AppSec CBT Training

A comprehensive approach to
delivering offensive and defensive skills.

The Industry's Largest and Most Comprehensive Application Security e-Learning Library

For Software Development Teams our AppSec e-Learning courses (part of our Attack and Defend approach) containes over 120+ courses, and provides your software development teams with computer-based training that encompasses the latest industry best practices.

Our dynamic curriculum will improve your developers' security knowledge, and help you comply with the latest standards that mandate application security training and the use of secure coding best practices.

The courses are is scalable for enterprise deployment, and is self-paced so that your developers can easily manage their learning experience. Request a free demonstration to see the content, design, and the level of interactivity we build into our courses.

About AppSec Training

Our e-Learning classes combine expert content and voiceovers with hands-on exercises to maximise knowledge transferred to your developers. The content is based on instructor-led courses that our experts have developed and refined with years of "in the trenches" experience.

Developed by a combination of security engineers and training experts, the courses ensure that new skills are taught effectively. Our modules include questions that involve your developers and promote critical thinking, without impacting flow.

Courses combine progressive role, platform and technology courses. With over 120+ Courses comprising of foundation to advanced level courses, delivers the right level of training at the right time, to suit the targetted skill and knowledge level required.

Courses BY ROLE

Operations - Project Manager, Operations/IT Manager, Development Manager, Systems Leadership, Security Specialist, Cyber Security Professional, Application/Product Owner, Business Analyst, Application Security Champion, Systems Analyst.

Architects - Software Architect, IT Architect, Embedded Architect.

Engineers - Network Engineer, Quality Assurance (QA)/Test Engineer, DevOps Engineer, Automation Engineer, Embedded QA/Test Engineer.

Administrators - Linux Administrator, Systems Administrator, Database Administrator.

For Developers - .NET, C#, Java, PHP, C/C++, Objective-C, Web 2.0, AJAX, HTML 5.0, and others, Mobile, Android, iOS, Database, Oracle, SQL, SAP, Cloud, Azure, AWS, Embedded, Windows and others

Download our Learning Paths


  • PCI DSS – 62 courses covering 39 requirements
  • OWASP – 62 courses covering each OWASP Top Ten
  • CWE – 47 courses covering 35 weaknesses
  • ISO – 61 courses covering 67 controls
  • NERC – 60 courses covering 29 controls
  • HIPAA – 22 courses covering 164.312, 164.308
  • GDPR – 41 courses covering 6 Articles
  • Download our courses mapped to standards

To help you meet industry standards, we have produced seven documents describing the courses contained within our TEAM Professor application security training and how they map against industry standards. Get documents here.

Course catalogue

e-Learning classes include hands-on simulations and labs that allow your development teams to apply the concepts they learn and ensure understanding of how to apply and integrate newly acquired knowledge into daily work activities. While these hands-on exercises are very interactive, students are guided by the course to ensure they learn in the most time-effective manner.

Each course is tied into the phases of the Software Development Lifecycle and provides the knowledge that your Software Development teams need to:

  • Integrate application security into overall staff awareness training
  • Expose dangerous security holes before your applications are released
  • Develop more secure code
  • Roll out secure development best practices
  • Understand the myriad of security breaches and threats your organisation faces

The e-Learning Approach

Security Innovation's e-Learning methodology is based on the ADDIE model: an instructional design process that includes five separate phases:

  • Analysis: Instructional goals, objectives and prerequisite knowledge of the course are identified.
  • Design: The course's learning or performance objectives are refined and an instructional, visual and technical design strategy is developed, based on learning objectives. Each type of training activity is selected to maximize the success of achieving predefined learning objectives.
  • Development: Course storyboards are developed. Visual and audio-based activities are specified (animations, videos, simulations, voiceovers, games).
  • Implementation: Visual and audio-based activities are created. All course artifacts are integrated into the release candidate.
  • Evaluation: The course is tested and refined through a rigorous quality assurance process.

All learning activities included in Security Innovation's e-Learning courses fall in one of the following three categories: Absorb, Do or Connect. The aim of this approach is to put your developer into action: elevating learning from passive reading & watching to actively seeking, selecting and experiencing the material to acquire new knowledge and skills. These activity categories are as follows:

  • Absorb activities enable your teams to obtain the crucial, up-to-date information they need to do their jobs or further their learning. They are activities that require learners to read (text), watch (video), and listen (narration) to absorb the information, e.g.: an animation with voiceover.
  • Do activities are those aimed at transforming newly absorbed information into knowledge and skills. "Do" activites include, games, case-studies, quizzes, and matching.
  • Connect activities are designed to link the information provided in the course to your developers' work environment and everyday lives. They usually come in the form of a set of questions that relate acquired knowledge to their day-to-day roles.

Absorb activities are the nouns, do activities the verbs, and connect activities the conjunctions of learning. Security Innovation uses a team of instructional designers, programmers, and graphic designers working together to maximise knowledge transfer, and select the right combination of activities to ensure that all types of learner are engaged.

Additionally, our courses involve a lot of interactive activities ranging from Level 1 (passive) to Level 3 (complex interaction); we aim to include as many complex interactions as possible when the topic warrants it. These levels of interactivity are based on the scale defined by the U.S. Department of Defense. All of our eLearning classes are SCORM and AICC compliant. Many of our courses qualify for CPE credits for CISSP and CSSLP.

More Information

    Fundamentals of Application Security (Course preview)

    OWASP Top 10 Threats and Mitigations (Course preview)

    How to Test for the OWASP Top Ten (Course preview)

    OWASP Top Ten in Practice (video)

Ready to become a master
of your Enterprise?

Book a free consultation and one of our experts will be in touch to learn more about your current situation, and discuss how we can help.

Master Enterprise security