Product Updates
Feb 1, 2024
February 2024 Content & Platform Update
Welcome to the OffSec February 2024 content update! Find the full scoop inside.
3 min read
Ready to take your secure software development skills to the next level? This month, we’re thrilled to unveil three comprehensive Secure Software Development (SSD) Learning Paths designed to empower developers of all levels. From foundational security concepts to advanced web application defenses, these paths will equip you with the skills to build resilient applications and fortify your organization’s cybersecurity posture.
In this newsletter, we also quickly go over our OWASP Top 10 Learning Path, released late last year as part of our commitment to deliver the most relevant and potent cybersecurity training.
This Learning Path, available to our Learn Fundamentals, Learn Unlimited, and Learn Enterprise subscribers, empowers you to build security-conscious development practices.
Explore:
- Fundamental security concepts
- Cryptography basics for developers
- Secure coding techniques across various architectures
- How different architectures impact security
- … and more!
Learners gain hands-on experience identifying and addressing common vulnerabilities like broken access controls, insecure direct object references, and injection attacks
Recommended prerequisite: Complete the Fundamentals of Secure Software Development Learning Path for optimal success.
Build upon the foundational knowledge built in the “Integrating Security…” Learning Path and dive into advanced web application security defenses. Available to all Learn Subscribers, this Learning Path empowers you to:
- Master secure file handling, parameterized queries, and robust authentication/authorization mechanisms
- Understand web session concepts, cookie security, Same-Origin Policy (SOP), and Cross-Origin Resource Sharing (CORS)
- Develop an attacker’s mindset – explore web attack methodologies from enumeration to post-exploitation
- Identify and exploit critical vulnerabilities like XSS, SQL injection, and directory traversal
Recommended prerequisite: Complete the “Integrating Security into Software Development” Learning Path for optimal success.
Take your web application security skills to the next level. This intermediate level Learning Path is available to Learn Fundamentals, Learn Unlimited, and Learn Enterprise Learners. It will empower you to:
- Master defenses against Cross-Origin Attacks (XSS, CSRF, CORS)
- Deepen your understanding of SQL Injection and Server-Side Request Forgery (SSRF)
- Proficiently mitigate Template Injection and harness the power of Content Security Policy (CSP)
- Secure against password attacks and the dangers of Insecure Deserialization
- Grasp the nuances of security misconfigurations and Web Application Firewall (WAF) limitations
Prerequisite: Complete the “Practical Approach to Secure Development” Learning Path for optimal success.
Sharpen your application security skills with our OWASP Top 10 2021 Learning Path. Released in December of 2023, this Learning Path is available to all Learn subscribers, and explores the most critical web application vulnerabilities as outlined by OWASP. Gain essential knowledge to:
- Grasp core application security principles and the most critical vulnerabilities
- Explore defensive strategies against XSS, Insecure Deserialization, and more
- Understand vulnerability prevention techniques for security misconfigurations and outdated components
This video-first Learning Path is a valuable addition to your security knowledge base!
Latest from OffSec
Enterprise Security
Red Team vs Blue Team in Cybersecurity
Learn what a red team and blue team in cybersecurity are, pros and cons of both, as well as how they work together.
Dec 13, 2024
13 min read
Enterprise Security
Building a Future-Ready Cybersecurity Workforce: The OffSec Approach to Talent Development
Learn all about our recent webinar “Building a Future-Ready Cyber Workforce: The OffSec Approach to Talent Development”.
Dec 13, 2024
4 min read
Enterprise Security
How to Become the Company Top Cyber Talent Wants to Join
Become the company cybersecurity talent wants to join. Learn how to attract, assess, and retain experts with strategies that set you apart.
Dec 4, 2024
5 min read