The Secure Development Training: 1-Year plan is our default training plan. It was designed to start your learners with beginner level lessons and as the year progresses move them to moderate and then advanced content.

This training plan preset contains 31 lessons spread out over 12 month-long phases and will cover the basics such as the OWASP Top 10 and well known public vulnerabilities. With no more then 1-3 lessons per month, your learners will be able to build a strong foundational knowledge of secure coding principles and best-practices.


The one-year plan contains the following lessons.

Month #

1

SQL Injection: Part 1

Command Injection

Reflected Cross-Site Scripting (XSS)

2

Identification and Authentication Failures

Broken Access Control

Security Misconfiguration

3

Cryptographic Failures

Security Logging and Monitoring Failures

Vulnerable and Outdated Components

4

XML External Entities (XXE)

Software and Data Integrity Failures

Cross-Site Request Forgery (CSRF)

5

Capital One: Part 1

Capital One: Part 2

Capital One: Part 3

6

Excessive Data Exposure

Broken Function Level Authorization

API Security Misconfiguration

Broken Object Level Authorization

7

Mass Assignment

Lack of Resources and Rate Limiting

JSON Web Token (JWT) Authentication Security

8

XSS in Third-Party Integration

SQL Injection: Part 2

Stored Cross-Site Scripting (XSS)

9

Stack Overflow

10

Blind XXE

DOM-Based Cross-Site Scripting (XSS)

11

Remote Code Execution

12

Apache Struts 2

MySpace "Samy" Worm


Did this answer your question?