Establish a

SCALABLE APPLICATION SECURITY PROGRAM

for Managers, Developers,
Testers, and Architects

Infrared Logo
GET A FREE DEMOBUY NOW

Fulfills PCI DSSv3 6.5 Compliance Requirement!

Online Application Security Training

Education is the cornerstone of any modern application security program. Developers, Managers, Architects and Testers must be fully aware of a large variety of attacks and, more importantly, how to defend your organization’s web and mobile applications. With that in mind, Infrared Security has built the most effective, educational and entertaining application security eLearning platform on the market, featuring security learning tracks for “technical” and “less-technical” learners. Upon participation, Learners will be able to more readily identify, mitigate, and prevent common security vulnerabilities within their applications and their Software Development Lifecycle (SDLC).

PCI DSSv3 6.5 Compliance

Infrared Security’s eLearning offerings fulfill your PCI compliance requirements for developers. But beyond that, developers love to learn from Infrared Security’s Online application security training series.Throughout the various modules, we highlight the risks associated with the processing of credit card information throughout the various application layers. Information gleaned from this series can be used to produce secure coding guidelines needed to enforce consistent secure programming practices throughout your organization. Learn how achieving PCI compliance spans people, process, and technology today!

HIGHLIGHTS

Richly animated entertaining stories make these educational modules extremely enjoyable to watch while absorbing key application security concepts

Participants gain a deep understanding of major risks inherent to applications, including web and mobile

Role-based training providing a depth of offerings best suited for multi-year training initiatives targeting Managers, Developers, Architects and Testers

Flexible deployment options using SCORM compliant course content

Fulfills PCI DSSv3 6.5 Compliance Requirement

eLearning Program Strategy

1

Certification

Communicate vision of a multi-year training program followed by educating and certifying foundational concepts
2

Expansion

Expand training to offer more advance role-based curricula targeting all stakeholders in product development
3

Continuation

Deliver continuing role-based training to ensure stakeholders stay current with latest threats facing their applications
4

Integration

Add-on integrated remediation guidance within security testing via “Just-in-Time Micro-Lessons”… learn what you need, when you need it most

Role-Based Applications Security Training Program

Infrared Security’s eLearning platform provides the necessary ingredients to develop and deploy a tailored Application Security Training Program. Covering a wide range of application security topics, you will have the ability to define role-based eLearning course curricula unique to the roles and responsibilities of key stakeholders within your product development teams. By implementing education across all your technical stakeholders during every stage of the secure development lifecycle, your teams will become more efficient at designing, implementing and verifying secure software.

Business Team

Stage 1

OTTF
OWASP Top Ten Foundations Exam

Stage 2

Integrating Security Throughout the SDLC

Stage 3

Secure Manager

Stage 1

OTT4M
Foundational Exam for Managers

Stage 2

Integrating Security Throughout the SDLC

Stage 3

Secure Developer

Stage 1

OTT4D
Foundational Exam For Developers
Integrating Security Throughout the SDLC

Stage 2

Building Secure Applications Series
OWASP API Security Top Ten

Stage 3

Building Secure Application Series
Docker and App Container Security

Secure Architect

Stage 1

OTT4D
Foundational Exam For Developers
Integrating Security Throughout the SDLC

Stage 2

Building Secure Applications Series
OWASP API Security Top Ten

Stage 3

Building Secure Application Series
Docker and App Container Security
Threat Modeling

Secure Tester

Stage 1

OTT4D
Foundational Exam For Developers
Integrating Security Throughout the SDLC

Stage 2

Building Secure Applications Series

Stage 3

Threat Modeling
Building Secure Application Series

Testimonials

eLearning Program Strategy

“My team was unexpectedly hit with a PCI audit by a potential Client, and our Application Security Training program really helped us shine.”

Director of Training – Credit Financial Services

“The development teams were extremely receptive to these training materials… not something we experienced in the past with our previous vendor.”

CISO – Investment Financial Services

“I’m seeing a measurable improvement in the secure development skills of my team after integrating Infrared training in our process.”

VP of Engineering – Automotive Services

Complete Application Security Course Catalog

OWASP Top Ten Series

Learners will gain an understanding of key foundational concepts relating to vulnerabilities and mitigation strategies covering industry recognized taxonomies.

OWASP TOP TEN FOR DEVELOPERS
3 hours
Buy Now
OWASP MOBILE TOP TEN FOR DEVELOPERS
3 hours
Buy Now
OWASP TOP TEN FOUNDATIONS COURSE
1 hour
Buy Now
OWASP TOP TEN FOR MANAGERS
1 hour
Buy Now
OWASP MOBILE TOP TEN FOR MANAGERS
1 hour
Buy Now
OWASP API Security Top Ten
1.5 hour
Buy Now

Building Secure Applications Series

Learners will gain an understanding of how to apply foundational application security concepts across a variety of programming languages and technology stacks.

BUILDING SECURE .NET APPLICATIONS
1 hour
Buy Now
BUILDING SECURE JAVA APPLICATIONS
1 hour
Buy Now
BUILDING SECURE JAVASCRIPT APPLICATIONS
1 hour
Buy Now
BUILDING SECURE C/C++ APPLICATIONS
30 minutes
Buy Now
BUILDING SECURE PYTHON APPLICATIONS
1 hour
Buy Now
BUILDING SECURE RUBY APPLICATIONS
1 hour
Buy Now
BUILDING SECURE MOBILE APPLICATIONS
1 hour
Buy Now

*Course to be released in 2020

Operations & Compliance

Learners will gain an understanding of key foundational concepts relating to vulnerabilities and mitigation strategies covering industry regonized taxonomies.

INTEGRATING SECURITY THROUGHOUT THE SDLC
1 hour
Buy Now
THREAT MODELING
1 hour
Buy Now
DOCKER AND APP CONTAINER SECURITY
30 minutes
Buy Now

Infrared Security’s eLearning

OWASP (2017) TOP 10

This series of eLearning modules focuses on the most common security vulnerabilities and attack vectors facing application developers today as defined by the OWASP Top Ten. Participants of these modules will explore the OWASP Top Ten through detailed analysis of real-world examples, rich visualizations of attacks, as well as detailed discussions of mitigation strategies with supporting code examples. After completing these modules, participants will be able to more readily identify, mitigate, and prevent common security vulnerabilities within their own applications.

Buy Now

Top 10 Topics

A1 – INJECTION: Learn how to identify and secure the use of interpreters with a focus on SQL Injection.
A2 – BROKEN AUTHENTICATION AND SESSION MANAGEMENT: Learn about the most common attacks used against identity verification and management controls.
A3 – CROSS-SITE SCRIPTING (XSS): Learn about the most prevalent vulnerability facing developers today – Cross-Site Scripting.
A4 – INSECURE DIRECT OBJECT REFERENCES: Learn about the risks of exposing sensitive resource identifiers without proper authorization verification.
A5 – SECURITY MISCONFIGURATION: Learn about the core principles needed to properly secure environmental configuration files.
A6 – SENSITIVE DATA EXPOSURE: Learn about data classification and sensitive data management throughout the application layers.
A7 – MISSING FUNCTION LEVEL ACCESS CONTROL: Learn how to design, implement, and integration function level access control API.
A8 – CROSS-SITE REQUEST FORGERY (CSRF): Learn how the synchronizer token pattern can thwart the sleeping giant that is Cross-Site Request Forgery.
A9 – USING COMPONENTS WITH KNOWN VULNERABILITIES: Learn about the need for visibility into the security of 3rd party components used by applications.
A10 – UNVALIDATED REDIRECTS AND FORWARDS: Learn how validation and indirection can be used to verify redirect and forward destinations.

Are you looking for Information Security Awareness training for your entire staff?

We have it.

Learn More

Individual Courses

Interested in only one or two courses? We offer any of the available Application Security Training courses for sale individually.

Request a Demo

Our new Course Roadmap

All the courses listed below are included in the subscription price. No additional charge!

Q1 2020:

Building Secure Java Applications” (60 mins): This will be a complete rewrite of our existing “Building Secure JavaEE Applications” course updated with more modern Java frameworks, practices, etc.

Q2 2020:

“OWASP Top Ten for Managers” (45 mins) – This will be an update to the existing course.
“OWASP Top Ten for Developers” (60 mins) – This will be an update to the existing course.
Building Secure .NET Applications” (60 min) – This will be a complete rewrite of our existing “Building Secure ASP.NET Applications” course updated with more modern .NET frameworks, practices, etc.

Q3 and Q4 2020 (working titles):

“Building Secure Native Applications (C/C++)” (< 30 min) – New course covering native system-level programming languages
“Security Awareness: GDPR” (< 30 min)- New course covering GDPR from a general awareness perspective
“Application Security: GDPR” (< 30 min)- New course covering GDPR from the perspective of application security / secure development
“Docker Security” (< 30 min) – New course covering the Docker containerization technology from the perspective of deployment security
“Building Secure JavaScript Applications” (60 min) – Complete rewrite of existing course covering the latest frameworks