NEW! Vulnerability Identification Labs

This week at Security Innovation, we are excited to release our first-ever series of vulnerability identification labs. Each lab is a fun, gamified simulation that teaches learners to recognize and rectify common threats to software applications. Through each of these hands-on experiences, the concepts learned from prior computer-based training modules are transformed into valuable skills that learners can apply to keep their organization secure.

These new labs also help in a few other ways:

  • They fill critical skill gaps on modern DevOps teams
    Each lab represents a common threat found in the real world that is imperative for DevOps teams to master.
  • They drastically improve learning engagement and participation
    These labs bring traditional training to life. Learners are walked through new software security concepts using fun, bite-sized examples of real-world scenarios they might encounter in day-to-day work roles.
  • They prepare learners for competition in the CMD+CTRL Cyber Range
    Each lab uses “snippets” of actual cyber range environments, which not only prepares learners with necessary skills for competition but prevents them from being lost or intimidated when entering the Cyber Range for the first time.

Like other Security Innovation learning products, these labs are ultrarealistic yet completely safe browser-based applications suitable for anyone in your organization.

Vulnerability Identification Labs

  • LAB 101 – Identifying Broken Access Control Vulnerabilities
  • LAB 102 – Identifying Broken Object-level Authorization Vulnerabilities
  • LAB 103 – Identifying Broken User Authentication Vulnerabilities
  • LAB 104 – Identifying Business Logic Flaw Vulnerabilities
  • LAB 105 – Identifying Credential Dumping Vulnerabilities
  • LAB 106 – Identifying Cross-Site Scripting Vulnerabilities
  • LAB 107 – Identifying Injection Vulnerabilities
  • LAB 108 – Identifying Reverse Engineering Vulnerabilities
  • LAB 109 – Identifying Security Misconfiguration Vulnerabilities
  • LAB 110 – Identifying Sensitive Data Exposure Vulnerabilities

New Course Offerings

DES 217 - Securing Terraform Infrastructure and Resources

Terraform is an extremely popular open-source Infrastructure-as-Code (IaC) tool designed to automate the provisioning of both public and private cloud infrastructure components. IaC is managed by engineering and DevOps teams, so security teams often overlook it. However, since it requires code to manage provisioning, the associated security configurations must also be defined in code.

With this new course, learners are challenged to identify and mitigate the most common IaC vulnerabilities to maintain the security of infrastructure definitions and deployment secrets.

DES 207 – Mitigating OWASP API Security Top 10

As more enterprises build Application Programming Interfaces (APIs) to connect software to third parties, they have also become a favorite target for attackers to gain application data. This increasing attack surface was the impetus for OWASP to create their API Security Top 10, which focuses on strategies and solutions to understand and mitigate associated risks.

In this course, learners will focus on issues specific to APIs, including strategies to mitigate the unique vulnerabilities and security risks of APIs based on their crucial role in application architecture.

DES 208 – Defending Against the CSA Top 11 Threats

This course provides Cloud Security Alliance (CSA) guidelines for secure practices that organizations should focus on when planning and establishing cloud environments. Naturally, as more organizations deploy cloud-based solutions, new security risks and challenges are introduced.

Cloud Penetration Testing Courses

These new courses will provide learners with the ability to conduct vulnerability assessments for cloud environments hosted by the top 3 service providers:

TST 303 – Penetration Testing for Google Cloud Platform

Google Cloud Platform (GCP) offers many security features/services under a shared-responsibility model. Still, there are numerous ways an external attacker can gain access to your cloud environment. This course covers the fundamentals of Penetration Testing within Google Cloud Platform for common GCP vulnerabilities and misconfigurations that can leave your cloud environment exposed.

TST 304 – Penetration Testing for AWS Cloud

Amazon Web Services (AWS) offers a range of cloud hosting services, but AWS only permits security testing of user-operated services. Performing a penetration test in AWS requires adequate planning and expert knowledge of how AWS methodologies differ from traditional pen testing. This course covers the fundamentals of penetration testing within Amazon Web Services. It provides an understanding of how to evaluate AWS cloud services and the types of tools and tests permitted.

TST 305 – Penetration Testing for Azure Cloud

Conducting penetration testing of assets such as web applications, networks, and network devices in the Microsoft Azure environment requires knowledge of Azure methodologies and the common types of penetration tests they allow. This course covers the fundamentals of penetration testing within the Azure cloud while explaining how to evaluate Azure services and ensure your Azure cloud infrastructure is designed and configured according to best practices.