The following Course Templates are available in our Security Awareness and Design section.
- Security Awareness 101
- Foundations of Software Security
- Security Requirments
- Threat Modelling
- Open-Source Software (OSS)
- Open-Source Policies and Risks
- PCI DSS v4.0 Concepts and Compliance
- Architecture Risk Analysis
- Attack and Defense
- Risk-Based Security Testing Strategy
- Security for Data Scientists & Analysts
- OWASP Top 10 for Large Language Model (LLM) Applications
- Data Security
- OAuth 2.0 Security
- Introduction to Automotive Security
- Secure Development for Healthcare
- Introduction to GDPR
- GDPR for Developers and Architects
- GDPR for Development and Project Managers
- Introduction to CCPA
Security Awareness 101
This pre-filled conceptual course contains videos, guidelines, and missions designed to introduce the learner to software security and the most prevalent vulnerabilities. It functions as an excellent comprehensive overview of a wide range of security concepts and topics that are highly relevant to the SDLC.
Audience: Architects, Engineers, Engineering Managers, QA, Product Managers, Business Analysts
Topics covered in this template:
-
Application Security Concepts
- Defense In Depth
- Open Design
- Logging
- Robust Error Checking
- Reuse of Existing Security Controls in a Framework or Language
- Data Protection
- Least Privileges
- Secure by Default
- Trust No Input
- Fail Securely
-
Web Application Security
- In-depth into Cookies and Sessions
- Local Storage
- Issues with Client-Side Security Measures
- CSP, SOP, CORS
- Insufficient Data Escaping
- Improper or Missing HTTP Headers
- Missing Function Level Access Control
- SQL Injection
- Improper Authentication
- Plaintext Storage of Passwords
-
Threat Modeling
- Threat Modeling Overview
- Introduction
- Understanding Your System and Environment
- Methodologies
- S.T.R.I.D.E.
- Threat Modeling Tools
- Implementation of Threat Modeling Practices
- Threat Modeling WorkFlow
-
Foundations of Software Security
- Introduction
- Software Security Initiative (SSI)
- Software Development Life Cycle (SDLC) and SSDLC
- Application Security Testing
- Secure Code Reviews
- Introduction to Security Standards
- Introduction to OWASP
-
Security Requirements
- Introducing Software Security Requirements
- Requirements Gathering and Methodologies
- How to Write Security Requirements
- Verifying Security Requirements
-
Open Source Software
- Introduction
- Overview of OWASP Top 10 Risks
- Case Studies
- Managing Open-Source Software Risk
-
LLM Awareness
- Advantages of Using AI when Writing Code
- Potential Dangers of Using AI when Writing Code
Foundations of Software Security
This language-agnostic conceptual course introduces fundamental software security concepts throughout the Software Development Life Cycle (SDLC). Participants will learn to establish Software Security Initiatives (SSI), conduct secure code reviews, and implement application security testing.
Audience: Architects, Engineers, Engineering Managers, QA, Product Managers, Business Analysts
Topics covered in this template:
- Introduction and Overview of Software Security Concepts
- Software Security Initiatives (SSI)
- Software Development Life Cycle (SDLC) and SSDLC
- Application Security Testing
- Secure Code Reviews
- Introduction to Security Standards
- Introduction to OWASP
Security Requirements
This conceptual course covers methodologies for gathering, defining, and verifying security requirements. Participants will learn what they are and how to write actionable security requirements that align with organisational goals.
Audience: Architects, Engineering Managers, Product Managers, Business Analysts
Topics covered in this template:
- Introducing Software Security Requirements
- Requirements Gathering and Methodologies
- How to Write Security Requirements
- Verifying Security Requirements
Threat Modelling
In this course, participants will learn systematic methodologies for identifying and mitigating potential threats to software systems. Topics include understanding system architecture, data flows, and threat landscapes, and applying threat modelling tools.
Audience: Architects, Engineers, Engineering Managers
Topics covered in this template:
- Threat Modelling Overview
- Threat Modelling Introduction
- Understanding your System and Environment
- Threat Modelling Methodologies
- S.T.R.I.D.E.
- Threat Modelling Tools
- Implementation of Threat Modelling Practices
- Threat Modelling Case Study
Open-Source Software (OSS)
This course explores Open-Source Software, its advantages and disadvantages, and strategies for effectively managing associated risks. Participants will examine real-world case studies of prominent OSS vulnerabilities to understand key lessons and best practices for mitigating security risks.
Audience: Architects, Engineers, Engineering Managers
Topics covered in this template:
- Introduction to Open Source Software
- Open Source Licenses
- Using Open Source Licenses Correctly
- Overview of OWASP Top 10 Risks for Open Source Software
- Case Studies
- Managing Open Source Software Risk
- Building an Open Source Policy
Open-Source Policies and Risks
This course covers key open-source licenses, their obligations, associated security risks, and steps for building a corporate policy for organisation-wide use.
Audience: Architects, Engineers, Engineering Managers, Product Managers, Business Analysts
Topics covered in this template:
- Introduction to Open Course Policies and Their Risks
- Open Source Licences
- Using Open Source Licenses Correctly
- Security Risks of Open Source Software
- Building an Open Source Policy
- Summary of Open Source Policies and Their Risks
PCI DSS v4.0 Concepts and Compliance
This conceptual course is intended as security training for any developers that work on PCI DSS relevant applications. The course will explain the annual PCI DSS training requirements for developers and then proceed into providing the necessary training.
Audience: Architects, Engineers, Engineering Managers, QA, Product Managers, Business Analysts
Topics covered in this template:
- Introduction to PCI DSS Developer Training
- PCI DSS v4.0 Requirements 1-4
- PCI DSS v4.0 Requirements 5-12
- Real-World Examples
- Preparing for a PCI DSS Assessment
Architecture Risk Analysis
This conceptual course covers Architecture Risk Analysis (ARA), a set of techniques that aim to discover design flaws and the risks they pose within a system. This course teaches the skills needed to identify design-level defects.
Audience: Architects, Engineers, QA Engineers, Engineering Managers
Topics covered in this template:
- ARA Overview
- Design Flaws and the Techniques that Find Them
- ARA in a Nutshell
- The Role of Diagrams and Diagramming in ARA
- Business Context
- Dependency Analysis
- Applying Design Principles for ARA
- Known Attack Analysis
- Fitting ARA into an SDL
Attack and Defense
This conceptual course provides learners with an overview of how attackers discover and exploit vulnerabilities in the real world, and provide best practices about how to build a strong line of defense.
Audience: Architects, Engineers, Engineering Managers
Topics covered in this template:
- The Diamond Adversary Model
- Attacker Quadrants, Advanced Persistent Threat (APT) Groups, and Real-World examples of Tactics, Techniques, and Procedures (TTPs)
- Supply Chain Vulnerabilities and Testing Open Source Libraries
- Cloud Security and Infrastructure Protection
- Secure Architecture Design, Secure Configuration, Management, and Monitoring and Alerting
- Examples of Good and Bad Application Security Defenses
- Further Defense Strategies and Best Practices
Risk-Based Security Testing Strategy
This course provides learners with a comprehensive understanding of methodologies, tools, and best practices to effectively assess and enhance the security posture of software systems. Learners will explore the core concepts of risk assessment, test planning, test design, execution, and reporting.
Audience: Engineers, QA Engineers, Engineering Managers
Topics covered in this template:
- Introduction to Risk-Based Security Testing
- Identifying Risks in Software Systems within the Enterprise
- Risk Assessment and Prioritization Techniques
- Risk-Based Test Planning, Design and Implementation
- Test Execution, Evaluation and Reporting
- Tools and Techniques for Risk-Based Security Testing
- Continuous Improvement and Adaptation
Security for Data Scientists & Analysts
This course covers key topics including cybersecurity, data security, advanced security principles, data pipeline security, anomaly detection, SIEM, threat intelligence, and secure coding practices.
Audience: Data Scientists, Data Engineers, Data Analysts, Architects
Topics covered in this template:
- Introduction to Cybersecurity
- Data Security Fundamentals
- Beyond the CIA Triad with Modern Security Principles
- Security for Data Pipelines
- Machine Learning for Anomaly Detection
- Security Information and Event Management (SIEM)
- Threat Intelligence Fundamentals
- Secure Coding for Data Science
OWASP Top 10 for Large Language Model (LLM) Applications
This course explores the 2025 OWASP TOP 10 for Large Language Model (LLM) applications. It provides a conceptual overview of each item in the top 10, and interactive Missions to help learners better understand the impact and risks of key vulnerabilities emerging in LLM applications.
Audience: Architects, Engineers, Engineering Managers
Topics covered in this template:
- Direct Prompt Injection
- Indirect Prompt Injection
- Sensitive Information Disclosure
- Supply Chain
- Data and Model Poisoning
- Improper Output Handling
- Excessive Agency
- System Prompt Leakage
- Vector and Embedding Weaknesses
- Misinformation
- Unbounded Consumption
Database Security
This course covers essential steps for securing databases, from understanding threats and compliance to implementing authentication, encryption, and effective monitoring and auditing.
Audience: Architects, Data Scientists, Data Engineers, Engineering Managers
Topics covered in this template:
- Introduction to Database Security
- Governance and Compliance
- Authentication and Access Control
- Encryption
- Operation and Monitoring
- Summary
OAuth 2.0 Security
OAuth 2.0 is a widely used framework for securing access to APIs. In this course, we introduce the core concepts of OAuth 2.0 and investigate the recommended flows. We also briefly discuss deprecated flows and look at common security pitfalls and misconceptions.
Audience: Architects, Engineers, Engineering Managers
Topics covered in this template:
- The Need for OAuth 2.0
- Delegated Access with OAuth 2.0
- Overview of OAuth 2.0 Grant Types
- Delegated Access from a Confidential Client
- Delegated Access from a Public Client
- Long-Term Delegated Access
- Common Pitfalls and Misconceptions
- Wrapping up OAuth 2.0
Introduction to Automotive Security
This course offers an overview of automotive security, covering threats, fundamentals, threat modeling and standards with a deep dive into ISO 26262. It also addresses coding practices, testing, and maintenance to help mitigate vehicle security risks.
Audience: Architects, Engineers, QA Engineers, Engineering Managers
Topics covered in this template:
- Introduction to Automotive Security
- Fundamentals of Automotive Technology
- Automotive Vehicle Security Threat Modeling
- Secure Design Principles
- Regulatory Requirements, Standards, and Guidelines
- Secure Software and Hardware Development
- Secure Testing and Maintenance
Secure Development for Healthcare
This course explores the compliance landscape for healthcare applications and medical device software, focusing on legal requirements and best practices for protecting sensitive health information.
Audience: Architects, Engineers, Engineering Managers, QA, Product Managers, Business Analysts
Topics covered in this template:
- Developing Secure Healthcare Applications
- Legal and Regulatory Compliance in the Healthcare Industry
- Health Information Protection
- Developing Secure Healthcare Applications
- Medical Devices Security
- Testing and Responding to Incidents
Introduction to GDPR
This course covers the principles, roles, and regulations of personal data use, focusing on data subject rights and the impact of GDPR on the software development lifecycle.
Audience: Architects, Engineers, Engineering Managers, QA, Product Managers, Business Analysts
Topics covered in this template:
- What is GDPR and why is it Important
- Timeline and Notable Fines
- Key Roles in GDPR
- Personal Data
- GDPR Principles for Processing and Protecting Personal Data
- Data Protection and Data Breach Concepts
- Key Rights of the Data Subject
GDPR for Developers and Architects
This intermediate course covers GDPR principles and requirements for software developers and architects. Topics include obtaining consent, managing personal data access and sharing, data subject access requests, and international data transfers.
Audience: Architects, Engineers, Data Engineers, Data Scientists, Engineering Managers
Topics covered in this template:
- Principle of Data Protection by Design and by Default
- Privacy Requirements
- Personal Data
- Getting Consent
- Personal Data Collection and Processing
- Collecting Personal Data of Children
- Accessing Personal Data
- Sharing Personal Data with Law Enforcement
- Data Portability and Deletion
- Anonymization and Encryption
- Data Subject Access Requests (DSARs)
- International Data Transfers (IDTs)
- Access Control and Logging
GDPR for Development and Project Managers
This intermediate course covers GDPR principles for developers and project managers. Topics include data protection by design, data subject rights, design and production requirements, privacy impact assessments, data sharing, and international transfers.
Audience: Architects, Engineers, Engineering Managers, Product Managers, Business Analysts, Project Managers
Topics covered in this template:
- Principle of Data Protection by Design and by Default
- Performing Personal Data Mappings
- Data Subjects Rights
- Design Requirements
- Data Privacy Impact Assessment (DPIA)
- Requirements for Development, Testing and Production
- Sharing Personal Data with Law Enforcement
- International Data Transfers (IDTs)
Introduction to CCPA
This course will provide all necessary guidelines to ensure that your applications achieve compliance with the CCPA (California Consumer Privacy Act). It details the required notices that must be provided to consumers and outlines the processes for implementing them effectively.
Audience: Architects, Engineers, Engineering Managers, QA, Product Managers, Business Analysts
Topics covered in this template:
- What is CCPA?
- Consumer Rights
- Requirements for Businesses
- Roadmap to CCPA Compliance
Related Links:
Comments
0 comments
Please sign in to leave a comment.