Become a Partner
Add OffSec to your list of training providers
Partner with us
OffSec Wins Seven Global InfoSec Awards during RSA Conference 2024
Read blogStrengthen your development process with enhanced security protocols
OffSec Learning Path:
Intermediate Secure Development
Tackle sophisticated attacks and elevate secure coding skills. Dive into advanced exploit mitigation strategies, configuration hardening, and vulnerability analysis to protect web applications with greater depth. This path builds upon earlier OffSec learnings. Learners will:
Master robust defenses against complex attack vectors
Optimize system and app configurations for heightened security
Develop the ability to assess, identify, and remediate deep-rooted vulnerabilities
One of five secure software development Learning Paths
Advance your secure development expertise
This Learning Path builds upon fundamental secure coding knowledge for sophisticated threat protection. Fortify your skillset with cross-origin attack countermeasures, advanced debugging, and insight into cutting-edge vulnerability exploitation trends.
Who is this Learning Path for?
- Developers seeking to specialize in application security
- Security teams aiming to address nuanced software weaknesses
- Ambitious learners ready to expand their skillset beyond foundational practices
Learning objectives
- Deeply understand cross-origin vulnerabilities and secure configurations
- Proactively address template and SQL injection tactics
- Implement proactive hardening against credential-based attacks.
- Develop a tactical grasp of insecure deserialization risks and prevention.
Key modules in the Intermediate Secure Development Learning Path
Cross-Origin Attacks for Developers
- This module covers how cross origin requests work in modern web applications, what attacks can occur due to misconfigurations, and what security controls need to be implemented to safely allow cross-origin requests.
Content Security Policy
- Introduction to Content Security Policy and what vulnerabilities it can protect against. We will cover several important CSP directives, as well as how to design and audit CSP settings.
Password Reset Vulnerabilities for Developers
- We will cover several vulnerabilities for password reset features and and how to mitigate them
Limitations of Web Application Firewalls
- This module provides an overview of web application firewalls. It also provides a hands-on example of creating a virtual patch and how attackers might bypass WAF rules.
Cross-site Scripting for Developers
- This Learning Module focuses Cross-Site Scripting, primarily on the client-side using HTML and JavaScript. The content also covers some basic server-side PHP code vulnerable to stored XSS. The content includes vulnerable code examples and several mitigation strategies.
Template Injection for Developers
- This module covers template injection attacks and how developers can prevent them.
Insecure Deserialization for Developers
- Understanding how deserialization can introduce vulnerabilities in web applications, including the examination of vulnerable code samples. We will also cover several techniques for preventing or remediating insecure deserialization.
Intermediate Secure Development overview
11
modules
55
hours of content (approx.)
15+
skills
Earning an OffSec Learning Badge
Showcase commitment to building secure applications! Upon completing 80% of the Intermediate Secure Development Learning Path, you'll receive an exclusive OffSec badge. This badge:
- Proves knowledge: Demonstrates proficiency in core secure coding concepts and vulnerability assessment.
- Boosts credibility: Add an OffSec achievement to a learners skillset, whether you're an individual or promoting your team's capabilities.
- Unlocks further learning: Motivates continued growth in the Secure Software Development learning path series.
Why have your team learn secure software development with OffSec?
Specialized expertise
Acquire skills to address diverse, highly targeted attacks.
Robust protection
Strengthen web configurations and optimize mitigation practices.
Stay ahead of trends
Understand dynamic threat landscapes to maintain secure application environments.
Start learning with OffSec
Intro
content
Learn
Fundamentals
$799/year*
Access to all fundamental content for one year to prepare for our advanced courses.
All
access
Learn
Unlimited
$5799/year
Unlimited OffSec Learning Library access plus unlimited exam attempts for one year.
Large teams
Learn
Enterprise
Get a quote
Flexible terms and volume discounts available.
Learn Fundamentals is designed to help learn essential cybersecurity concepts and provide the prerequisite skills necessary for our courses & certifications. Gain access to the growing library of fundamental learning paths and demonstrate achievement with assessments and badges.
What’s included
1 year of unlimited access to all fundamental content and OffSec curated Learning Paths
365 days of lab access
PEN-103 + 1 KLCP exam attempt
PEN-210 + 1 OSWP exam attempt
Easily upgrade at any time to a Learn One subscription
Financing for Learn Fundamentals and Learn One now available through Climb Credit with as little as 0% APR and up to 36 monthly payments.
State exclusions may apply. Learn more.
FAQ
- Cross-Origin Attacks for Developers
- Cross-site Scripting for Developers
- Content Security Policy
- Template Injection for Developers
- SQL Injection for Developers
- Server-side Request Forgery for Developers
- Security Misconfigurations
- Credential Attacks for Developers
- Password Reset Vulnerabilities for Developers
- Insecure Deserialization for Developers
- Limitations of Web Application Firewalls
A solid grasp of secure coding fundamentals and web development concepts is vital. Completion of earlier OffSec learnings in the series, like “Integrating Security into Software Development” and "Practical Approach to Secure Development", is highly recommended.
Learners will gain hands-on experience with the following skills:
- Security as a Product Feature
- Secure Software Development Life Cycle
- Application Architecture
- Creative problem-solving and lateral thinking skills
- Cryptography for Developers
- Code Analysis
- Writing scripts and tools
- Access Control
- Handling User Input
- Data Transformation and Storage
- Dependency Management
- Secrets Management for Developers
- Logging and Monitoring for Developers
- Identify common vulnerabilities
- Clear understanding of security within SLDC
Yes! We focus on current vulnerability patterns and emerging tactics, including analysis of cutting-edge attack vectors to future-proof your skillset.
Here's what makes OffSec stand out:
- Web application focus: We zero in on vulnerabilities specific to web environments, so you acquire the most relevant defense skillset
- Attacker's mindset: Learn how exploits are executed to code proactively rather than reacting after security breaches.
- Real-world readiness: Build tangible expertise through challenging scenarios, ensuring immediate benefit when returning to project work.
Start your journey today
New to cybersecurity and want to get educated on fundamental content before signing up?
Check out CyberVersity - our free resource library covering essential cybersecurity topics.
Learn more