Skip to main content

Cyber Security Course Path

This guide gives an overview of the suggested course path for education about the cyber security lifecycle for teams that work with ABB products, systems, or solution offerings that are software related.

The table below lists mandatory and optional internal courses for specific roles within R&D with references and links to the training as well as suggestions to some external courses. The estimated time of the courses vary between 5 - 90 minutes. Most courses take less than 10 minutes.

Security-related courses (internal and external) can also be found at Security Development Lifecycle under the section "Security Expertise". There is also a short description to some of the classes listed below.

In addition to the suggested course path below, it is advisable to look through the other courses and select additional courses applicable for the need of the individual employee or team. If you find good security related courses on 3rd party portals inform the cyber security process group so that they can be shared on this page.

Course IDNameCondition
SDIP150eCyber Security - Security Development LifecycleMandatory
9CSC021793-GLB-ENIntroduction to the new ABB Cyber Security StandardsMandatory
9CSC021794-GLB-ENIntroduction to the ABB Security Development Lifecycle StandardMandatory
9CSC021795-GLB-ENIntroduction to the ABB Product Security StandardMandatory
9CSC023957-GLB-ENIntroduction to the ABB Cloud Offering Security and Cloud Operations Security StandardsMandatory

All software developers

Course IDNameCondition
SDIP550eWriting Secure CodeMandatory
SDIP450eThreat ModelingMandatory
SDIP589eNeutralization of Special Elements Used in a CommandMandatory
SDIP582eExposure of System Data to an Unauthorized Control SphereOptional
SDIP584eUsage of Insecure Temporary FilesOptional

C/C++ developers

Course IDNameCondition
SDIP587eUse of Uninitialized Variable (CWE-457)Mandatory
SDIP581eImproper Validation of Array Indices (CWE-129)Optional
SDIP585eImproper Release of Memory Before Removing Last Reference (CWE-401)Optional
SDIP583eImproper Null Termination (CWE-583)Optional
SDIP586eDouble Freeing of Allocated Memory (CWE-415)Optional
SDIP588eNULL Pointer Dereference (CWE-476)Optional

Klocwork users

Course IDNameCondition
SDIP580vHow to Use Klocwork Insight to Find Security VulnerabilitiesMandatory

Black Duck Binary Analysis (BDBA) users

LinkNameCondition
External freeBDBA: Introduction WalkthroughOptional
External freeBDBA: Getting StartedOptional
External freeBDBA: Uploading and Analysis OverviewOptional
External freeBDBA: Detected ComponentsOptional
External freeBlack Duck Binary Analysis Vulnerability TriageOptional
External freeBDBA: Scan List OperationsOptional
External freeBDBA: Information LeakageOptional
External freeBDBA: Docker Container ScanningOptional

SonarQube users

LinkNameCondition
External 1 month Free trialSonarQube TutorialOptional
External freeSonarQube OverviewOptional
External freeInstallation of SonarQube in LinuxOptional
External freeSetup Sonar as ServiceOptional
External freeSonarQube Dashboard OverviewOptional
External freeCreation of Users in SonarQubeOptional
External freeIntegrating the SonarQube in mavenOptional
External paidSonarQube (SAST + Quality : Complete course on SonarQube)Optional

Support level SL3 and SL4

Course IDNameCondition
SDIP151eWorking with Customer SystemsMandatory
Owner: Cyber Security Team