The Secure Coding Training: 2 Year Plan assigns 2-3 lessons per month for 24 months.

  • Year 1 has 31 lessons covering the basics such as the OWASP Top 10 and well known public vulnerabilities, plus much more.

  • Year 2 has 25 lessons covering more advanced topics such as Oauth Implementation, Docker, Security Configuration Management and Reverse Engineering for iOS, to name a few.

You can easily customize this training plan and change the lesson frequency to turn it into a 3 year plan. These lessons are seen as the most critical secure coding training content to keep your organization safe.


Year 1

Year one of the Secure Coding Training: 2 Year Plan includes the following lessons.

Month #

1

SQL Injection: Part 1

Command Injection

Reflected Cross-Site Scripting (XSS)

2

Identification and Authentication Failures

Broken Access Control

Security Misconfiguration

3

Cryptographic Failures

Security Logging and Monitoring Failures

Vulnerable and Outdated Components

4

XML External Entities (XXE)

Software and Data Integrity Failures

Server-Side Request Forgery (SSRF)

5

Excessive Data Exposure

Broken Function Level Authorization

API Security Misconfiguration

6

SQL Injection: Part 2

Stored Cross-Site Scripting (XSS)

Insecure Design

7

Capital One: Part 1

Capital One: Part 2

Capital One: Part 3

8

Improper Assets Management

Lack of Resources and Rate Limiting

Broken Object Level Authorization

9

Mass Assignment

JSON Web Token (JWT) Authentication Security

Cross-Site Request Forgery (CSRF)

10

SQL Injection: Part 3

DOM-Based Cross-Site Scripting (XSS)

11

Stack Overflow

ClickJacking

12

MySpace "Samy" Worm

Remote Code Execution


Year 2

Year two of the Secure Coding Training: 2 Year Plan includes the following lessons.

Month #

1

Apache Struts 2

Blind XXE

2

OAuth Implementation Vulnerabilities: Part 1

OAuth Implementation Vulnerabilities: Part 2

3

Threat Modeling

XSS in Third-Party Integration

4

Off-By-One

Heap Overflow

5

Abusing the $where operator

Using comparison operators

User input as keys

6

Docker Introduction

Dockerfile Introduction

Docker Image Scanning

7

Docker Container Hardening

Docker Secret Handling

8

Commit Hooks

Static Application Security Testing (SAST)

9

Dynamic Application Security Testing (DAST)

Security Unit Tests

10

Security Configuration Management

Infrastructure as Code

11

Format String

12

Reverse Engineering (iOS)

Code Tampering (Android)

Did this answer your question?