Security best practices and standards from around the world — right at your fingertips.

Automotive Security

• Automotive Security: United Nations Economic Commission for Europe [UNECE] World Forum for Harmonization of Vehicle Regulations (WP.29) Regulation 155 (R155) for Cyber Security Management System (CSMS), ISO 21434 & ISA 62443-4-2 – Automotive Cybersecurity
• Connected cars communication protocols, secure update, privacy, access control, and encryption requirements.

Client and Desktop Applications

Hardware Security

Industry Standards

• ASD-STIG 5
• ASVS 4.0
• CWE TOP 25, 2022
• CWE 4.3
• CWE/SANS Top 25, 2020
• CVSS 3
• MDS2-2013
• OWASP Top 10 2017
• OWASP API Top 10, 2019
• NIST 800-53r4 (Granular Mandates)
• NIST 800-53r5
• NIST 800-82 Industrial Control Systems
• NIST 800-95 Web Services
• NIST 800-147/800-155 BIOS/FW
• NIST 800-171 Non Federal Systems
• U.S. Federal Government: Control Correlation Identifier (CCI)

Internet of Things (IoT)

• Authentication and Access Control
• Availability and Systems DoS Protection
• Communication Protocols:
  • AMQP, HyperCat, MQTT, Pub/Sub, Thread, XMPP, ZigBee
• RFID Solutions

Just-In-Time Developer Training

• Appsec Fundamentals
• CCPA for Software Development
• Continuous Compliance
• Defending .NET
• Defending Android
• Defending ASP.NET Core in C#
• Defending C
• Defending Cloud-based Application
• Defending Databases
• Defending Django
• Defending HTML5
• Defending iOS
• Defending Java
• Defending JSP
• Defending Node.js
• Defending PHP
• Defending Python
• Defending Web APIs
• Defending Web Apps
• GDPR for Developers
• Microservices
• Mobile Security Fundamentals
• OpSec Fundamentals
• OWASP Top 10 2017
• PCI-DSS Compliance
• PCI Secure Software Lifecycle

Mainframe Applications

Mobile Applications

Operational & Deployment Security

• Amazon Web Services (AWS)
• Apache HTTP Server
• Apache Tomcat Server
• AWS API Gateway
• AWS Cognito
• AWS Kinesis Data Firehose and Data Streams
• AWS Lambda
• AWS WAF
• AWS SQS and AWS RDS
• Azure AKS
• Docker
• Google Cloud Platform
• Infrastructure as Code (IaC): Ansible
• Kubernetes
• Microservices Infrastructure
• Microsoft Azure
• Microsoft IIS Server
• Microsoft SQL Server
• MySQL
• OpenShift
• Oracle database

Regulatory and Compliance

• • ANSSI/France Digital Signature and Encryption Requirements
  • ANSI/ISA/IEC 62443-3-3
  • ANSI/ISA/IEC 62443-4-2
  • ISASecure SSA 311
  • ISASecure CSA 311
  • Chinese Cybersecurity Law
  • CSA Cloud Control Matrix (CCM) v3 & v4
  • CNSSI 1253
  • Cybersecurity Maturity Model Certification (CMMC)
  • DIACAP
  • European Banking Authority (EBA) Security of Internet Payments
  • FedRAMP
  • GLBA
  • HIPAA
  • ISO 27001:2013/SOX
  • MAS-TRMG
  • NIST Cybersecurity Framework
  • NYDFS
  • PCI DSS 4, PCI-DSS 3.2
  • PCI-SSF (Formerly PA-DSS 3.2)
  • SOC2 (Based on AICPA TrustServices Criteria)
  • U.S. Federal Government: Control Correlation Identifier (CCI)
  • U.S. Federal Government: Executive Order 14028, Improving the Nation’s Cybersecurity – Security Measures for EO-Critical Software Use
  • U.S. Federal Government:  Executive Order 14028, Improving the Nation’s Cybersecurity – Recommended Minimum Standard for Vendor or Developer Verification of Code (NISTIR 8397)

Privacy Related:

• Anti-Spam Guidelines/CASL
• Brazilian LGPD
• California Consumer Privacy Act (CCPA) and California Privacy Right Act (CPRA) (California Civil Code)
• California Online Privacy Protection Act (CalOPPA)
• CNIL Cookie Guidelines
• COPPA
• EU Privacy and Cookie Laws
• GAPP
• GDPR (&/UK)
• New York Shield Act (S5575B)
• NIST 800-53 Privacy Controls
• PIPEDA/ECPA/CAN-SPAM

Web Applications and Services

• Angular
• Apache Wicket, Hibernate
• Apex for Force.com
• C#/ASP.net (.NET 6, WCF and Core 3)
• Django (Python)
• ESAPI, Struts, Spring,
• GoLang
• HTML5 and CSP
• Java Libraries and Frameworks:
• Java SE / EE
• Javascript
• JSP, Servlets
• NGINX
• Node.js
• NoSQL / SQL
• OAuth and OIDC
• PHP
• Python
• Ruby on Rails
• SOAP / REST
• TypeScript
• Web servers: Apache and IIS
• XML and YAML Security