Establish a

SCALABLE APPLICATION SECURITY PROGRAM

for Managers, Developers,
Testers, and Architects

Infrared Logo
GET A FREE DEMOBUY NOW

Fulfills PCI DSSv3 6.5 Compliance Requirement!

Online Application Security Training

Education is the cornerstone of any modern application security program. Developers, Managers, Architects and Testers must be fully aware of a large variety of attacks and, more importantly, how to defend your organization’s web and mobile applications. With that in mind, Infrared Security has built the most effective, educational and entertaining application security eLearning platform on the market, featuring security learning tracks for “technical” and “less-technical” learners. Upon participation, Learners will be able to more readily identify, mitigate, and prevent common security vulnerabilities within their applications and their Software Development Lifecycle (SDLC).

PCI DSSv3 6.5 Compliance

Infrared Security’s eLearning offerings fulfill your PCI compliance requirements for developers. But beyond that, developers love to learn from Infrared Security’s Online application security training series.Throughout the various modules, we highlight the risks associated with the processing of credit card information throughout the various application layers. Information gleaned from this series can be used to produce secure coding guidelines needed to enforce consistent secure programming practices throughout your organization. Learn how achieving PCI compliance spans people, process, and technology today!

HIGHLIGHTS

Richly animated entertaining stories make these educational modules extremely enjoyable to watch while absorbing key application security concepts

Participants gain a deep understanding of major risks inherent to applications, including web and mobile

Role-based training providing a depth of offerings best suited for multi-year training initiatives targeting Managers, Developers, Architects and Testers

Flexible deployment options using SCORM compliant course content

Fulfills PCI DSSv3 6.5 Compliance Requirement

eLearning Program Strategy

1

Certification

Communicate vision of a multi-year training program followed by educating and certifying foundational concepts
2

Expansion

Expand training to offer more advance role-based curricula targeting all stakeholders in product development
3

Continuation

Deliver continuing role-based training to ensure stakeholders stay current with latest threats facing their applications
4

Integration

Add-on integrated remediation guidance within security testing via “Just-in-Time Micro-Lessons”… learn what you need, when you need it most

Role-Based Applications Security Training Program

Infrared Security’s eLearning platform provides the necessary ingredients to develop and deploy a tailored Application Security Training Program. Covering a wide range of application security topics, you will have the ability to define role-based eLearning course curricula unique to the roles and responsibilities of key stakeholders within your product development teams. By implementing education across all your technical stakeholders during every stage of the secure development lifecycle, your teams will become more efficient at designing, implementing and verifying secure software.

Secure Manager

Foundational

OWASP Top Ten for Managers Series
OWASP Top Ten for Managers: Foundational Exam

Advanced

Integrating Security Throughout the SDLC
*Key Principles of GDPR

Secure Developer

Foundational

OWASP Top Ten for Developers Series
OWASP Top Ten for Developers: Foundational Exam

Advanced

Building Secure Application Series
Defensive Enterprise Remediation
*Docker and App Container Security

Secure Architect

Foundational

OWASP Top Ten for Developers Series
OWASP Top Ten for Developers: Foundational Exam
Threat Modeling

Advanced

Building Secure Application Series
Integrating Security Throughout the SDLC
Defensive Enterprise Remediation
*Docker and App Container Security

Secure Tester

Foundational

OWASP Top Ten for Developers Series
OWASP Top Ten for Developers: Foundational Exam

Advanced

Building Secure Application Series
Integrating Security Throughout the SDLC
Defensive Enterprise Remediation

*Planned for release in 2020

Testimonials

eLearning Program Strategy

“My team was unexpectedly hit with a PCI audit by a potential Client, and our Application Security Training program really helped us shine.”

Director of Training – Credit Financial Services

“The development teams were extremely receptive to these training materials… not something we experienced in the past with our previous vendor.”

CISO – Investment Financial Services

“I’m seeing a measurable improvement in the secure development skills of my team after integrating Infrared training in our process.”

VP of Engineering – Automotive Services

Complete Application Security Course Catalog

OWASP Top Ten Series

Learners will gain an understanding of key foundational concepts relating to vulnerabilities and mitigation strategies covering industry recognized taxonomies.

**OWASP TOP TEN FOR DEVELOPERS
3 hours
Buy Now
OWASP MOBILE TOP TEN FOR DEVELOPERS
3 hours
Buy Now
OWASP TOP TEN 2013-2017 DELTA FOR DEVELOPERS
1 hour
Buy Now
**OWASP TOP TEN FOR MANAGERS
1 hour
Buy Now
OWASP MOBILE TOP TEN FOR MANAGERS
1 hour
Buy Now

**Course to be updated in 2020

Building Secure Applications Series

Learners will gain an understanding of how to apply foundational application security concepts across a variety of programming languages and technology stacks.

**BUILDING SECURE .NET APPLICATIONS
1 hour
Buy Now
**BUILDING SECURE JAVA APPLICATIONS
1 hour
Buy Now
**BUILDING SECURE JAVASCRIPT APPLICATIONS
1 hour
Buy Now
*BUILDING SECURE NATIVE APPLICATIONS
30 minutes
Buy Now
BUILDING SECURE PYTHON APPLICATIONS
1 hour
Buy Now
BUILDING SECURE RUBY APPLICATIONS
1 hour
Buy Now

*Course to be released in 2020
**Course to be updated in 2020

Operations & Compliance

Learners will gain an understanding of key foundational concepts relating to vulnerabilities and mitigation strategies covering industry regonized taxonomies.

INTEGRATING SECURITY THROUGHOUT THE SDLC
1 hour
Buy Now
*KEY PRINCIPLES OF GDPR
30 minutes
Buy Now
**BUILDING SECURE JAVASCRIPT APPLICATIONS
1 hour
Buy Now
DEFENSIVE ENTERPRISE REMEDIATION
1 hour
Buy Now
*DOCKER AND APP CONTAINER SECURITY
30 minutes
Buy Now

*Course to be released in 2020

Infrared Security’s eLearning

OWASP (2017) TOP 10

This series of eLearning modules focuses on the most common security vulnerabilities and attack vectors facing application developers today as defined by the OWASP Top Ten. Participants of these modules will explore the OWASP Top Ten through detailed analysis of real-world examples, rich visualizations of attacks, as well as detailed discussions of mitigation strategies with supporting code examples. After completing these modules, participants will be able to more readily identify, mitigate, and prevent common security vulnerabilities within their own applications.

Buy Now

Top 10 Topics

A1 – INJECTION: Learn how to identify and secure the use of interpreters with a focus on SQL Injection.
A2 – BROKEN AUTHENTICATION AND SESSION MANAGEMENT: Learn about the most common attacks used against identity verification and management controls.
A3 – CROSS-SITE SCRIPTING (XSS): Learn about the most prevalent vulnerability facing developers today – Cross-Site Scripting.
A4 – INSECURE DIRECT OBJECT REFERENCES: Learn about the risks of exposing sensitive resource identifiers without proper authorization verification.
A5 – SECURITY MISCONFIGURATION: Learn about the core principles needed to properly secure environmental configuration files.
A6 – SENSITIVE DATA EXPOSURE: Learn about data classification and sensitive data management throughout the application layers.
A7 – MISSING FUNCTION LEVEL ACCESS CONTROL: Learn how to design, implement, and integration function level access control API.
A8 – CROSS-SITE REQUEST FORGERY (CSRF): Learn how the synchronizer token pattern can thwart the sleeping giant that is Cross-Site Request Forgery.
A9 – USING COMPONENTS WITH KNOWN VULNERABILITIES: Learn about the need for visibility into the security of 3rd party components used by applications.
A10 – UNVALIDATED REDIRECTS AND FORWARDS: Learn how validation and indirection can be used to verify redirect and forward destinations.

Are you looking for Information Security Awareness training for your entire staff?

We have it.

Learn More

Individual Courses

Interested in only one or two courses? We offer any of the available Application Security Training courses for sale individually.

Request a Demo

Our new Course Roadmap

All the courses listed below are included in the subscription price. No additional charge!

Q1 2020:

Building Secure Java Applications” (60 mins): This will be a complete rewrite of our existing “Building Secure JavaEE Applications” course updated with more modern Java frameworks, practices, etc.

Q2 2020:

“OWASP Top Ten for Managers” (45 mins) – This will be an update to the existing course.
“OWASP Top Ten for Developers” (60 mins) – This will be an update to the existing course.
Building Secure .NET Applications” (60 min) – This will be a complete rewrite of our existing “Building Secure ASP.NET Applications” course updated with more modern .NET frameworks, practices, etc.

Q3 and Q4 2020 (working titles):

“Building Secure Native Applications (C/C++)” (< 30 min) – New course covering native system-level programming languages
“Security Awareness: GDPR” (< 30 min)- New course covering GDPR from a general awareness perspective
“Application Security: GDPR” (< 30 min)- New course covering GDPR from the perspective of application security / secure development
“Docker Security” (< 30 min) – New course covering the Docker containerization technology from the perspective of deployment security
“Building Secure JavaScript Applications” (60 min) – Complete rewrite of existing course covering the latest frameworks