Product Updates

Feb 1, 2024

February 2024 Content & Platform Update

Welcome to the OffSec February 2024 content update! Find the full scoop inside.

3 min read

Ready to take your secure software development skills to the next level? This month, we’re thrilled to unveil three comprehensive Secure Software Development (SSD) Learning Paths designed to empower developers of all levels. From foundational security concepts to advanced web application defenses, these paths will equip you with the skills to build resilient applications and fortify your organization’s cybersecurity posture.

In this newsletter, we also quickly go over our OWASP Top 10 Learning Path, released late last year as part of our commitment to deliver the most relevant and potent cybersecurity training.

New Learning Paths

Integrating Security into Software Development

This Learning Path, available to our Learn Fundamentals, Learn Unlimited, and Learn Enterprise subscribers, empowers you to build security-conscious development practices.

Explore:

  • Fundamental security concepts
  • Cryptography basics for developers
  • Secure coding techniques across various architectures
  • How different architectures impact security
  • … and more! 

Learners gain hands-on experience identifying and addressing common vulnerabilities like broken access controls, insecure direct object references, and injection attacks

Recommended prerequisite: Complete the Fundamentals of Secure Software Development Learning Path for optimal success.

Practical Approach to Secure Development

Build upon the foundational knowledge built in the “Integrating Security…” Learning Path and dive into advanced web application security defenses. Available to all Learn Subscribers, this Learning Path empowers you to:

  • Master secure file handling, parameterized queries, and robust authentication/authorization mechanisms
  • Understand web session concepts, cookie security, Same-Origin Policy (SOP), and Cross-Origin Resource Sharing (CORS)
  • Develop an attacker’s mindset – explore web attack methodologies from enumeration to post-exploitation
  • Identify and exploit critical vulnerabilities like XSS, SQL injection, and directory traversal

Recommended prerequisite: Complete the “Integrating Security into Software Development” Learning Path for optimal success.

Intermediate Secure Development

Take your web application security skills to the next level. This intermediate level Learning Path is available to Learn Fundamentals, Learn Unlimited, and Learn Enterprise Learners. It will empower you to:

  • Master defenses against Cross-Origin Attacks (XSS, CSRF, CORS)
  • Deepen your understanding of SQL Injection and Server-Side Request Forgery (SSRF)
  • Proficiently mitigate Template Injection and harness the power of Content Security Policy (CSP)
  • Secure against password attacks and the dangers of Insecure Deserialization
  • Grasp the nuances of security misconfigurations and Web Application Firewall (WAF) limitations

Prerequisite: Complete the “Practical Approach to Secure Development” Learning Path for optimal success.

Supplemental Learning: OWASP Top 10 2021

Sharpen your application security skills with our OWASP Top 10 2021 Learning Path. Released in December of 2023, this Learning Path is available to all Learn subscribers, and explores the most critical web application vulnerabilities as outlined by OWASP. Gain essential knowledge to:

  • Grasp core application security principles and the most critical vulnerabilities
  • Explore defensive strategies against XSS, Insecure Deserialization, and more
  • Understand vulnerability prevention techniques for security misconfigurations and outdated components

This video-first Learning Path is a valuable addition to your security knowledge base!