The Secure Coding Training: 2 Year Plan assigns 2-3 lessons per month for 24 months.
Year 1 has 33 lessons covering the basics such as the OWASP Top 10 and well known public vulnerabilities, plus much more.
Year 2 has 25 lessons covering more advanced topics such as Oauth Implementation, Docker, Security Configuration Management and Reverse Engineering for iOS, to name a few.
You can easily customize this training plan and change the lesson frequency to turn it into a 3 year plan. These lessons are seen as the most critical secure coding training content to keep your organization safe.
Year one of the Secure Coding Training: 2 Year Plan includes the following lessons.
SQL Injection: Part 1
Reflected Cross-Site Scripting (XSS)
Identification and Authentication Failures
Broken Access Control
Security Logging and Monitoring Failures
Vulnerable and Outdated Components
XML External Entities (XXE)
Software and Data Integrity Failures
Server-Side Request Forgery (SSRF)
Excessive Data Exposure
Broken Function Level Authorization
API Security Misconfiguration
SQL Injection: Part 2
Stored Cross-Site Scripting (XSS)
Capital One: Part 1
Capital One: Part 2
Capital One: Part 3
Improper Assets Management
Lack of Resources and Rate Limiting
Broken Object Level Authorization
JSON Web Token (JWT) Authentication Security
Cross-Site Request Forgery (CSRF)
SQL Injection: Part 3
DOM-Based Cross-Site Scripting (XSS)
MySpace "Samy" Worm
Remote Code Execution
Year two of the Secure Coding Training: 2 Year Plan includes the following lessons.
Apache Struts 2
OAuth Implementation Vulnerabilities: Part 1
OAuth Implementation Vulnerabilities: Part 2
XSS in Third-Party Integration
Abusing the $where operator
Using comparison operators
User input as keys
Docker Image Scanning
Docker Container Hardening
Docker Secret Handling
Static Application Security Testing (SAST)
Dynamic Application Security Testing (DAST)
Security Unit Tests
Security Configuration Management
Infrastructure as Code
Reverse Engineering (iOS)
Code Tampering (Android)