QUICK REFERENCE

Study Guides

Key takeaways, essential concepts, and quick-reference summaries for every module. Jump directly to any study guide.

🏛️

Track 1: Foundations & Governance

SSDLC Process & Policy

SSDLC process fundamentals, security activities across SDLC phases, governance documents, and AI acceptable use policies.

90 min · All Roles View Guide →

1.2

Threat Landscape

Current threat landscape including OWASP Top 10, API Security Top 10, LLM Top 10, CWE Top 25, and MITRE ATT&CK techniques relevant to application security.

120 min · All Roles View Guide →

1.3

CIS Controls v8: CG16 Deep Dive

Deep dive into CIS Controls v8 Control Group 16, covering all safeguards for application software security from 16.1 through 16.14.

120 min · All Roles View Guide →

1.4

Regulatory & Compliance Framework

Regulatory and compliance frameworks affecting software development, including PCI DSS, HIPAA, SOX, GDPR, and the EU AI Act.

120 min · All Roles View Guide →

1.5

AI Governance for Development

AI governance frameworks for development teams, covering acceptable use policies, risk assessment, and responsible AI integration into the SDLC.

120 min · All Roles View Guide →

📐

Track 2: Design & Architecture

2.1

Security Requirements Engineering

Security requirements engineering techniques including misuse cases, OWASP ASVS, and leveraging LLMs for requirements brainstorming with human validation.

90 min · Architects & Leads View Guide →

2.2

Secure Design Principles

Secure design principles including defense in depth, least privilege, fail-safe defaults, and applying security patterns to system architecture.

90 min · Architects & Leads View Guide →

2.3

Threat Modeling

Threat modeling methodologies including STRIDE, PASTA, Attack Trees, and LINDDUN, with practical application to real-world architectures.

90 min · Architects & Leads View Guide →

2.4

Cryptography Standards

Cryptographic standards for developers covering algorithm selection, key management, TLS configuration, and common implementation pitfalls.

90 min · Architects & Leads View Guide →

2.5

Architecture Security Assessment

Architecture security assessment techniques for evaluating system designs against security requirements and identifying structural vulnerabilities.

90 min · Architects & Leads View Guide →

2.6

Privacy by Design

Privacy by Design principles and implementation, covering GDPR requirements, data minimization, and privacy impact assessments.

90 min · Architects & Leads View Guide →

💻

Track 3: Secure Implementation

3.1

Secure Coding Practices

Secure coding practices across languages, covering OWASP guidelines, CWE Top 25 mitigations, and recognizing AI-generated code vulnerabilities.

360 min · Developers View Guide →

3.2

AI-Augmented Coding

Secure use of AI coding assistants, covering prompt engineering for security, validating AI output, and managing AI-specific vulnerability patterns.

360 min · Developers View Guide →

3.3

Security Libraries and Vetted Components

Selecting and managing security libraries and vetted components, including evaluation criteria, approved lists, and dependency governance.

480 min · Developers View Guide →

3.4

Secure Code Review

Secure code review processes including security-focused checklists, automated analysis integration, and reviewing AI-generated code contributions.

360 min · Developers View Guide →

3.5

API Security

API security covering authentication, authorization, rate limiting, input validation, and the OWASP API Security Top 10.

360 min · Developers View Guide →

⚙️

Track 4: Configuration Management

4.1

Version Control Security

Version control security including repository hardening, branch protection, commit signing, and code provenance for AI-generated contributions.

90 min · DevOps & Developers View Guide →

4.2

Change Management & Release Control

Change management and release control processes integrating security gates, approval workflows, and rollback procedures.

90 min · DevOps & Developers View Guide →

4.3

AI Code Attribution & Licensing

AI code attribution and licensing challenges, covering intellectual property, license compliance, and provenance tracking for AI-generated code.

90 min · DevOps & Developers View Guide →

🧪

Track 5: Testing & Verification

5.1

Testing Pyramid & Coverage

Testing pyramid fundamentals, coverage metrics, mutation testing, and designing security-specific test strategies with AI-generated test evaluation.

90 min · QA & Security View Guide →

5.2

Security Testing Automation

Security testing automation including SAST, DAST, IAST, and SCA integration into CI/CD pipelines with quality gate enforcement.

90 min · QA & Security View Guide →

5.3

UAT & Acceptance Testing

User acceptance testing and security acceptance criteria, ensuring security requirements are validated before production release.

90 min · QA & Security View Guide →

5.4

Penetration Testing

Penetration testing methodologies, scoping, execution, and remediation workflows for application security assessments.

90 min · QA & Security View Guide →

5.5

Testing AI-Generated Code

Testing strategies specific to AI-generated code, including higher coverage requirements, mutation testing, and behavioral validation.

90 min · QA & Security View Guide →

🚀

Track 6: Build, Deploy & Operations

6.1

Pipeline Security

CI/CD pipeline security covering hardening, scanning stages, secrets management, and protecting the build system as an attack surface.

90 min · DevOps & SRE View Guide →

6.2

Artifact Integrity & SBOM

Artifact integrity verification, SBOM generation, and software supply chain transparency using SLSA and in-toto frameworks.

90 min · DevOps & SRE View Guide →

6.3

Dependency & Supply Chain Management

Dependency and supply chain management including SCA, license compliance, vulnerability monitoring, and mitigating dependency confusion attacks.

90 min · DevOps & SRE View Guide →

6.4

Secrets Management

Secrets management best practices covering vaults, rotation, detection, and preventing secret exposure in code and CI/CD pipelines.

90 min · DevOps & SRE View Guide →

6.5

Infrastructure Hardening & Container Security

Infrastructure hardening and container security covering IaC security, CIS Benchmarks, image scanning, and runtime protection.

90 min · DevOps & SRE View Guide →

6.6

Environment Separation & Deployment

Environment separation and deployment strategies ensuring security isolation between development, staging, and production environments.

90 min · DevOps & SRE View Guide →

6.7

Secure Development Environment

Secure development environment configuration covering endpoint security, IDE hardening, and developer workstation standards.

90 min · DevOps & SRE View Guide →

🛡️

Track 7: Response & Improvement

7.1

Vulnerability Management Program

Vulnerability management program design covering lifecycle management, severity rating, SLA enforcement, and AI-powered triage at scale.

90 min · All Roles View Guide →

7.2

Coordinated Vulnerability Disclosure

Coordinated vulnerability disclosure program design including policy creation, safe harbor provisions, and researcher engagement.

90 min · All Roles View Guide →

7.3

Incident Response for Development Teams

Incident response procedures for development teams covering containment, investigation, remediation, and post-incident review.

90 min · All Roles View Guide →

7.4

Security Logging & Monitoring

Security logging and monitoring for applications covering log standards, SIEM integration, alerting, and detection engineering.

90 min · All Roles View Guide →

7.5

Program Metrics & Continuous Improvement

Program metrics and continuous improvement for SSDLC maturity, covering KPIs, dashboards, and maturity model assessments.

90 min · All Roles View Guide →

7.6

Software Decommissioning

Software decommissioning procedures covering data retention, credential revocation, dependency notification, and secure disposal.

90 min · All Roles View Guide →