Core
Advanced
Elite
Elective
Overview
The Secure Developer – Core Learning Path introduces application security’s fundamental and primary drivers. The curriculum provides individuals with an understanding of the importance of secure software development while preparing them to perform at the organizational level. Learners will gain in-depth knowledge of security principles, attacks, tools, and processes to develop secure software. By introducing the OWASP Top 10, learners are prepared to identify the most critical web application security risks, appropriately address those vulnerabilities, and prevent software flaws that enable cyberattacks.
Upon successful completion of this path, you will have the knowledge and skills to:
- Define the value of having secure applications
- Integrate secure software development practices into all phases of the software development lifecycle
- Explain the anatomy of an application attack
- Apply best practices to protect all components of the software
- Identify and mitigate the most common application security risks
- Implement a security strategy based on your organization’s risk
- Produce well-secured software
NOTE: This Learning Path is considered principal to all Elite Secure Developer Learning Paths. Learn and Skill labs are elective training modules that help transform concepts into tangible skills through hands-on, realistic examples of real-world threat scenarios.
Overview
The Secure Developer – Advanced Learning Path explores different models, standards, frameworks, and security concepts that you can use to understand security issues and improve the security posture of your applications. The curriculum provides individuals with an understanding of how to ensure security is part of software design. Learners will gain in-depth knowledge of security practices that must be considered within every phase of the development lifecycle to help secure software applications and data. By introducing the DevSecOps philosophies, learners are prepared to focus on time saving but effective techniques that maximize security resources all while shortening system development lifecycles and providing continuous delivery of high-quality software.
Upon successful completion of this path, you will have the knowledge and skills to:
- Use NIST and MITRE ATT&CK security frameworks to identify and categorize potential threats
- Identify and apply relevant cryptographic technologies to secure applications and data
- Apply techniques to remove architecture weak spots and avoid vulnerability propagation
- Implement a zero-trust architecture
- Create a threat model for application scenarios
- Manage identities, privileges, and secrets securely
- Understand, create, and articulate security requirements as part of a software requirement document
- Determine which types of automated tests should be performed at various stages of the SDLC
NOTE: This Learning Path is considered principal to all Elite Secure Developer Learning Paths. Learn and Skill labs are elective training modules that help transform concepts into tangible skills through hands-on, realistic examples of real-world threat scenarios.
Overview
The Secure Go Application Developer Elite Learning Path is designed to equip learners with the knowledge and skills necessary to develop secure software applications across various programming environments. This learning path blends theoretical concepts with practical hands-on labs, ensuring learners gain a deep understanding of security best practices, potential vulnerabilities, and effective mitigation strategies.
This path covers a broad spectrum of topics, including secure coding practices for Go, Angular, React, Java, JavaScript, jQuery, Python, Ruby on Rails, and Oracle DB Applications. It places a strong emphasis on securing APIs, web applications, backend services, and microservices against a wide array of security threats. Additionally, the learning path dives into specific security concerns related to the Kubernetes API, AJAX-enabled web applications, and Python scripting, among others.
The labs section is designed to provide hands-on experience in identifying and defending against vulnerabilities in Node.js and Go applications. These labs tackle common security issues like SQL Injection, XSS, SSRF, command injection, and more, offering learners the opportunity to apply knowledge gained in a practical setting.
By the end of this journey, learners will have an in-depth understanding of how to develop secure applications and protect against common and advanced security threats.
Overview
Learning paths may include elective course content that is not required to complete SI-CSC certification exams successfully. These additional courses are suggested based on alignment with the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. To understand how courses map to compliance standards, view the Course Compliance Matrix.