Published on
Pittsburgh, PA, November 14, 2023 – Security Journey, a leading secure coding training provider, today launched two new Topic-Based learning paths supporting the recently published OWASP Top 10 2023 recommendations for AI applications built on Large Language Models (LLM) and for securing Application Programming Interfaces (APIs). Just a short time after the OWASP vulnerability lists were published, Security Journey responded with training that enterprises must adopt to build and integrate these technologies securely.
The OWASP Top 10 AI/LLM learning path offers an in-depth training experience designed to equip development teams with expertise not only in secure AI system design, especially those built on LLMs (Large Language Models), but also in the secure integration and utilization of these systems. The training curriculum covers essential topics, enabling development teams to hone their engineering skills to secure data, AI models, and software applications, resulting in the design of robust systems. By completing this path, learners will gain actionable insights for the secure integration and leveraging of AI/LLM systems.
The AI/LLM learning path includes the following lessons:
- Introduction to AI/LLM Security
- Data Science Engineering for AI/LLM
- Model Engineering for AI/LLM
- Application and Plugin Security for AI/LLM
- AI/LLM Security Toolchain
Joe Ferrara, CEO of Security Journey, emphasized the importance of these new learning paths, saying, “With recent CISA guidance calling for AI software to be secure by design with little to no software configuration changes or additional cost, these lessons and learning paths are paramount to meeting this need. As we equip development teams with the necessary skills to guarantee the security of API and AI systems, we are assisting them in confronting the ever-evolving threat landscape.”
The OWASP API Security Top 10 learning Path, to be released in December, is a progressive Topic-Based learning path with foundational, intermediate, and advanced lessons in a variety of learning formats, from podcast-style videos to hands-on coding lessons. The new learning path will equip developers of all experience levels to combat the significant risks associated with insecure APIs.
The OWASP API Top 10 path includes the following lessons:
- OWASP API Top 10 | Part 1
- Broken Object Level Authorization (Hands-on Coding Lesson)
- Broken Authentication (Hands-on Coding Lesson)
- Broken Object Property Level Authorization (Hands-on Coding Lesson)
- OWASP API Top 10 | Part 2
- Unrestricted Resource Consumption (Hands-on Coding Lesson)
- Broken Function Level Authorization (Hands-on Coding Lesson)
- Unrestricted Access to Sensitive Business Flows (Hands-on Coding Lesson)
- OWASP API Top 10 | Part 3
- Server-Side Request Forgery (SSRF) (Hands-on Coding Lesson)
- Security Misconfigurations (Hands-on Coding Lesson)
- Improper Inventory Management (Hands-on Coding Lesson)
- Unsafe Consumption of APIs (Hands-on Coding Lesson)
- Fundamentals of gRPC Security
- Fundamentals of GraphQL Security
The need to secure APIs has become abundantly clear. Recent research from TechTarget’s Enterprise Strategy Group on Securing the API Attack Surface found that 92% of organizations have experienced at least one security incident related to insecure APIs in the last 12 months, including 57% who have experienced multiple security incidents related to insecure APIs during the past year.
"While APIs are powerful tools for developers, it is important for them to understand the security implications and risks as they develop feature-rich applications using APIs. Our research shows there is a direct correlation with developers having a higher level of API risk understanding when their organizations have formal training programs in place,” said Melinda Marks, Practice Director, Cybersecurity, at Enterprise Strategy Group. “Continuous education and collaboration with developers can mitigate risk and reduce API security incidents to protect an organization’s digital assets.”
In continuation of Security Journey's ongoing commitment to addressing the latest security challenges, these new Topic-Based Learning Paths build upon its recent announcement of Role-Based and Compliance-Based Recommended Learning Paths offerings. They are designed to empower learners to focus their efforts on enhancing expertise and skills in specific, high-priority areas. By doing so, development teams can effectively mitigate and avert prominent software risks, aligning with industry demands and standards such as the OWASP Top 10 2023 recommendations for AI and API security. These learning paths represent our dedication to staying at the forefront of security education, ensuring organizations are equipped to tackle the ongoing security challenges.