ADVANCED APPLICATION SECURITY TRAINING FOR YOUR MANAGERS, DEVELOPERS AND ARCHITECTS
Fulfills PCI DSSv3 6.5 Compliance Requirement.
A growing suite of secure coding courses for one low price.
Infrared Logo
GET A FREE DEMOBUY NOW

Check out our new

Course Roadmap for 2020!

Online Application Security Training
  • Role based training perfect for managers, developers, architects and testers emphasizing secure coding practices and principles
  • Richly animated entertaining stories make these educational modules extremely enjoyable to watch
  • Purchase full access to our library of security eLearning courses or buy them one at a time
  • Participants gain a deep understanding of major risks inherent to web and mobile applications
  • Defenses for each security issue covered in depth across multiple languages and platforms
PCI DSSv3 6.5 Compliance

Infrared Security’s eLearning offerings fulfill your PCI compliance requirements for developers. But beyond that, developers love to learn from Infrared Security’s Online application security training series.Throughout the various modules, we highlight the risks associated with the processing of credit card information throughout the various application layers. Information gleaned from this series can be used to produce secure coding guidelines needed to enforce consistent secure programming practices throughout your organization. Learn how achieving PCI compliance spans people, process, and technology today!

Are you looking for Information Security Awareness training for your entire staff?

We have it.

Testimonials

“My team was unexpectedly hit with a PCI audit by a potential Client, and our Application Security Training program really helped us shine.”

Director of Training – Credit Financial Services

“The development teams were extremely receptive to these training materials… not something we experienced in the past with our previous vendor.”

CISO – Investment Financial Services

“I’m seeing a measurable improvement in the secure development skills of my team after integrating Infrared training in our process.”

VP of Engineering – Automotive Services
Complete Application Security Course Catalog
OWASP TOP TEN 2017 FOR DEVELOPERS: Participants of this course will gain a foundational understanding of application security and secure programming practices based on the threats and vulnerabilities outlined in the Open Web Application Security Project’s Top Ten document.
OWASP TOP TEN 2017 FOR MANAGERS: Participants of this course will gain a foundational understanding of application security based on the threats and vulnerabilities outlined in the Open Web Application Security Project’s Top Ten document.
OWASP MOBILE TOP TEN FOR DEVELOPERS: Participants of this course will gain a foundational understanding of mobile application security and secure programming practices based on the threats and vulnerabilities outlined in the Open Web Application Security Project’s Mobile Top Ten document.
OWASP MOBILE TOP TEN FOR MANAGERS: Participants of this course will gain a foundational understanding of mobile application security based on the threats and vulnerabilities outlined in the Open Web Application Security Project’s Mobile Top Ten document.
DEFENSIVE ENTERPRISE REMEDIATION: articipants of this course will gain a foundational understanding of mitigating specific classes of vulnerability with emphasis on the Java and C# programming languages.
THREAT MODELING: Participants of this course will gain an understanding of the threat modeling process and how it is used to identify and prioritize threats.
BUILDING SECURE ASP.NET APPLICATIONS: Participants of this course will gain a foundational understanding of writing secure software on ASP.NET based platforms.
BUILDING SECURE MOBILE APPLICATIONS: Participants of this course will gain a foundational understanding of how to build secure mobile applications targeting the iOS and Android platforms.
BUILDING SECURE JAVA EE APPLICATIONS: Participants of this course will gain a foundational understanding of writing secure software on Java Enterprise Edition based platforms.
BUILDING SECURE JAVASCRIPT APPLICATIONS: Participants of this course will gain a foundational understanding of writing secure software using JavaScript for both the client and the server.
BUILDING SECURE PYTHON APPLICATIONS: Participants of this course will gain a foundational understanding of writing secure software on Python based platforms.
INTEGRATING SECURITY THROUGHOUT THE SDLC: Participants will understand the most important and essential security activities which can be conducted throughout the SDLC to reduce security issues.
Infrared Security’s eLearning

OWASP (2017) TOP 10

This 11 part, 5 hour online application security training course focuses on the most common security vulnerabilities and attack vectors facing application developers today as defined by the OWASP (2017) Top Ten. Learners will experience detailed analysis of real-world examples, rich visualizations of attacks, as well as detailed discussions of mitigation strategies with supporting secure coding examples. After completing these modules, participants will be able to more readily identify, mitigate, and prevent common security vulnerabilities within their own applications.

Get It!
Top 10 Topics
A1 – INJECTION: Learn how to identify and secure the use of interpreters with a focus on SQL Injection.
A2 – BROKEN AUTHENTICATION AND SESSION MANAGEMENT: Learn about the most common attacks used against identity verification and management controls.
A3 – CROSS-SITE SCRIPTING (XSS): Learn about the most prevalent vulnerability facing developers today – Cross-Site Scripting.
A4 – INSECURE DIRECT OBJECT REFERENCES: Learn about the risks of exposing sensitive resource identifiers without proper authorization verification.
A5 – SECURITY MISCONFIGURATION: Learn about the core principles needed to properly secure environmental configuration files.
A6 – SENSITIVE DATA EXPOSURE: Learn about data classification and sensitive data management throughout the application layers.
A7 – MISSING FUNCTION LEVEL ACCESS CONTROL: Learn how to design, implement, and integration function level access control API.
A8 – CROSS-SITE REQUEST FORGERY (CSRF): Learn how the synchronizer token pattern can thwart the sleeping giant that is Cross-Site Request Forgery.
A9 – USING COMPONENTS WITH KNOWN VULNERABILITIES: Learn about the need for visibility into the security of 3rd party components used by applications.
A10 – UNVALIDATED REDIRECTS AND FORWARDS: Learn how validation and indirection can be used to verify redirect and forward destinations.
Our New Course Roadmap

All the courses listed below are included in the subscription price. No additional charge!

Q4 2019:

  • OWASP Mobile Top 10 for Developers and Managers (available now)

Q1 2020:

  • “Building Secure Ruby Applications” (60 mins): New course teaching how to write secure ruby apps.
  • Building Secure Java Applications” (60 mins): This will be a complete rewrite of our existing “Building Secure JavaEE Applications” course updated with more modern Java frameworks, practices, etc.

Q2 2020:

  • “OWASP Top Ten for Managers” (45 mins) – This will be an update to the existing course.
  • “OWASP Top Ten for Developers” (60 mins) – This will be an update to the existing course.
  • Building Secure .NET Applications” (60 min) – This will be a complete rewrite of our existing “Building Secure ASP.NET Applications” course updated with more modern .NET frameworks, practices, etc.


Q3 and Q4 2020 (working titles):

  •  “Building Secure Native Applications (C/C++)” (< 30 min) – New course covering native system-level programming languages
  • “Security Awareness: GDPR” (< 30 min)- New course covering GDPR from a general awareness perspective
  • “Application Security: GDPR” (< 30 min)- New course covering GDPR from the perspective of application security / secure development
  • “Docker Security” (< 30 min) – New course covering the Docker containerization technology from the perspective of deployment security
  • “Building Secure JavaScript Applications” (60 min) – Complete rewrite of existing course covering the latest frameworks

App Sec Learning Paths

Secure Software Architect
Infrared courses types
Secure Softwares courses

Individual Courses

Interested in only one or two courses? We offer any of the available Application Security Training courses for sale individually.

Request a Demo

Build a Solid and
Scalable Educational Program

eLearning for your entire development team:

Education is the cornerstone of any modern application security program. Developers, managers, architects and testers must be fully aware of a large variety of attacks and, more importantly, how to defend your organization’s web and mobile applications through secure coding practices. With that in mind, Infrared Security has built the most effective, educational and entertaining application security platform on the market: Infrared Spectrum. Infrared Spectrum distills innumerable live classes into highly effective and engaging material that will instill core security knowledge into your staff and management team.

Infrared Spectrum is a full application security educational platform, featuring security learning tracks for “technical” and “less-technical” participants. Technical modules feature code-level guidance across many programming languages. Participants of our offerings will be able to more readily identify, mitigate, and prevent common security vulnerabilities within their applications and their software development lifecycles (SDLC).

  • Participants gain a deep understanding of major risks inherent to web and mobile applications
  • Defenses for each security issue covered in depth across multiple languages and platforms
  • Courses cover a wide range of topics with role-specific learning paths
  • Hosted within our 24/7 cloud-based hosting environment
Learn More