Training Paths

No prior security experience needed. Learn core web vulnerabilities hands-on using OWASP's beginner-friendly tools and the canonical Top 10 awareness list.

Structured lessons for developers to learn secure coding. Covers injection, auth flaws, misconfigurations, and more through guided exercises and the SKF knowledge framework.

Deep-dive into API-specific attack vectors. Covers authentication flaws, excessive data exposure, broken object-level authorization, and how to test and remediate each.

The complete OWASP mobile security curriculum: risks, testing methodology, and automated analysis. Covers both iOS and Android platforms with the MASTG and MobSF.

Learn how to design, measure, and scale an AppSec program using OWASP SAMM's maturity model and ASVS as a verification standard. Ideal for security leads and architects.

Address risks in open-source dependencies, build pipelines, and software bills of materials. Uses OWASP's CI/CD Top 10 and Dependency-Check as the core tools.

Follow the WSTG methodology across all 12 testing categories, automate discovery with ZAP and Amass, and learn to document findings professionally.

Covers OWASP's Cloud-Native Top 10, Docker and Kubernetes security cheat sheets, and threat modeling for cloud workloads.

The newest OWASP frontier. Learn the 10 critical risks in LLM applications prompt injection, data poisoning, insecure output handling and how to mitigate them.

Learn structured threat modeling with OWASP Threat Dragon, pytm, and the dedicated cheat sheet. Identify, rate, and track threats before writing a line of code.