Skip to content
Contact us
  • There are no suggestions because the search field is empty.

Security Journey Essentials

Overview of the Security Journey Essentials package, including included paths and lesson lists.

Security Journey Essentials Package: What’s Included

The Security Journey Essentials Package is an affordable way to start your application security training program. It provides structured training designed to help teams build secure coding knowledge and support compliance needs.

Essentials includes access to one of the following learning paths:

  • OWASP Top 10 – Web Applications Path

  • PCI DSS Path

What’s Included

Option 1: OWASP Top 10 – Web Applications Path

This path is designed to train learners on the OWASP Top 10 threats to web applications. Learners start with videos that introduce key concepts and then complete hands-on lessons to practice identifying, preventing, and remediating common vulnerabilities.

Included lessons (overview):

  • OWASP Top 10 | Part 1

  • Broken Access Control

  • Cryptographic Failures

  • SQL Injection (Parts 1–3)

  • Reflected XSS

  • Stored XSS

  • DOM-Based XSS

  • Command Injection

  • OWASP Top 10 | Part 2

  • Insecure Design

  • XML External Entities

  • Vulnerable and Outdated Components

  • Identification and Authentication Failures

  • OWASP Top 10 | Part 3

  • Software and Data Integrity Failures

  • Security Logging and Monitoring Failures

  • Server-Side Request Forgery (SSRF)

Note: Some lessons are designated as hands-on lessons in the Essentials package materials.

Option 2: PCI DSS Path

The PCI DSS path is designed as a starter path for developer PCI compliance training. It covers developer training needs for PCI DSS 4.0 Section 6, but it may not fully address training requirements for every SDLC role if your compliance program requires role-specific coverage.

Included lessons (overview):

  • Security Requirements

  • Secure Development Lifecycle

  • Threat Modeling Basics

  • Intro to Secure Coding

  • Secure Coding Best Practices (Parts 1–2)

  • SAST

  • DAST

  • Vulnerability Scanning

  • Secure Code Review (Parts 1–2)

  • OWASP Top 10 | Part 1

  • Broken Access Control

  • Cryptographic Failures

  • Command Injection

  • OWASP Top 10 | Part 2

  • Identification and Authentication Failures

  • OWASP Top 10 | Part 3

  • Security Logging and Monitoring Failures

  • Server-Side Request Forgery (SSRF)

  • Software Supply Chain

  • Secure the Release

  • Securing the Development Environment

  • Protecting your Code Repository

Note: Some lessons are designated as hands-on lessons in the Essentials package materials.

Which Path Should I Choose?

Choose OWASP Top 10 – Web Applications if you want:

  • A strong introduction to common web vulnerabilities

  • A combination of concept videos and hands-on practice

Choose PCI DSS Path if you want:

  • A compliance-aligned starting point for developers

  • Coverage aligned with PCI DSS 4.0 Section 6 developer training expectations

Need More Coverage?

If you need training that supports multiple roles across the SDLC, or want full access to additional content, paths, and additional admin/reporting features, Security Journey also offers an Enterprise Package.

Still Have Questions?

If you’re not sure which Essentials path is right for your team, contact your Security Journey representative or Support for guidance.