Secure Development Training That Builds a Secure Development Culture
Build a Secure
Development Culture
Level-Up AppSec Skills Across Your Team and Build Security Champions
Not surprising, given our name, that we believe security is a journey, not a destination.
While many customers come to us to meet secure code training compliance requirements, most also have the desire to build a proactive, long-term approach to engage learners and build a security-first mindset across their development teams.
Our AppSec Education Platform is purpose-built with role-based training to help level-up knowledge and skills across your team and help you identify and build security champions to passionately drive your journey to a secure development culture.
Train Everyone Involved in Creating Software
Role-Based
Learning Paths
Different roles have different responsibilities. Role-Based Learning Paths deliver progressive learning through Foundational, Intermediate, and Advanced Levels, targeting the right training to the right people at the right time.
Learners are rewarded with a certificate at the end of each level in the learning path, and admins can easily generate reports to verify learner completion.
Business Learner
Our Business Learner Path is designed for individuals involved in software development, such as product managers, UX
designers, system admins, and QA engineers to help them support secure development efforts.
The Business Learner training content is organized into three progressive levels:
- Business Learner Foundational: Introduces the basics of application security, such as the different types of security vulnerabilities, the importance of secure coding practices, and the role of security testing.
- Business Learner Intermediate: Takes a deeper dive into application security, covering threat modeling, risk assessment, and security controls.
- Business Learner Advanced: Covers cutting-edge application security topics, such as DevSecOps, secure design, and common weaknesses.
Web Developer (Back-End)
We offer two separate paths for web developers, based on whether they engage in front-end or back-end web development.
After completing their appropriate path, developers will be able to understand security threats for the languages/frameworks/technologies they work in and have the ability to develop mitigation strategies during their software build.
The Web Developer training content is organized into three progressive levels:
- Web Developer (Back-End) Foundational: Explores core concepts around application security, including understanding threats, business impact, secure development, and secure design.
- Web Developer (Back-End) Intermediate: Takes a deeper into topics that include techniques used to build secure applications, the OWASP Top 10 for web applications, secure secrets management, and security tools.
- Web Developer (Back-End) Advanced: Learners choose their language/technology/framework to move into more advanced topics with further opportunity to learn how to break and fix code in a real application environment.
- C#
- C++
- Clojure
- Cobol
- Java
- JavaScript (Node.js)
- JavaScript (Angular)
- JavaScript (React)
- TypeScript (Back-End)
- PHP (CodeIgniter)
- PHP (Laravel)
- PHP (Symfony)
- Scala
- Go
- Python
- Python (Django)
- Ruby (RoR)
- API
- Rust
- Perl
- Blockchain
Web Developer (Front-End)
We offer two separate paths for web developers, based on whether they engage in front-end or back-end web development.
After completing their appropriate path, developers will be able to understand security threats for the languages/frameworks/technologies they work in and have the ability to develop mitigation strategies during their software build.
The Web Developer training content is organized into three progressive levels:
- Web Developer (Front-End) Foundational: Explores core concepts around application security, including understanding threats, business impact, secure development, and secure design.
- Web Developer (Front-End) Intermediate: Takes a deeper into topics that include techniques used to build secure applications, the OWASP Top 10 for web applications, secure secrets management, and security tools.
- Web Developer (Front-End) Advanced: Learners choose their language/technology/framework to move into more advanced topics with the opportunity to continue to learn how to break and fix code in a real application environment:
- ClojureScript
- JavaScript (Angular)
- JavaScript (React)
- TypeScript (Front-End)
Native Developer
Our Native Developer Path is tailored to individuals who aim to create applications using specific languages, frameworks, or technologies, such as C and C++.
Upon finishing these paths, learners will be able to integrate secure coding principles into their application development.
The Native Developer training content is organized into three progressive levels:
- Native Developer Foundational: Covers foundational application security principles for native developers, including different attackers, threats, and secure design
- Native Developer Intermediate: A technical deep dive into the threats and security controls relevant to native developers
- Native Developer Advanced: Learners choose their language/technology/framework to move into more advanced topics with the opportunity to learn how to break and fix code in a real application environment:
- C++
- C
- Embedded
Mobile Developer (iOS)
Our Mobile Developer (iOS) Path is designed for developers creating applications on Apple’s iOS system.
After completing these learning paths, developers are better equipped to build secure applications and mitigate security threats.
The Mobile Developer (iOS) training content is organized into three progressive levels:
- Mobile Developer (iOS) Foundational: Introduces the basics of application security, such as the different types of security vulnerabilities, the importance of secure coding practices, and secure design principles.
- Mobile Developer (iOS) Intermediate: This path takes a deeper technical dive into topics that include threat modeling, the OWASP Top 10, and security controls relevant to iOS mobile developers.
- Mobile Developer (iOS) Advanced: Learners choose their language/technology/framework to move into more advanced topics with the opportunity to learn how to break and fix code in a real application environment:
- Swift
Mobile Developer (Android)
Our Mobile Developer (Android) Path was designed for developers creating applications on Android’s operating system.
After completing these learning paths, the Web Developer (Android) Learner will be better equipped to build secure applications and mitigate security threats.
The Mobile Developer (Android) training content is organized into three progressive levels:
- Mobile Developer (Android) Foundational: Introduces the basics of application security, such as the different types of security vulnerabilities, the importance of secure coding practices, and secure design principles.
- Mobile Developer (Android) Intermediate: Takes a deeper technical dive into topics that include threat modeling, the OWASP Top 10, and security controls relevant to Android mobile developers.
- Mobile Developer (Android) Advanced: Learners choose their language/technology/framework to move into more advanced topics with the opportunity to learn how to break and fix code in a real application environment:
-
- Kotlin
- Java
Data Scientist
Our Data Scientist Path was designed for individuals who work in R to develop data processing pipelines, prepare analytical applications, design architecture, and create models for machine learning.
Upon completing our learning paths, the Data Scientist Learner will be able to utilize secure coding principles within the SDLC to design secure applications while working in R.
The Data Scientist training content is organized into three progressive levels:
- Data Scientist Foundational: Introduces the basics of application security, such as the different types of security vulnerabilities, the importance of secure coding practices, and the secure development lifecycle.
- Data Scientist Intermediate: A technical deep dive into the threats and security controls relevant to data scientists, including OWASP Top 10, threat modeling, and security testing.
- Data Scientist Advanced Path: Learners delve into secure application design, secure coding, and specialized R security topics, ranging from the R threat landscape, best practices, and securing Shiney apps and servers:
- R
Tester
Our Tester Learner Path is designed for individuals who evaluate and test newly developed software applications. This includes roles such as QA, analysts, software testers, and others with similar responsibilities.
Upon completing these learning paths, the Tester Learner will be equipped with the skills necessary to work effectively within the SDLC to identify and resolve vulnerabilities.
The Tester training content is organized into three progressive levels:
- Tester Foundational: Introduces the basics of application security, such as the different types of security vulnerabilities, the importance of secure coding practices, and the threat landscape.
- Tester Intermediate: Covers an in-depth exploration of common security threats and testing tools.
- Tester Advanced: Learn about advanced testing tools, deep dive into web application threats and common application weaknesses, fundamentals of approaching security testing, and leveraging SWSTL:
- Web App Testing
DevSecOps
Our DevSecOps Path is designed for employees who are responsible for integrating security into the software development lifecycle, including Engineers, Release Managers, Infrastructure Engineers, and other similar roles.
After completing our learning paths, DevSecOps Learners will be able to expertly identify and mitigate vulnerabilities and security threats throughout the application development lifecycle.
The DevSecOps training content is organized into three progressive levels:
- DevSecOps Foundational: Covers foundational application security principles for DevSecOps engineers.
- DevSecOps Intermediate: In-depth exploration of threat modeling, common security threats, security controls, and testing tools.
- DevSecOps Advanced: Learners choose their language/technology/framework to move into more advanced topics with an opportunity to learn how to break and fix code in a real application environment:
- DevSecOps
- Terraform
- IaC
- Docker Kubernetes
Cloud Engineer
Our Cloud Engineer Path is for individuals responsible for designing, developing, and managing cloud-based systems, including architects, engineers, and other similar positions.
After completing these learning paths, Cloud Engineer Learners will be enabled to use secure design principles to create secure cloud systems.
The Cloud Engineer training content is organized into three progressive levels:
- Cloud Engineer Foundational: Covers foundational application security principles for cloud engineers.
- Cloud Engineer Intermediate: An in-depth exploration of threat modeling, threats, and security controls for cloud engineers.
- Cloud Engineer Advanced: Understand operational security, cloud security fundamentals, then understand technology-specific security topics covering S3 and EC2 hardening, access control, secrets management, and logging:
- AWS
- GCP
- Azure
Privacy Engineer
Our Privacy Engineer Path is for individuals responsible for inspecting code before deployment to assess privacy protections for personal data.
After completing this learning path, Privacy Engineers will be enabled to use secure coding principles to ensure the responsible handling of data.
The Privacy Engineer training content is organized into three progressive levels:
- Privacy Engineer Foundational: Introduces the basics of application security, such as the different types of security vulnerabilities, the importance of secure coding practices, and the secure development lifecycle.
- Privacy Engineer Intermediate: A technical deep dive into the threats and security controls relevant to data scientists, including OWASP Top 10, threat modeling, and security testing.
- Privacy Engineer Advanced Path: Advanced application security topics covering DevSecOps, common weaknesses, testing tools, and secure design.
“It’s important to emphasize the importance of security at your organization with real action, and make sure your program is relevant, practical, and meaningful to the engineers.
”Robert Walker, Secure Software Development Leader. Zoom
Keep Your Learners Engaged
Continuous training and the reinforcement of previously learned concepts are essential for building a more secure culture within an organization.
Our AppSec Education Platform provides certificates at the end of each level of learning and helps acknowledge your team's hard work.
Drive Friendly Competition
Use our Tournaments and Leaderboards to motivate and engage learners, test knowledge, or advance the learning pace of the team.
Offer Reinforcement
All of our lessons come with the ability to create notes in the AppSec Platform for your teams to refer back to as they apply what they have learned.
Additional Series of lessons allow you to offer fresh content on crucial areas to keep best security practices top of mind.
Stay Ahead of the Latest Threats
Our internal team of AppSec experts, continually add content based on the latest developments and threats in the industry.
Find & Fix Vulnerabilities Faster
Try our training today with a hands-on SQL Injection, proven to help learners find and fix a SQL Injection in less than 10 minutes.
Build Security Champions
Our Role-Based Learning Paths help ensure that every role in your SDLC shares a common understanding and approach to problem-solving and can help you identify potential candidates to become security champions.
Empower your team with our Champion Passport, which allows you to mentor and cultivate a network of security champions within your organization, utilizing a wizard to create personalized activities.
- Professional (Level 4) focuses on having candidates enhance internal application security tactics.
- Expert (Level 5) is intended to move them past experts to become educators and advocates across the organization.
Measure and Report Your Program Progress
Reach your AppSec training goals by showing tangible knowledge gain and proving application security growth.
Compliance Reporting
It’s never been easier to prove your organization's compliance.
Whether it is PCI DSS, SOC 2, NIST, or another framework, our User Completion Reports show that compliance requirements have been met.
Spend less time responding to audit requests and take the stress out of annual compliance reviews.
Learning Swing
A Security Journey exclusive, Learning Swing measures knowledge improvement based on a learner's self-assessment.
Before starting a lesson, a learner rates their prior knowledge of the topic. They reassess their knowledge after the lesson is complete. The difference between these two ratings is learning swing.
Assessments
Security Journey lessons come with expert-designed knowledge assessments to evaluate comprehension and learned concepts.
From hands-on coding assessments to challenging questions from video lessons - collect realistic data to measure the effectiveness of your AppSec training program.
Training Progress
Tracking learner progress is an integral part of any training program.
We offer a series of learner-focused reports to take the guesswork out of managing the learner journey.
With just a few clicks, quickly see a variety of user data, including:
- Lesson attempts
- Assignment completion
- Path Progress
- Learning swing
Leaderboards
Program administrators can use leaderboards to quickly gauge learner progress and perform any necessary outreach to keep learners on track for success.
In one easy view, you can compare:
- Points Collected
- Participation Streak
- Learner Level
Completion Certificates
Certificates are a great way to start and build learning momentum.
These PDFs make it easy to share learner competency and achievements both internally and externally while simultaneously motivating learners to share their successes with others.
Security Journey Case Study
Zoom Selects Security Journey to Drive Application Security Excellence
Zoom needed a new secure coding training partner for their fast-growing engineering team to support new features, integrations, and capabilities.
Security Journey's AppSec Education Platform was implemented to support secure coding practices with required learning paths for new engineers and custom yearly training refreshers.
Zoom saw an immediate return on investment when developers proactively returned to previously completed code and addressed vulnerabilities based on what they learned in their training.
Who Can Use Security Journey's AppSec Education Platform?
When everyone in the SDLC has a solid understanding of security principles, the entire team can adopt a security-first mindset.
We’re Here to Help for Every Step
Security Journey Customer Support is here to ensure your success ... at no added costs!
-
- An experienced Customer Success Manager
-
- Unique In-App support for both Admins and Learners
- Our extensive up-to-date knowledge base
- Best practices and resources for engaging Learners
- Security Champion and mentor guidance
- Unique In-App support for both Admins and Learners