Security Journey Yellow Belt

Gain In-Depth Knowledge of Principles, Tools, Attacks, & Processes.

Learning Modules
Brown Belt Points
Number of Green Belts
Hours of Content
Number of Modules
Lessons with Experiments
Black Belt Points

Advanced AppSec Principles

The Security Journey Yellow Belt advances the organizational security foundation by diving deeper into the core concepts and principals of the White Belt. Developers and technical teams examine security truths and vulnerabilities necessary to improving code security.


What We Teach

Threat Modeling

CWE/OWASP Top 10 Lists

Privacy, Authentication, & Authorization

SQL Injections, XSS, Denial of Service

NexGen AppSec Tools

Illustration of Hannah

What Your Team Learns

Threat Modeling Basics, Examples, and Process

Applying Secure Code Review & Design Principles

How to Apply AppSec to DevOps & Agile Methodologies

Understand Major Vulnerabilities & Threats

The Role of Application Testing in AppSec

Ready to advance your team's appsec knowledge?

Here's what's included in the
Yellow Belt
Six Foundational Truths of Application Security
Secure Design Principles Part 1
Secure Design Principles Part 2
Input Validation
Output Encoding
Authentication Theory
Authorization Theory
Logging and Exception Handling
Risk Management for AppSec​
The Hacker Mindset
OWASP Top 10: Part 1
OWASP Top 10: Part 2
OWASP Top 10: Part 3
Buffer Overflows and Remote Code Execution
Denial of Service
XSS, Part One
XSS, Part Two
Injection: SQL and Command
Cross-Site Request Forgery
Insecure Communications
Social Engineering
AppSec in an Agile World, Part One
AppSec in an Agile World, Part Two
AppSec in a DevOps World
Security Behaviors for DevOps
Security Requirements
Threat Modeling Basics
Threat Modeling Process
Threat Modeling Examples
Static Application Security Testing (SAST)
Dynamic Application Security Testing (DAST)
Next Generation AppSec Tools
Vulnerability Scanning
Penetration Testing and Bug Bounty
Secure Code Review Part 1
Secure Code Review Part 2
LINDDUN Privacy Threat Modeling
LINDDUN Privacy Threat Modeling Process
LINDDUN Threat Mitigations
CWE Top 25 Part 1
CWE Top 25 Part 2
CWE Top 25 Part 3
CWE Top 25 Part 4
Server-Side Request Forgery
Here's what's included in the
Yellow Belt
Check Out All Our Green Belt Paths

Ready to advance your team's appsec knowledge?

Ready to start your journey?

Try It For Free