Infosec IQ training and awareness content library

Our massive library of industry- and role-based training resources is updated weekly, helping you deliver fresh, relevant training to every member of your organization no matter the style and tone you need. Preview our range of content types or explore the entire library below.

Content Type
Content Pack
Subscription Plan
View Results
Filter Results

Cross-Site Scripting (XXS)

Cross-site scripting (XXS) allows attackers to run scripts in a victim’s browser to bypass access controls. In this module, we explain three types of XSS attacks and suggest XXS prevention measures.

Log Monitoring and Analysis Assessment

OWASP A10 – Insufficient Logging and Monitoring

This module covers insufficient logging and monitoring.

OWASP A4 – XML External Entities (XXE)

This module covers XML external entities, their flaws and how to protect them.

OWASP A3 – Sensitive Data Exposure

This module covers sensitive data and how to protect it.

OWASP A2 – Broken Authentication

This module covers authentication vulnerabilities and session management.

OWASP A1 – Injection

This module covers various types of injection and the associated risks to applications.

Sensitive Data Exposure

Our Sensitive Data Exposure module reinforces the need for security policies by outlining common risks of mishandled personal information.

Broken Authentication and Session Management

This module describes what incorrect implementation of authentication and session management functions are, and explains how it can allow attackers to assume other users’ identities.

Insufficient Attack Protection

Deploying sufficient attack protection is essential to keeping sensitive information safe from hacking attempts. In this module, we’ll discuss web-application requirements regarding detection, prevention and response to both manual and automated attacks.

XML External Entitites (XXE)

This lesson covers how XXE attacks are executed, and how to prevent those attacks on your applications.


Injection is one of the most common, and harmful, security risks to web applications. This module details different types of injection and suggests effective mitigation strategies for the workplace.

Security Misconfiguration

In this module, we define security misconfiguration and offer tips on improving server security.

Cross-Site Request Forgery (CSRF)

In this module, we’ll review common exploitation techniques and ways learners can protect applications from cross-site request forgery.

Broken Access Control

This module defines and explains broken access control, which allows attackers to access unauthorized functionality and/or data.

Under-protected APIs

This module defines underprotected APIs, explains why API security is important and discusses common attack methods and mitigation strategies.

Using Components with Known Vulnerabilities

This module discusses use of components with known vulnerabilities (such as libraries and frameworks) that may undermine application defenses and enable various attacks.

Insecure Deserialization

This module covers best practices for serialization - the process of turning data objects into binary streams of data.

Infosec Named a Leader in 2019 Gartner Magic Quadrant

Recognized for ability to execute and completeness of vision in Security Awareness Computer-Based Training, learn the latest market trends and what we believe sets Infosec apart.