Security Journey Unveils Innovative AI/LLM and API Learning Paths for Secure Software Development


  • Security Journey introduces AI/LLM and API learning paths aligned with OWASP Top 10 2023 guidelines.
  • AI/LLM path focuses on secure AI system design and integration.
  • API path covers various levels of API security, catering to developers of all experience levels.
  • Research highlights the critical need to secure APIs, with 92% of organizations reporting security incidents related to insecure APIs.
  • Formal training programs for developers correlate with better API risk understanding.
  • Security Journey’s commitment to addressing security challenges continues with these Topic-Based Learning Paths.

Main AI News:

In a move that underscores its commitment to advancing secure coding practices, Security Journey, a prominent provider of secure coding training, has introduced two cutting-edge learning paths aligned with the newly released OWASP Top 10 2023 guidelines. These learning paths are geared towards equipping development teams with the essential knowledge and skills needed to construct software securely, particularly in the realms of Artificial Intelligence (AI) applications based on Large Language Models (LLM) and the protection of Application Programming Interfaces (APIs).

Responding swiftly to the publication of the OWASP vulnerability lists, Security Journey has devised comprehensive training modules designed to empower enterprises to embrace these transformative technologies while maintaining robust security standards. The OWASP Top 10 AI/LLM learning path offers a deep dive into secure AI system design, with a specific focus on systems built upon Large Language Models. Additionally, it provides insights into secure integration and utilization practices for these cutting-edge systems. This curriculum covers critical topics, enabling development teams to elevate their engineering proficiency in safeguarding data, AI models, and software applications.

The AI/LLM learning path comprises the following modules:

  1. Introduction to AI/LLM Security
  2. Data Science Engineering for AI/LLM
  3. Model Engineering for AI/LLM
  4. Application and Plugin Security for AI/LLM
  5. AI/LLM Security Toolchain

Joe Ferrara, CEO of Security Journey, emphasized the significance of these new learning paths, stating, “In light of recent guidance from CISA advocating for AI software to be inherently secure, with minimal configuration changes or additional expenses, these lessons and learning paths are pivotal. By equipping development teams with the requisite skills to ensure the security of API and AI systems, we are empowering them to address the ever-evolving threat landscape effectively.”

Furthermore, Security Journey is set to launch the OWASP API Security Top 10 learning path in December. This progressive learning path encompasses foundational, intermediate, and advanced lessons presented in various formats, including podcast-style videos and hands-on coding exercises. This initiative aims to prepare developers of all proficiency levels to confront the substantial risks associated with insecure APIs.

The OWASP API Top 10 path consists of the following modules:

  1. OWASP API Top 10 | Part 1
  2. Broken Object Level Authorization (Hands-on Coding Lesson)
  3. Broken Authentication (Hands-on Coding Lesson)
  4. Broken Object Property Level Authorization (Hands-on Coding Lesson)
  5. OWASP API Top 10 | Part 2
  6. Unrestricted Resource Consumption (Hands-on Coding Lesson)
  7. Broken Function Level Authorization (Hands-on Coding Lesson)
  8. Unrestricted Access to Sensitive Business Flows (Hands-On Coding Lesson)
  9. OWASP API Top 10 | Part 3
  10. Server-Side Request Forgery (SSRF) (Hands-On Coding Lesson)
  11. Security Misconfigurations (Hands-On Coding Lesson)
  12. Improper Inventory Management (Hands-On Coding Lesson)
  13. Unsafe Consumption of APIs (Hands-On Coding Lesson)
  14. Fundamentals of gRPC Security
  15. Fundamentals of GraphQL Security

The imperative need to secure APIs has become abundantly clear, as revealed by recent research conducted by TechTarget’s Enterprise Strategy Group on Securing the API Attack Surface. The study found that 92% of organizations have encountered at least one security incident related to insecure APIs in the past year, with 57% experiencing multiple such incidents. Melinda Marks, Practice Director, Cybersecurity at Enterprise Strategy Group, commented, “While APIs are potent tools for developers, it is essential for them to comprehend the security implications and risks associated with developing feature-rich applications using APIs. Our research demonstrates a direct link between developers having a higher level of API risk understanding and the presence of formal training programs within organizations.”

Security Journey’s commitment to addressing evolving security challenges is further exemplified by these new Topic-Based Learning Paths, building upon their recent introduction of Role-Based and Compliance-Based Recommended Learning Paths. These offerings are meticulously crafted to empower learners to enhance their expertise and skills in specific, high-priority areas. By doing so, development teams can effectively mitigate and preempt prominent software risks, aligning with industry standards such as the OWASP Top 10 2023 recommendations for AI and API security. These learning paths exemplify our dedication to remaining at the forefront of security education, ensuring organizations are well-equipped to confront ongoing security challenges.


Security Journey’s introduction of AI/LLM and API learning paths demonstrates a proactive approach to enhancing secure software development practices. With the growing importance of secure AI and API systems, these learning paths address critical skill gaps in the market. The alarming statistics regarding API security incidents underscore the urgent need for organizations to invest in comprehensive training programs. As a result, Security Journey’s commitment to empowering development teams with the requisite skills positions them as a valuable resource in the ever-evolving landscape of software security.