To stay present with know-how and risk developments, we replace our coaching each quarter.  Whereas we take pleasure in displaying off our new content material, it’s simply as  essential for our clients to grasp why we separate and conjoin and the way learners devour sure matters.  Buyer suggestions, inner SME opinions, and analysis on trade and know-how developments additionally assist form our content material roadmap.

Our Q1 replace entails plenty of new and up to date content material aimed toward serving to builders forestall sure vulnerabilities and shield knowledge in quite a lot of improvement languages and platforms. 

Enhanced coding interactions make it simpler to distill advanced matters and commit information to reminiscence
Language-specific vulnerabilities and platform-specific hardening methods guarantee learners have the EXACT information to mitigate vulnerabilities and stop widespread assaults
Tighter Alignment to the NICE Cyber Safety Workforce framework to facilitate the mapping of programs to particular information, expertise, and skills (KSAs) required to carry out safety duties
Deprecation/Realignment of programs resulting from outdated methods or the separation of matters into microlearning modules for extremely contextual on-demand studying

New Programs:

COD 287 Java Utility Server Hardening
COD 315 Stopping Vulnerabilities in iOS Code in Swift
COD 319 Stopping Vulnerabilities in Android Code in Java
COD 324 Defending C# from XML Injection
COD 384 Defending Java from Data Disclosure
COD 385 Stopping Race Situations in Java Code
COD 386 Stopping Integer Overflows in Java Code

Up to date Programs

COD 255 Creating Safe Code – Net API Foundations
COD 302 Safe C Reminiscence Administration
COD 303 Frequent C Vulnerabilities and Assaults
COD 317 Defending Knowledge on iOS in Swift
COD 318 Defending Knowledge on Android Java 
COD 322 Defending C# from SQLi
COD 323 Utilizing encryption with C#
COD 380 Stopping SQLi in Java
COD 381 Stopping Path Traversal Assaults in Java

Retaining Builders within the Know!
This quarter’s new and up to date programs embody superior coding interactions with prevention methods and knowledge safety strategies for the respective programming language. These are delivered through character-driven situations that make the ideas extra relatable to builders.

Instance: Java Safety
We added content material on hardening the Java software server resulting from our analysis about what number of Java purposes & servers are compromised.   We additionally added situations from which builders can study what results in race situations as probably critical vulnerability.  Different additions embody detailed explanations and code examples of concurrency points, shared useful resource issues, thread-safe code, randomizing temp information, and altered ACL permissions in cross-platform environments. We additionally expanded coaching on info disclosure and avoiding hard-coded secrets and techniques by including content material round inspecting courses, disassembling JAVA, decompiling JAVA, Error Messages, and Exception Dealing with.

Instance: Integer Overflows
Particular issues turn out to be disparate and require specialised information when thought-about in several improvement languages.  Such is the case with Integer Overflows (IOs) which have turn out to be prolific and warrant focus.

When you don’t perceive Integer Overflows, simply consider an odometer on an outdated automobile odometer. It’s made from six wheels numbered Zero to 9 and may rely as much as 99,999.9 miles.  The following  1/10th of a mile doesn’t end in 100,000.Zero as a result of there are solely six potential digits, so the odometer “rolls over” and resets to 0.  This provides the misunderstanding that the automobile has a model new engine as an alternative of 1 that has been pushed 100,000 miles.  Overflow situations in software program usually result in unintended conduct, too.  

IOs are extra prevalent in Java, Swift, and C derivatives, so builders have to be significantly conscious when coding or utilizing software program coded in these languages. Whereas safe coding rules are a vital precursor, getting the proper platform- and language-specific steerage is crucial as every has distinctive threats, capabilities, built-in controls, and syntax. 

The identical is true for buffer overflows, cross-site scripting (XSS), SQL injection, and others we deal with in language-specific modules.  There are a lot of completely different assault vectors, enter varieties, server variables, and mitigation methods for every.   Mitigating SQL Injection is addressed in every of our eight new programs.  

Improved Coding Interactivity
It’s important to make a distinction between improved interactivity and easily extra interactivity. Grownup studying is a science, and an excessive amount of interactivity can truly take away from studying efficacy. The target is to distill advanced matters into hands-on studying classes that convert short-term information into a long-lasting ability (and long-term reminiscence.) To do that correctly with out compromising the technical integrity of the lesson takes self-discipline in making use of educational design.

New interactive coding examples problem learners to use information in figuring out vulnerabilities inside code and show they’ll repair them. New classes now embody the power to “enter code” in character-driven situations, aligning studying and doing. We designed this code interactivity for learners to expertise the outcomes and penalties of their selections in a secure setting. Not like different options that target remedial “line of code” looking, activity repetition, or easy information presentation, we solidify contextual relationships by way of the usage of completely different interactivity varieties.

Tighter Alignment with NICE Cyber Safety Framework
The rising NICE Cyber Safety Framework supplies a regular definition of cybersecurity, a complete checklist of cybersecurity duties, and the information, expertise, and skills required to carry out these duties. Organizations more and more depend on it for workforce improvement by way of improved job perform classification and expertise improvement. All of our programs at the moment are mapped to particular NICE roles, in addition to a major, secondary, and tertiary roles and goal audiences – making it simple to roll out studying paths. Moreover, thecourses are additionally mapped to NICE Competency Framework Controls, which ensures they’re designed to align with aims to particular information, expertise, and skills.

Deliberate for 2021
We’re frequently evaluating methods to enhance our content material, map it to trade requirements, and uncover new methods to achieve learners. Right here’s a sneak peek of what’s coming in 2021:

Studying Labs
A mixture of story-based simulations, hands-on workout routines, and mitigation classes, Studying Labs assist learners apply technical and operational competencies to establish & remediate errors accurately.

Problem-Based mostly Studying
Digital scenario-based interactions that replicate real-life experiences

Abilities Evaluation
A web based software designed to supply customized coaching suggestions, competency perception, improved monitoring, {and professional} journey mapping

Digital Badges/Certificates
Created to be shareable and exportable, they acknowledge the learner’s achievements and frequently inspire them to progress by way of studying paths

Continued Course Growth
Course additions will replicate software program’s persevering with enlargement into IT and Community domains similar to MITRE ATT&CK Framework, Community-as-Code, IoT, and cyber exploitation & protection

Need extra element? Take a look at our course updates in-depth.