Menu

    How to Create a Course

    Avatar
    Secure Code Warrior Elves
    • Updated
    Follow

     

    Courses modules are made up of learning resources and language-specific coding challenges that allow you to build secure coding awareness and competency right into your overall cybersecurity program. 

    Each Course can be created to address your organization's specific training or vulnerability requirements, allowing you to build repeatable learning pathways for development teams.

    The article below describes the steps a Company Administrator or Team Manager can take to create and publish a course.

    For a list of all available course templates, please click here 



    Now, let's create a course

    Step 1

    Open Guided Learning from the top menu and select Course Management

    How to create Course - Menu - E.png


    Step 2

    Select Add Course to start the course creation wizard

     

     

    Create Course - E - 2 .png

    Step 3

    The Course creation wizard will guide you through configuration, starting with selecting the focus of the course, depending upon your requirements.

    You have the ability to build your Course using an existing template, or you can start from scratch. 


    Option 1:  Build your course using one of the existing templates: 

    1. Standard Templates 
    2. Security Awareness and Design Templates 

    Standard Templates:

    1. Introductory Course -This is an introductory course that will provide you with an overview of various interactive learning activities available in Secure Code Warrior. This short course is recommended for all new platform users as a first platform activity.
    2. Introduction to OWASP Top 10 Awareness (with latest updates from the Web top 10 2021) - This short course is pre-populated with challenges based on the OWASP Top 10 for web languages (2021), OWASP Top 10 for mobile languages (2016) and the OWASP Top 10 for API languages (2019)

    3. In-depth OWASP Top 10 Awareness (with latest updates from the Web top 10 2021) - This course is pre-populated with challenges based on the OWASP Top 10 for web languages (2021), OWASP Top 10 for mobile languages (2016), and the OWASP Top 10 for API languages (2019).

    4. PCI DSS v4.0 Recommendations - This course is prefilled with challenges based on the PCI DSS v4 requirements. (controls 2 to 8 and 10 for software development, 4.3 & 4.7 controls for mobile).

    5. Secure Code Warrior Recommendations - Build a course with challenges based on our own recommendations. It takes into account OWASP and PCI-DSS standards but completes the list with more recently emerging vulnerabilities and also takes into account the prevalence of the vulnerability in a specific language or framework.

    6. Security Measures for "EO-Critical Software" Use Under Executive Order (EO) 14028 - This course is based on the National Institute of Standards and Technology (NIST) guidance on security measures for EO-critical software use as directed by the Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity, May 12, 2021.

    7. CERT Recommendations - This course is prefilled with guidelines and challenges based on the SEI CERT coding standard
    8. Certification Program level 1 - OWASP 1-5 - Certification Program level 1 covers vulnerabilities from OWASP category 1 to 5 - beginner level

    9. Certification Program level 2 - OWASP 6-10 - Certification Program level 2 with a recap for OWASP category 1 to 5 AND covering vulnerabilities from OWASP category 6 to 10 - beginner level

    10. Certification Program level 3 - OWASP & SCW recommendations - Certification Program level 3 with a recap for OWASP categories 1 to 10 AND additional SCW recommended categories - intermediate level
    11. Certification Program level 4 - Missions & hard challenges - Certification Program level 4 with a recap for hard challenges OWASP categories 1 to 10 AND additional missions - hard level
    12. Certification Program level 5 - Missions & hard challenges for OWASP 6-10 - Certification Program level 5 with missions and hard challenges for OWASP categories 6 to 10 - hard level

    13. Storyline OWASP TOP 10 2021 - This course is a storyline that guides you through the basics of OWASP TOP 10 2021. The course builds up learning with multiple learning activities from watching videos, reading deep dives on vulnerabilities out of our guidelines, performing the exploit, analyzing the code, and pinpointing the vulnerability to fixing it.

    14. OWASP Top 10 2017 Awareness - This course is pre-populated with challenges based on the OWASP Top 10 for web languages (2017), OWASP Top 10 for mobile languages (2016), and OWASP Top 10 for API languages (2019).

    15. PCI DSS v3.2.1 Recommendations - This course is prefilled with challenges based on the PCI DSS requirements (6.5 controls for software development, 4.3 & 4.7 controls for mobile)

    16. Modern C Security - This course explores the complexities of C from a security perspective, covering major vulnerabilities like string handling, memory management, integer overflow, and format string attacks, along with strategies to mitigate them.

    17. Modern C++ Security - This course explores the complexities of C from a security perspective, covering major vulnerabilities like string handling, memory management, integer overflow, and format string attacks, along with strategies to mitigate them.

    18. MISRA - This course covers MISRA compliance, focusing on decidability, type safety, and undefined behaviors. Learn best practices for memory safety and strategies to avoid common pitfalls in secure programming.
       
    19. OWASP Top 10 CI/CD - This course covers the OWASP CI/CD Top 10 security risks, including issues like inadequate access management, dependency abuse, poisoned pipelines, and poor credential hygiene. It also addresses insecure system configurations, third-party service risks, and insufficient logging.

    20. Secure Programming for Go -  This course covers secure programming in Go, focusing on web interface security, concurrency, session management, cryptography, and error handling, with strategies to prevent common vulnerabilities.

    21. Secure Implementation of Containerized Cloud Infrastructure - This course will focus on the ins and outs of building a modern cloud infrastructure capable of taking containers from a developer’s laptop to production, in a secure manner.
    22. Fundamentals of iOS - This course covers a wide range of topics, from the architecture and security features of the iOS operating system to the intricacies of app development and deployment.
    23. Kubernetes Security - Learn defensive programming techniques to mitigate iOS application risks, with a focus on using key platform security controls effectively.

    24. Secure Programming for iOS - Learn defensive programming techniques to mitigate iOS application risks, with a focus on using key platform security controls effectively.

    25. NIS2 - This NIS2 training course covers practical topics such as supply chain security, cryptography, encryption, and multi-factor authentication. It also touches on essential requirements like network security, risk management, incident handling, and vulnerability management.

    26. Foundations of COBOL Security - This course explores COBOL system risks, debunks security myths, and examines vulnerabilities. It covers best practices and strategies to mitigate security issues.

     

    Security Awareness and Design Templates:

    1. Security Awareness 101 - This pre-filled course contains videos and starter level challenge and introduces the user to software security and the most prevalent vulnerabilities.
    2. Foundations of Software Security - This course introduces fundamental software security concepts throughout the Software Development Life Cycle (SDLC). Participants will learn to establish Software Security Initiatives (SSI), conduct secure code reviews, and implement application security testing.

    3. Security Requirements - This course introduces fundamental software security concepts throughout the Software Development Life Cycle (SDLC). Participants will learn to establish Software Security Initiatives (SSI), conduct secure code reviews, and implement application security testing.

    4. Threat Modeling - In this course, participants will learn systematic methodologies for identifying and mitigating potential threats to software systems. Topics include understanding system architecture, data flows, and threat landscapes and applying threat modeling tools.

    5. Open-Source Software (OSS) - This course explores Open-Source Software, its advantages and disadvantages, and strategies for effectively managing associated risks. Participants will examine real-world case studies of prominent OSS vulnerabilities to understand key lessons and best practices for mitigating security risks.

    6. Open-Source Policies and Risks - This course covers key open-source licenses, their obligations, associated security risks, and steps for building a corporate policy for organisation-wide use.

    7. PCI DSS v4.0 Concepts and Compliance - This course is intended as security training for any developers that work on PCI DSS-relevant applications. The course will explain the annual PCI DSS training requirements for developers and then proceed into providing the necessary training.

    8. Architecture Risk Analysis - Architecture Risk Analysis (ARA) is a set of techniques that aims to discover design flaws and the risks they pose within a system.

    9. Attack and Defense - This course will teach you how attackers discover and exploit vulnerabilities in the real world and how to build a strong line of defense.

    10. Risk-Based Security Testing Strategy - This Risk-Based Security Testing course provides learners with a comprehensive understanding of methodologies, tools, and best practices to effectively assess and enhance the security posture of software systems. Learners will explore the core concepts of risk assessment, test planning, test design, execution, and reporting.

    11. Security for Data Scientists & Analysts - This course covers key topics including cybersecurity, data security, advanced security principles, data pipeline security, anomaly detection, SIEM, threat intelligence, and secure coding practices.

    12. OWASP Top 10 for Large Language Model (LLM) Applications - This course explores the OWASP TOP 10 for Large Language Model (LLM) applications.

    13. Database Security - This course covers essential steps for securing databases, from understanding threats and compliance to implementing authentication, encryption, and effective monitoring and auditing.

    14. OAuth 2.0 security - OAuth 2.0 is a widely used framework for securing access to APIs. In this course, we introduce the core concepts of OAuth 2.0 and investigate the recommended flows. We also briefly discuss deprecated flows and look at common security pitfalls and misconceptions.

    15. Introduction to Automotive Security - This course offers an overview of automotive security, covering threats, fundamentals, threat modeling and standards with a deep dive into ISO 26262. It also addresses coding practices, testing, and maintenance to help mitigate vehicle security risks.

    16. Secure Development for Healthcare - This course explores the compliance landscape for healthcare applications and medical device software, focusing on legal requirements and best practices for protecting sensitive health information.

    17. Introduction to GDPR - This course covers the principles, roles, and regulations of personal data use, focusing on data subject rights and the impact of GDPR on the software development lifecycle.

    18. GDPR for Developers and Architects - This intermediate course covers GDPR principles and requirements for software developers and architects. Topics include obtaining consent, managing personal data access and sharing, data subject access requests, and international data transfers.

    19. GDPR for Development and Project Managers - This intermediate course covers GDPR principles for developers and project managers. Topics include data protection by design, data subject rights, design and production requirements, privacy impact assessments, data sharing, and international transfers.

    20. Introduction to CCPA - This course will provide all necessary guidelines to ensure that your applications achieve compliance with the CCPA (California Consumer Privacy Act). It details the required notices that must be provided to consumers and outlines the processes for implementing them effectively.

    21. Introduction to Cloud Security - This course explores secure cloud infrastructures, focusing on data protection, identity management, compliance, and securing containerized and serverless environments. Through theory and hands-on examples across AWS, Azure, and GCP, participants will gain skills to design and maintain secure cloud solutions for evolving challenges.

    22. Coding With AI - This course will help you understand how Large Language Models (LLMs) work and how to use them for coding. You will learn the best ways to work with AI in coding while avoiding security risks and legal problems.

    23. Introduction to AI Risk & Security - This beginner course introduces AI risk and security for developers and technical professionals, covering key concepts, risk assessment, mitigation strategies, and resilience. It also emphasizes AI governance and accountability.

    24. Introduction to Cryptography for Developers and Architects - This course will teach you the cryptography basics that will help you design and develop your own secure applications and systems.

    25. Secure Password Storage - This course provides in-depth insights into the evolving field of password security, guiding learners through fundamental concepts to advanced strategies for safeguarding user credentials.

    26. Hardening Your APIs - This course explores how attackers use offensive techniques to target APIs and how to implement defensive security measures to counter these threats. By the end of the course, a set of best practices will be developed to enhance API security.

    27. Securing Infrastructure as Code - This course covers a wide range of topics, from the architecture and security features of the iOS operating system to the intricacies of app development and deployment.

    28. Securing Amazon Web Services (AWS) - This course offers a comprehensive overview of AWS security, covering cloud security, compliance, infrastructure and application security, identity and data management, and incident response.

    29. Securing Microsoft Azure - This course explores the ins and outs of securing software built and deployed on the Microsoft Azure cloud platform. Learn how to use Azure-specific features to ensure your application's production data is adequately protected and monitored.

    30. Securing Google Cloud Platform (GCP) - This course guides you in building and operating a secure environment in Google Cloud Platform, covering security features and services to protect your infrastructure and data. By the end, you'll be able to set up a secure GCP infrastructure for deploying cloud-native applications and services. 

    31. Overview of Application Security Testing - This course offers a high-level overview of application security testing, covering SAST, DAST, and Penetration Testing. Learn key tools, techniques, and how to interpret results to identify and mitigate vulnerabilities in applications.

    32. Introduction to Securing the Internet of Things - This course explores IoT complexities and security challenges, focusing on privacy and vulnerabilities. It provides the knowledge needed to make informed decisions as an IoT vendor, enterprise, or consumer.

    33. Low-Code and No-Code (LCNC) - This course introduces the fundamentals of no-code and low-code platforms, highlighting their benefits and limitations. It covers the OWASP Low and No-Code Top 10 to help identify and mitigate key security risks in low and no-code development.

     


    Option 2: Build your Course from scratch 

    Create Course - E - 4 .png


    1. Target Specific Vulnerabilities - This allows the creation of a course that addresses specific vulnerabilities. If you choose this option, the platform will set up predefined modules for listed vulnerabilities
    2. Custom - Build a course from scratch with full control over videos, challenges, difficulty, and hints available on the platform for the selected programming language:framework. Learn more about creating your own course modules



    Step 4

    Add a single welcome or course introduction message that will be displayed for all the languages covered in the course.

     

    Create Course - E - 5.png

     

    Step 5

    Once you move to the Course Content section, you can view the course at a high level or expand activities for a closer look at them. 

    Additionally, you can:

    • Select multiple languages and modules for bulk-actions
    • Manage the columns in the table and the order of the columns
    • Search, sort, and filter the content in the course 

    To learn more about bulk actions, please refer to this article

     

    Create Course - E - 6 .png


    Select the desired language from the list on the left. To remove any language:frameworks that aren't required for your course, click on Bulk actions and select the remove languages option.

    Create Course - E - 8 .png


    Step 6

    Now you can review pre-configured course modules in the content table. At this stage, you can also add additional modules if required. 

    Courses content curation flow is streamlined to let administrators add content to the selected language(s) by:

     

    1) Copying existing modules 

    Select copy existing modules option 

     

    Create Course - E - 9.png


    Select the language and the module you would like to copy then click the Add content button 

    Create Course - E - 10.png

    2) Adding new modules:

    • Add new modules from a template 
    • Add new vulnerability modules
    • Add a new custom modules 

    See How to create your own course module for more details on creating and editing a new custom course module.

     

     

    Step 7 

    Now it's time to add the end-of-course activity. 

    Global end-of-course message 

    This allows you to share a congratulatory message with the developers once they complete the course

    Create Course - E - 11.png

    End-of-course Assessment 

    This allows you to share a message and lead them to complete an assessment for that course. You can choose between two options:

    1. Single end-of-course assessment 

      Create Course - E - 12.png

    2. Maintain individual end-of-course assessments for each language all on one screen

      Create Course - E - 13.png

     

    IMPORTANT NOTES:
    1. If you choose the assessment option, one must be created beforehand so it can be selected and linked. (read more about that here.) 
    2. The assessment must also cover the same language(s) as the course.



    Step 8

    Click the Other Settings tab.

    At this point, you should have provided a name and description for the course. Choose naming conventions that will give participants (and yourself) a quick idea of what the course will cover.

    You can now select the end date, badge, and email notifications 

    CreateCourseE-8.png

    Alternatively, If you aren't ready to publish the course, you can always save your progress by clicking 'Save as Draft’ and get back to it at a later date. 

      • Course End Date:

        • None: Use this option to create a course with no deadline. 
        • Time Limit: Set a time limit in days. Developers will need to complete the course within this time frame from the moment of enrollment.
        • End Date: Set s deadline for the course. When the end date is reached the course will be marked as expired and developers won't be able to start/resume the course.

      • Notifications:

        • Enable email notifications:
          • Invited developers will receive email notifications when the course is published.
          • Invited developers will receive reminders 3 and 5 days before the course end date if they have not yet started or completed the course.
          • All participants will receive a notification when the end date is changed.
          • Developers who have not yet started or completed the course will receive the nudge notification.

    If you would like to send Notifications via Microsoft Teams, please reach out to our support team

    • LMS Management: Check this setting to enable a SCORM package download that can be imported into your LMS. This will automatically enable company-wide auto-assignment, disable notifications and disable course end-date management to delegate these options to your LMS. In addition, it will require participants to access this course via the LMS to enable completion to be reported back to the LMS.

    • Published course updates: Each course has several options available which can be configured to control how the published course can be edited, and what impact editing the course will have on course participants. For more details, please read How to Edit a Course


    Step  9

     

    Now the Course is ready to be published. Click Publish course button to publish the course or Save as preview to trial the course 

     

    Note: The 'Save as preview' option allows invited users to playtest the content of the course without affecting their metrics. Whereas a course is in preview, all its content can be modified. Once you publish the course, all of the previous results and participants will be removed.

     

    Create Course - E - 14.png

     

    Next Steps

     

     

     

     

    Related articles

    Comments

    0 comments

    Please sign in to leave a comment.