Unmatched Security Content and Training Library 

SD Elements provides an expansive content library of threats, compliance requirements, countermeasures, and just-in-time training modules.

By Category

Artificial Intelligence + Machine Learning

- AI/Data Engineering Cloud Services
  - AWS Bedrock
  - AWS Lake Formation
  - AWS Sagemaker
  - Azure Data Lake Storage
  - Azure OpenAI
  - GCP Vertex AI
- AI Use Cases
  - Fine-tuning
  - RAG (Retrieval-Augmented Generation)
  - Use of vector databases

EU AI Act
Implementation guidelines for AI Tools (TensorFlow, PyTorch, etc.)
LLM-based Code Generation Security
MITRE ATLAS
ML Security
- ENISA Security ML Algorithms
- OWASP ML Security Top Ten
NIST AI Risk Management Framework (RMF)
OWASP Top 10 for Large Language Model Applications

Automotive Security

Connected cars’ communication protocols, secure updates, privacy, access
control, and encryption requirements.

ISO/SAE 21434:2021 Road vehicles — Cybersecurity engineering
UNECE WP29/R155

Blockchain and Cryptocurrency

Blockchain and Smart Contracts

Client and Desktop Applications

.NET 8
Bash/Shell (Linux)
C/C++ (POSIX and Microsoft)

Hardware Security

Bluetooth Security
Hardware, firmware, and embedded device controls
Hardware Weaknesses based on CWE 4.15 weaknesses

Industry Standards

ASD-STIG r6
ASVS 4.0
BIOS/FW
Consumer IoT
- ETSI EN 303 645
CWE 4.16
CWE Top 25, 2024
CVSS 3
DISA Control Correlation Identifier (CCI) Framework
EO14028
- NIST Critical Software Req.
MDS2-2013
NIST 800-147/800-155
NIST 800-171 Non-Federal Systems
NIST 800-190 Containers

NIST 800-218 SSDF
NIST 800-53r4
NIST 800-53r5
NIST 800-82 Industrial Control Systems
NIST 800-95 Web Services
NISTIR 8397 (Verification Req.)
OWASP API Top 10, 2023
OWASP Low-Code/No-Code Top 10
OWASP Top 10 2017
OWASP Top 10 2021
OWASP Top 10 Privacy Risks v2.0
PCI SSF: SSLC (1.1) & SSS (1.2.1)
Secure Controls Framework (SCF)
Web Content Accessibility Guidelines (WCAG)

ASD-STIG 5
ASVS 4.0
CWE Top 25, 2023
CWE 4.13
CVSS 3
MDS2-2013
OWASP Top 10 2017
OWASP Top 10 2021
OWASP API Top 10, 2023
OWASP Top 10 Privacy Risks v2.0
Secure Controls Framework (SCF)
PCI SSF: SSLC (1.1) & S3 (1.0)
DISA Control Correlation Identifier (CCI) Framework

NIST 800-147/800-155
BIOS/FW
NIST 800-171 Non-Federal Systems
NIST 800-53r4
NIST 800-53r5
NIST 800-82 Industrial Control Systems
NIST 800-95 Web Services
NIST 800-190 Containers
NIST 800-218 SSDF
NISTIR 8397 (Verification Req.)
EO14028
- NIST Critical Software Req.
Consumer IoT
- ETSI EN 303 645

Internet of Things (IoT)

Authentication and Access Control
Availability and Systems DoS Protection
Communication Protocols
- AMQP
- Bluetooth
- HyperCat
- MQTT
- Pub/Sub
- Thread
- WiFi
- XMPP
- Zigbee
Consumer IoT: ETSI EN 303 645
RFID Solutions

Just-in-Time Developer Training

Covers existing eLearning course library.
Includes training on compliance and application security.
Over 750 bite-sized training modules associated directly with specific Countermeasures, to teach developers about secure coding.

Mainframe Applications

COBOL
Secure Development Guidelines

Mobile Applications

Android Framework (Java and Kotlin)
Flutter / Dart
iOS framework (Objective-C and Swift)

OWASP Mobile ASVS
OWASP Mobile Top 10

Operational & Deployment Security

Amazon Web Services (AWS) Foundations and 3-Tier CIS Benchmarks

AMI
API Gateway
Aurora
Auto Scaling
CloudFront
CloudWatch
Cognito
Config
DynamoDB
EBS
EC2
ECS
EKS
ELB
IAM
Kinesis Data Firehose
Kinesis Data Streams
KMS
Lambda

RDS
Route53
S3
SageMaker
SNS
SQS
VPC
WAF
Certificate Manager
CloudFormation
Elastic Container Registry
Elastic File System
ElastiCache
Managed Streaming for
Apache Kafka
MQ
OpenSearch Service
RedShift
Secrets Manager

Simple Email Service
Step Functions
Systems Manager
Transfer Family
AWS CodePipeline
CodeArtifact
Elasticache
X-Ray
Athena
Backup
DataSync
Direct Connect
EventBridge
Fargate
AWS FSx
GuardDuty
Inspector
Neptune
Rekognition

AMI
API Gateway
Athena Backup
Aurora
Auto Scaling
AWS CodePipeline
AWS FSx
Certificate Manager
CloudFormation
CloudFront
CloudWatch
CodeArtifact
Cognito
Config
DataSync
Direct Connect
DynamoDB
EBS

EC2
ECS
EKS
Elastic Container Registry
Elastic File System
ElastiCache
ELB
EventBridge
Fargate
GuardDuty
IAM
Inspector
Kinesis Data Firehose
Kinesis Data Streams
KMS
Lambda
Managed Streaming for Apache Kafka
MQ

Neptune
OpenSearch Service
RDS
RedShift
Rekognition
Route53
S3
SageMaker
Secrets Manager
Simple Email Service
SNS
SQS
Step Functions
Systems Manager
Transfer Family
VPC
WAF
X-Ray

Apache HTTP Server
Apache Tomcat Server
CI/CD Tools
- CircleCI
Containerization Tools

ContainerD
Docker
Generic Containers
Kubernetes

OpenShift
PodMan
Singularity

Data Platforms

Snowflake

Databases

Apache Cassandra
CockroachDB
Generic Database
InfluxDB

Neo4j
MariaDB
MarkLogic

Oracle
PostgreSQL
SQLite

GitHub
Google Cloud Platform

BigQuery
Cloud Audit Logs
Cloud DNS
Cloud IAM

Cloud Key Management Service
Cloud Storage
Cloud SQL
Compute Engine

Kubernetes Engine
Stackdriver
Vertex AI
Virtual Private Cloud (VPC)

- IaC Tools
  - Ansible
  - Azure Resource Manager (ARM)
  - Terraform

Microsoft Azure (Microsoft Cloud Security & Azure Security Benchmarks)

Active Directory
AKS
Azure Active Directory External Identities
Azure AI Bot Service
Azure Analysis Services
Azure API Management
Azure App Configuration
Azure App Service
Azure Application Gateway
Azure Arc, Azure Stack Edge
Azure Attestation
Azure Automation
Azure Backup
Azure Bastion
Azure Batch
Azure Blob Storage
Azure Cache for Redis
Azure Cloud Shell
Azure Communication Services
Azure Communications Gateway
Azure Container Apps
Azure Container Instances
Azure Container Registry
Azure Content Delivery Network
Azure Cosmos DB
Azure Cost Management
Azure CycleCloud
Azure Data Box
Azure Data Explorer
Azure Data Factory
Azure Data Lake Analytics
Azure Data Lake Storage
Azure Data Share
Azure Database for MariaDB
Azure Database for MySQL
Azure Database Migration Service

Azure Databricks
Azure DDoS Protection
Azure Dedicated HSM
Azure Defender for Cloud
Azure DevTest Labs
Azure Digital Twins
Azure DNS
Azure Event Grid
Azure Event Hubs
Azure Firewall
Azure Firewall Manager
Azure Front Door
Azure Functions
Azure HPC Cache
Azure Information Protection
Azure IoT Central
Azure IoT Hub
Azure Key Vault Managed HSM
Azure Lighthouse
Azure Linux Virtual Machines
Azure Load Balancer
Azure Logic Apps
Azure Machine Learning
Azure Managed Applications
Azure Managed Instance for Apache Cassandra
Azure Managed Lustre
Azure Media Services
Azure Migrate
Azure NAT Gateway
Azure NetApp Files
Azure Network Watcher
Azure Notification Hubs
Azure OpenAI Service
Azure Policy
Azure PostgreSQL Database
Azure Private Link

Azure Purview
Azure Red Hat OpenShift
Azure Remote Rendering
Azure Resource Manager (ARM)
Azure Resource Manager Templates
Azure Resource Mover
Azure Sentinel
Azure Service Bus
Azure SignalR Service
Azure Site Recovery
Azure Spatial Anchors
Azure Spring Apps
Azure SQL
Azure Static Web Apps
Azure Stream Analytics
Azure Synapse Analytics
Azure Traffic Manager
Azure Virtual Desktop
Azure Virtual Machine Scale Sets
Azure Virtual WAN
Azure VMware Solution
Azure VPN Gateway
Azure Web Application Firewall
Azure Web PubSub
Azure Windows Virtual Machines
Key Vault
Monitor
Multi-Factor Authentication
Network Watcher
Security Center
SQL Database
SQL Managed Instance
Storage
Virtual Machines
Virtual Network

Microsoft IIS Server
Microsoft SQL Server
Microservices Infrastructure
Micronaut (Microservices)
MySQL
Network

3G
4G/LTE
5G
Advanced Message Queuing Protocol (AMQP)
Bluetooth
Content Delivery Network (CDN)
Directory Server
DNS Server

File Transfer Protocol (FTP)
Firewall
FTP
FTP Server
IDS/IPS
Load Balancer
LoRa
Message Broker

Modbus
Proxy Server
Router
Service Bus
Virtual Private Network (VPN)
Virtual Private Network (VPN) Server
WiFi

Oracle Cloud Infrastructure CIS Benchmark [Computation instance, Object Storage, Block Volume, File Storage]
Process-level Cloud Security Guidelines
Provider-agnostic Story-driven Cloud Content

Regulatory and Compliance

ANSSI/France Digital Signature and Encryption Requirements
ANSI/ISA/IEC 62443-3-3
ANSI/ISA/IEC 62443-4-1
ANSI/ISA/IEC 62443-4-2
Certification (CMMC) [v1 and v2]
Chinese Cybersecurity Law
CNSSI 1253
CSA Cloud Controls Matrix (CCM) v3 & v4
Cybersecurity Maturity Model
DIACAP
EU Data Act
EU Digital Operational Resilience Act (DORA)
EU Network and Information Security 2 (NIS2) Directive

PRIVACY RELATED

European Banking Authority (EBA) Security of Internet Payments
EU Radio Equipment Directive (RED)
FedRAMP
GLBA
HIPAA
ISASecure CSA 311
ISASecure SSA 311
ISO 27001:2013 (SOX)
ISO 27001:2022 (SOX)
MAS-TRMG
NIST Cybersecurity Framework
NYDFS10

Anti-Spam Guidelines/CASL
Brazilian LGPD
California Consumer Privacy Act (CCPA)
California Online Privacy Protection Act (CalOPPA)
California Privacy Right Act (CPRA) (California Civil Code)
CNIL Cookie Guidelines
COPPA
EU Privacy and Cookie Laws
GAPP
GDPR (EU & UK)

India Digital Personal Data Protection Act (DPDPA)
New York Shield Act (S5575B)
NIST 800-53 Privacy Controls
PA-DSS 3.2
PCI-DSS 4, PCI-DSS 3.2
Personal Information Protection Law (PIPL) – China’s Privacy Law
PIPEDA/ECPA/CAN-SPAM
SOC2 (Based on AICPA TrustServices Criteria)
U.S. states’ privacy law tracker

SaaS Applications

Salesforce

Web Applications and Services

Angular
Apex for Force.com
C#/ASP.net (.NET 8, WCF, and Core 3)
Django (Python)
GoLang
GraphQL
HTML5 and CSP
Java Libraries and Frameworks
- Apache Wicket
- ESAPI
- Hibernate
- Spring
- Struts
Java SE / EE
JavaScript
JSP, Servlets

Low-Code/No-Code
NGINX
Node.js
NoSQL / SQL
OAuth and OIDC
PHP
Python
Ruby on Rails
Rust
SOAP / REST
TypeScript
Web servers
- Apache
- IIS
XML and YAML Security

Testimonials

Discover what our clients have to say about their experiences
with our products, highlighted on Gartner Peer Insights

“SD Elements is quite unique. It is exactly what we needed to expedite and enable our teams’ efforts in releasing secure products.”

“Interactive learning offers effective vulnerability mitigation techniques”

Director of Operations,
Software Development

Read Full Kontra Hands-On Labs Review

“SD Elements enables FINRA to quickly and accurately identify threats and countermeasures in the applications that power our business – at the speed of DevOps.”