Unmatched Security Content and Training Library 

SD Elements provides an expansive content library of threats, compliance requirements, countermeasures, and just-in-time training modules.

By Category

Artificial Intelligence + Machine Learning

NIST AI Risk Management Framework (RMF)
OWASP Top 10 for Large Language Model Applications
LLM-based Code Generation Security
ML Security
- OWASP ML Security Top Ten
- ENISA Security ML Algorithms
EU AI Act

AI/Data Engineering Cloud Services

AWS Sagemaker
AWS Bedrock
AWS Lake Formation
Azure OpenAI
Azure Data Lake Storage
GCP Vertex AI

AI Use Cases

Fine-tuning
RAG (Retrieval-Augmented Generation)
Use of vector databases

Automotive Security

Connected cars’ communication protocols, secure updates, privacy, access
control, and encryption requirements.

UNECE WP29/R155
ISO/SAE 21434:2021 Road vehicles — Cybersecurity engineering

Client and Desktop Applications

.NET 8
C/C++ (POSIX and Microsoft)
Bash/Shell (Linux)

Hardware Security

Hardware Weaknesses based on CWE 4.15 weaknesses
Hardware, firmware, and embedded device controls
Bluetooth Security

Industry Standards

ASD-STIG 5
ASVS 4.0
CWE Top 25, 2023
CWE 4.13
CVSS 3
MDS2-2013
OWASP Top 10 2017
OWASP Top 10 2021
OWASP API Top 10, 2023
OWASP Top 10 Privacy Risks v2.0
Secure Controls Framework (SCF)
PCI SSF: SSLC (1.1) & S3 (1.0)
DISA Control Correlation Identifier (CCI) Framework

NIST 800-147/800-155
BIOS/FW
NIST 800-171 Non-Federal Systems
NIST 800-53r4
NIST 800-53r5
NIST 800-82 Industrial Control Systems
NIST 800-95 Web Services
NIST 800-190 Containers
NIST 800-218 SSDF
NISTIR 8397 (Verification Req.)
EO14028
- NIST Critical Software Req.
Consumer IoT
- ETSI EN 303 645

Internet of Things (IoT)

Consumer IoT: ETSI EN 303 645
Authentication and Access Control
Availability and Systems DoS Protection
Communication Protocols
- Bluetooth
- HyperCat
- MQTT
- Pub/Sub
- Thread
- WiFi
- XMPP
- Zigbee
- AMQP
RFID Solutions

Just-in-Time Developer Training

Over 750 bite-sized training modules associated directly with specific Countermeasures, to teach developers about secure coding.
Covers existing eLearning course library.
Includes training on compliance and application security.

Mainframe Applications

Secure Development Guidelines
COBOL

Mobile Applications

Android Framework (Java and Kotlin)
iOS framework (Objective-C and Swift)
Flutter / Dart

OWASP Mobile ASVS
OWASP Mobile Top 10

Operational & Deployment Security

Process-level Cloud Security Guidelines
Provider-agnostic Story-driven Cloud Content
Amazon Web Services (AWS) Foundations and 3-Tier CIS Benchmarks

AMI
API Gateway
Aurora
Auto Scaling
CloudFront
CloudWatch
Cognito
Config
DynamoDB
EBS
EC2
ECS
EKS
ELB
IAM
Kinesis Data Firehose
Kinesis Data Streams
KMS
Lambda

RDS
Route53
S3
SageMaker
SNS
SQS
VPC
WAF
Certificate Manager
CloudFormation
Elastic Container Registry
Elastic File System
ElastiCache
Managed Streaming for
Apache Kafka
MQ
OpenSearch Service
RedShift
Secrets Manager

Simple Email Service
Step Functions
Systems Manager
Transfer Family
AWS CodePipeline
CodeArtifact
Elasticache
X-Ray
Athena
Backup
DataSync
Direct Connect
EventBridge
Fargate
AWS FSx
GuardDuty
Inspector
Neptune
Rekognition

Google Cloud Platform

BigQuery
Cloud Audit Logs
Cloud DNS
Cloud IAM

Cloud Key Management Service
Cloud SQL
Cloud Storage
Compute Engine

Kubernetes Engine
Stackdriver
Virtual Private Cloud (VPC)
Vertex AI

Apache HTTP Server
Apache Tomcat Server
Containerization Tools

Docker
OpenShift
Kubernetes
PodMan

CI/CD Tools
- CircleCI
IaC Tools
- Terraform
- Azure Resource Manager (ARM)
- Ansible
Microservices Infrastructure
Microsoft IIS Server
Microsoft SQL Server
MySQL
Network

WiFi
Bluetooth
FTP
Directory Server
DNS Server
Firewall
FTP Server
IDS/IPS

Load Balancer
Message Broker
File Transfer Protocol (FTP)
Virtual Private Network (VPN)
Proxy Server
Router
Service Bus
Virtual Private Network (VPN) Server

3G
4G/LTE
5G
LoRa
Modbus
Advanced Message Queuing Protocol (AMQP)
Content Delivery Network (CDN)

Databases

Generic Database
Oracle
PostgreSQL
InfluxDB

Neo4j
MariaDB
CockroachDB
Apache Cassandra

MarkLogic
SQLite

GitHub
Microsoft Azure (Microsoft Cloud Security & Azure Security Benchmarks)

Active Directory
AKS
Azure Functions
Key Vault
Monitor
Multi-Factor Authentication
Network Watcher
Security Center
SQL Database
Storage
Virtual Machines
Virtual Network
Azure AI Bot Service
Azure Databricks
Azure Machine Learning
Azure OpenAI Service
Azure Analysis Services
Azure Data Explorer
Azure Data Lake Analytics
Azure Event Hubs
Azure Stream Analytics
Azure Synapse Analytics
Azure App Service
Azure Batch
Azure Linux Virtual Machines
Azure Spring Apps
Azure Virtual Desktop
Azure Virtual Machine Scale Sets
Azure VMware Solution
Azure Windows Virtual Machines
Azure Container Apps
Azure Container Instances
Azure Container Registry
Azure Red Hat OpenShift
Azure Cache for Redis
Azure Cosmos DB

Azure Data Factory
Azure Database for MariaDB
Azure Database for MySQL
Azure Managed Instance for Apache Cassandra
Azure SQL
Azure App Configuration
Azure DevTest Labs
Azure Arc, Azure Stack Edge
Azure Active Directory External Identities
Azure API Management
Azure Event Grid
Azure Logic Apps
Azure Service Bus
Azure Web PubSub
Azure IoT Central
Azure IoT Hub
Azure Notification Hubs
Azure Automation
Azure Cloud Shell
Azure Cost Management
Azure Lighthouse
Azure Managed Applications
Azure Policy
Azure Purview
Azure Resource Manager (ARM)
Azure Resource Manager Templates
Azure Resource Mover
Azure Media Services
Azure Database Migration Service
Azure Migrate
Azure Site Recovery
Azure Digital Twins
Azure Remote Rendering
Azure Spatial Anchors

Azure Application Gateway
Azure Bastion
Azure Communications Gateway
Azure Content Delivery Network
Azure DDoS Protection
Azure DNS
Azure Firewall
Azure Firewall Manager
Azure Front Door
Azure Load Balancer
Azure NAT Gateway
Azure Network Watcher
Azure Private Link
Azure Traffic Manager
Azure Virtual WAN
Azure VPN Gateway
Azure Web Application Firewall
Azure PostgreSQL Database
Azure Attestation
Azure Dedicated HSM
Azure Defender for Cloud
Azure Information Protection
Azure Key Vault Managed HSM
Azure Sentinel
Azure Backup
Azure Data Box
Azure Data Share
Azure HPC Cache
Azure Managed Lustre
Azure NetApp Files
Azure Communication Services
Azure SignalR Service
Azure Blob Storage
Azure Data Lake Storage
SQL Managed Instance
Azure Static Web Apps

Regulatory and Compliance

ANSI/ISA/IEC 62443-3-3
ANSI/ISA/IEC 62443-4-1
ANSI/ISA/IEC 62443-4-2
ANSSI/France Digital Signature and Encryption Requirements
Chinese Cybersecurity Law
CNSSI 1253
CSA Cloud Controls Matrix (CCM) v3 & v4
Cybersecurity Maturity Model
Certification (CMMC) [v1 and v2]
DIACAP
European Banking Authority (EBA) Security of Internet Payments

PRIVACY RELATED

FedRAMP
GLBA
HIPAA
ISASecure CSA 311
ISASecure SSA 311
ISO 27001:2013 (SOX)
ISO 27001:2022 (SOX)
MAS-TRMG
NIST Cybersecurity Framework
NYDFS10

Anti-Spam Guidelines/CASL
Brazilian LGPD
California Consumer Privacy Act (CCPA)
California Online Privacy Protection Act (CalOPPA)
California Privacy Right Act (CPRA) (California Civil Code)
CNIL Cookie Guidelines
COPPA
EU Privacy and Cookie Laws

GAPP
GDPR (EU & UK)
New York Shield Act (S5575B)
NIST 800-53 Privacy Controls
PA-DSS 3.2
PCI-DSS 4, PCI-DSS 3.2
PIPEDA/ECPA/CAN-SPAM
SOC2 (Based on AICPA TrustServices Criteria)

SaaS Applications

Salesforce

Web Applications and Services

Angular
Apex for Force.com
C#/ASP.net (.NET 8, WCF, and Core 3)
Django (Python)
GoLang
HTML5 and CSP
Java Libraries and Frameworks
- ESAPI
- Struts
- Spring
- Apache Wicket
- Hibernate
Java SE / EE
JavaScript
TypeScript

JSP, Servlets
NGINX
Node.js
NoSQL / SQL
OAuth and OIDC
PHP
Python
Ruby on Rails
Rust
SOAP / REST
GraphQL
Web servers
- Apache
- IIS
XML and YAML Security

Testimonials

Discover what our clients have to say about their experiences
with our products, highlighted on Gartner Peer Insights

“SD Elements is quite unique. It is exactly what we needed to expedite and enable our teams’ efforts in releasing secure products.”

“Interactive learning offers effective vulnerability mitigation techniques”

Director of Operations,
Software Development

Read Full Kontra Hands-On Labs Review

“SD Elements enables FINRA to quickly and accurately identify threats and countermeasures in the applications that power our business – at the speed of DevOps.”