
AI/LLM | Supply Chain Vulnerabilities
AI/LLM | Data and Model Poisoning
AI/LLM | Improper Output Handling
AI/LLM | Excessive Agency: Human in the Loop
AI/LLM | Excessive Agency: Prompt Security
AI/LLM | Excessive Agency: Insecure Plugin Design
AI/LLM | System Prompt Leakage
AI/LLM | Vector and Embedding Weaknesses
AI/LLM | Unbounded Consumption
Secure Development Leveraging LLMs
CWE Top 25
Learn the top 25 weakness to software applications and how to prevent them.
Total Learning Path Duration: 1 hour
CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
CWE-352 Cross-Site Request Forgery (CSRF)
CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
CWE-434 Unrestricted Upload of File with Dangerous Type
CWE-94 Improper Control of Generation of Code (‘Code Injection’)
CWE-20 Improper Input Validation
CWE-77 Improper Neutralization of Special Elements used in a Command (‘Command Injection’)
CWE-287 Improper Authentication
CWE-269 Improper Privilege Managment
CWE-502 Deserialization of Untrusted Data
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-863 Incorrect Authorization
CWE-918 Server-Side Request Forgery (SSRF)
CWE-119 Improper Restriction of Operations within the Bound of a Memory Buffer
CWE-476 NULL Pointer Dereference
CWE-798 Use of Hard-coded Credentials
CWE-190 Integer Outflow or Wraparound
CWE-400 Uncontrolled Resource Consumption
CWE-306 Missing Authentication for Critical Function
OWASP API Top 10
Learn about the top ten threats to web API's. (Video + Hands On)
Total Learning Path Duration: 2 hours and 56 minutes
Broken Object Level Authorization (2023)
Broken Object Property Level Authorization
Unrestricted Resource Consumption
Broken Function Level Authorization (2023)
Unrestricted Access to Sensitive Business Flows
OWASP Top 10 Proactive Security Controls
Proactive controls are a catalog of better practices, a set of items developers can embrace and implement in their code bases to avoid many common security issues. (Video Only)
Total Learning Path Duration: 42 minutes
OWASP Proactive Controls | Implement Access Control
OWASP Proactive Controls | Cryptography to Protect Data
OWASP Proactive Controls | Validate Input and Handle Exceptions
OWASP Proactive Controls | Address Security From the Start
OWASP Proactive Controls | Secure by Default Configuration
OWASP Proactive Controls | Keep Your Components Secure
OWASP Proactive Controls | Secure Digital Identities
OWASP Proactive Controls | Leverage Browser Security Features
OWASP Proactive Controls | Implement Logging and Monitoring
OWASP Proactive Controls | Stop Server Side Request Forgery
Software Supply Chain Security
This course provides an in-depth exploration of the tools, frameworks, and best practices essential for securing the software supply chain. (Video Only)
Total Learning Path Duration: 2 hours and 3 minutes
Introduction to Software Supply Chain Security
Secure Supply Chain Consumption Framework (S2C2F) | Part 1
Secure Supply Chain Consumption Framework (S2C2F) | Part 2
S2C2F: Implementation Guide | Part 1
S2C2F: Implementation Guide | Part 2
Software Component Verification Standard (SCVS) | Part 1
Software Component Verification Standard (SCVS) | Part 2
Software Component Verification Standard (SCVS) | Part 3
Software Bill of Materials (SBOM) | Part 1
Software Bill of Materials (SBOM) | Part 2