Starting your
Journey

Starting your Journey

Our Approach

CONVERSATIONAL

We don’t do a lecture. Instead, we let the experts talk about what’s important in security.

QUICK

Our modules are 10-20 minutes long. We know your team can’t always spend hours on training.

DEEP

The best security minds create our content – active influencers in the industry.

FUN

Training shouldn’t be boring. We provide engaging, never-boring security training.

Our Approach

CONVERSATIONAL

We don’t do a lecture. Instead, we let the experts talk about what’s important in security.

QUICK

Our modules are 10-20 minutes long. We know your team can’t always spend hours on training.

DEEP

The best security minds create our content – active influencers in the industry.

FUN

Training shouldn’t be boring. We provide engaging, never-boring security training.

What we cover

White Belt provides a basic security vocabulary and a solid foundation that improves communication and prioritizes security in one’s thinking. It applies to anyone with an interest in secure development or whose job requires knowledge of application security.

After White Belt sets the foundation, Yellow Belt takes your technical staff deeper into the topics that are most critical to keeping your products secure. By the end, they’ll understand:

  • The most important principles of security: secure design, input validation, authentication, authorization, logging, and cryptography
  • How to combat the most common and dangerous kinds of attacks: OWASP Top 10, buffer overflows, denial of service, and the social engineering techniques hackers use to breach systems
  • The tools and processes that will uncover and mitigate vulnerabilities: threat modeling, static and dynamic analysis, vulnerability scanning, pen testing, and more

Different roles have different responsibilities—that’s why Green Belt lets your team members dive deep into the security skills and tools that apply to the specific roles they have in your organization.

  • Developers will learn exactly how to write secure code and catch errors early
  • Testers will be able to use white and black box techniques, pen testing, and other critical testing tools and processes that dramatically reduce vulnerabilities
  • Managers will learn how to lead their teams to improved security, allocate the right resources, and give developers and testers the support they need to thrive

The Brown and Black Belt modules walk your team through performing actual security tasks to strengthen your software development lifecycle and security processes. They’ll be able to:

  • Take on leadership roles in your organization’s security culture and sustain its growth long after they’ve completed the training program
  • Improve the systems and processes that strengthen your application security
  • Mentor and teach other developers as they begin their own security journey

The Brown and Black Belt modules walk your team through performing actual security tasks to strengthen your software development lifecycle and security processes. They’ll be able to:

  • Take on leadership roles in your organization’s security culture and sustain its growth long after they’ve completed the training program
  • Improve the systems and processes that strengthen your application security
  • Mentor and teach other developers as they begin their own security journey

We understand that embedded developers have unique challenges when it comes to security. We build on the shared security foundation to help identify and provide training on the most common security concerns that the embedded developer encounters.  Our embedded developer path is a “create-your-own-adventure” based on the technology in your stack. Topics covered include: build systems, authentication, updates, credential storage, embedded threat landscape, dependencies, secure communications, image signing, hardening, and more. This content is part of the green belt level. 

Total Modules: 12-18
Training Time: 6-8 hours
Available Fall 2019

Most companies have discovered the merits of containers. But, what about security? That’s what we tackle with our training on Docker and Kubernetes. What are the most common security issues facing us when we use containers? This content is part of the green belt level. 

Total Modules: 6-10
Training Time: 3-4 hours
Available Summer 2019

Ruby on Rails (RoR) has many security features built in, but it’s not without security pitfalls. The Ruby on Rails pathway prepares developers to implement secure coding principles in RoR. These advanced modules go deep on the most common security vulnerabilities impacting RoR. Topics include sessions, CSRF, redirection and files, user management, injection, unsafe queries, and operational security.

C#/.NET pathway prepares developers to implement secure coding principles in C#, ASP.NET Core MVC and Razor Pages, ASP.NET, .NET Core, and .NET Framework. These advanced modules go deep on the most common security vulnerabilities for C#/.NET. Topics include validation, parameterization, authentication, authorization, sessions/cookies, logging, exceptions, cryptography, data protection, hashing passwords, and much more. Each module includes hands-on, code-based experiments.

Total Modules: 30
Training Time: 12-14 hours
Available now

C/C++ pathway prepares developers to
implement secure coding principles in C/C++. These advanced modules go deep on the most common security vulnerabilities for C/C++ developers. Topics include vulnerability classes, CWE, stack buffer overflows, platform mitigations, undefined behavior, exploitable programming constructs, and much more. Each module includes hands-on, code-based experiments.

Total Modules: 17
Training Time: 7-9 hours
Available now

Java pathway prepares developers to implement secure coding principles in Java, Spring, and Hibernate. These advanced modules go deep on the most common security vulnerabilities for Java developers. Topics include validation, parameterization, authentication, authorization, sessions/cookies, logging, exceptions, cryptography, data protection, hashing passwords, and much more. Each module includes hands-on, code-based experiments.

Total Modules: 30
Training Time: 12-14 hours
Available now

Secure Development modules continue building on the foundation of white and yellow belt. These modules provide expert training on best security practices for developers, regardless of language or technology. Topics include secure coding best practices, securing your development environment, protecting your code repository, producing a secure code culture, securing your release, secure design principles applied, and much more.

Total Modules: 12
Training Time: 4-5 hours
Available now

We live in a DevOps world. As more and more companies make the transition to DevOps, it becomes critical to understand security principles for all of the technologies that touch your development environment. Our DevSecOps pathway is a “create-your-own-adventure” based on the technology in your stack. Technologies include AWS, Docker, Kubernetes, API/Microservices, Python and others.    

Total Modules: 20
Training Time: 8-10 hours
Available September 2019 

We all depend on the cloud. When it comes to cloud providers, how aware are we of the security issues facing us when using our cloud service provider? These modules seek to highlight the most common problems facing developers when it comes to security and the cloud, including access control, authentication, key management, and logging. This content is part of the green belt level. 

Total Modules: 6-10
Training Time: 3-4 hours
Available Summer 2019 

The Front End Developer pathway prepares developers to implement secure coding principles on the front end. These advanced modules go deep on the most common security vulnerabilities for Front End developers. Technologies covered include JavaScript, React, and Angular. Topics include usability, vulnerabilities, API security, data layer frameworks, and more. Each module comprises hands-on, code-based experiments. 

Total Modules: 14-18
Training Time: 6-8 hours
Available December 2019

The use of APIs and microservices has become a standard approach for development. APIs and microservices share classes of vulnerabilities with other languages, but also introduce new issues with segmentation and consistency of security implementationThese modules seek to highlight the most common issues facing developers with securing APIs/microservices, including authentication, authorization, logging, and segmentation. This content is part of the green belt level.  

Total Modules: 6-10
Training Time: 3-4 hours
Available Summer 2019

Want to learn more about Security Journey? When you schedule your demo, you will receive free trial access, our full catalog and a one-on-one demo of our platform.

Want to learn more about Security Journey? When you schedule your demo, you will receive free trial access, our full catalog and a one-on-one demo of our platform.