
Feb 1, 2024
February 2024 Content & Platform Update
Welcome to the OffSec February 2024 content update! Find the full scoop inside.
Ready to take your secure software development skills to the next level? This month, we’re thrilled to unveil three comprehensive Secure Software Development (SSD) Learning Paths designed to empower developers of all levels. From foundational security concepts to advanced web application defenses, these paths will equip you with the skills to build resilient applications and fortify your organization’s cybersecurity posture.
In this newsletter, we also quickly go over our OWASP Top 10 Learning Path, released late last year as part of our commitment to deliver the most relevant and potent cybersecurity training.
This Learning Path, available to our Learn Fundamentals, Learn Unlimited, and Learn Enterprise subscribers, empowers you to build security-conscious development practices.
Explore:
- Fundamental security concepts
- Cryptography basics for developers
- Secure coding techniques across various architectures
- How different architectures impact security
- … and more!
Learners gain hands-on experience identifying and addressing common vulnerabilities like broken access controls, insecure direct object references, and injection attacks
Recommended prerequisite: Complete the Fundamentals of Secure Software Development Learning Path for optimal success.
Build upon the foundational knowledge built in the “Integrating Security…” Learning Path and dive into advanced web application security defenses. Available to all Learn Subscribers, this Learning Path empowers you to:
- Master secure file handling, parameterized queries, and robust authentication/authorization mechanisms
- Understand web session concepts, cookie security, Same-Origin Policy (SOP), and Cross-Origin Resource Sharing (CORS)
- Develop an attacker’s mindset – explore web attack methodologies from enumeration to post-exploitation
- Identify and exploit critical vulnerabilities like XSS, SQL injection, and directory traversal
Recommended prerequisite: Complete the “Integrating Security into Software Development” Learning Path for optimal success.
Take your web application security skills to the next level. This intermediate level Learning Path is available to Learn Fundamentals, Learn Unlimited, and Learn Enterprise Learners. It will empower you to:
- Master defenses against Cross-Origin Attacks (XSS, CSRF, CORS)
- Deepen your understanding of SQL Injection and Server-Side Request Forgery (SSRF)
- Proficiently mitigate Template Injection and harness the power of Content Security Policy (CSP)
- Secure against password attacks and the dangers of Insecure Deserialization
- Grasp the nuances of security misconfigurations and Web Application Firewall (WAF) limitations
Prerequisite: Complete the “Practical Approach to Secure Development” Learning Path for optimal success.
Sharpen your application security skills with our OWASP Top 10 2021 Learning Path. Released in December of 2023, this Learning Path is available to all Learn subscribers, and explores the most critical web application vulnerabilities as outlined by OWASP. Gain essential knowledge to:
- Grasp core application security principles and the most critical vulnerabilities
- Explore defensive strategies against XSS, Insecure Deserialization, and more
- Understand vulnerability prevention techniques for security misconfigurations and outdated components
This video-first Learning Path is a valuable addition to your security knowledge base!
Stay in the know: Become an OffSec Insider
Get the latest updates about resources, events & promotions from OffSec!
Latest from OffSec

Research & Tutorials
CVE-2024-12029 – InvokeAI Deserialization of Untrusted Data vulnerability
CVE-2024-12029: A critical deserialization vulnerability in InvokeAI’s /api/v2/models/install endpoint allows remote code execution via malicious model files. Exploit risk for AI art servers.
Jul 17, 2025
0
Research & Tutorials
What is Phishing? Introduction to Phishing Demo (for Beginners)
Learn how phishing attacks work and how to spot them. Watch OffSec’s animated video to protect yourself from scams, spoofed sites, and social engineering.
Jul 15, 2025
2 min read

Research & Tutorials
CVE-2025-27636 – Remote Code Execution in Apache Camel via Case-Sensitive Header Filtering Bypass
Discover the critical Apache Camel vulnerability (CVE-2025-27636) that allows remote code execution via case-sensitive HTTP header manipulation in the exec component. Learn how attackers exploit this flaw and how to mitigate it.
Jul 10, 2025
2 min read