# Learning Paths and Labs ![Learning Paths and Labs](/files/ZB6Sk4boHOlyliiOvfft) ## Learning Paths and Labs > **Section focus:** Learning Paths and Labs.\ > **Best use:** start with the section map below, then move into the deeper pages that match your role or stack.\ > **Design note:** this index was refreshed to act as a cleaner GitBook landing page instead of a plain directory listing. ### Start with these pages | Page | Why open it first | | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | | [πŸ—ΊοΈ Product Security Ramp-Up Tracks](/learning-labs-interview-and-templates/index-2/product-security-ramp-up-tracks.md) | High-value page inside **Learning Paths and Labs**. | | [πŸ§ͺ Break-Fix Labs and Tabletop Scenarios](/learning-labs-interview-and-templates/index-2/break-fix-labs-and-tabletop-scenarios.md) | High-value page inside **Learning Paths and Labs**. | | [βš”οΈ Hands-On Attack-to-Defense Playbooks](/learning-labs-interview-and-templates/index-2/hands-on-attack-to-defense-playbooks-for-product-security.md) | Bridges attack understanding, detection, containment, and hardening in one practice loop. | | [πŸ“‹ Security Review Checklists and Cheat Sheets](/learning-labs-interview-and-templates/index-2/security-review-checklists-and-cheat-sheets.md) | High-value page inside **Learning Paths and Labs**. | | [🐐 Vulnerable Learning Labs and Goat Environments](/learning-labs-interview-and-templates/index-2/vulnerable-learning-labs-and-goat-environments.md) | High-value page inside **Learning Paths and Labs**. | | [☁️ AWSGoat β€” AWS Cloud Lab](/learning-labs-interview-and-templates/index-2/awsgoat-aws-cloud-lab.md) | High-value page inside **Learning Paths and Labs**. | | [🧭 CloudGoat β€” Scenario-Based Cloud Lab](/learning-labs-interview-and-templates/index-2/cloudgoat-cloud-scenarios-lab.md) | High-value page inside **Learning Paths and Labs**. | | [πŸ—οΈ CI/CD Goat β€” Pipeline Security Lab](/learning-labs-interview-and-templates/index-2/cicd-goat-pipeline-security-lab.md) | High-value page inside **Learning Paths and Labs**. | | [πŸ§ƒ OWASP Juice Shop β€” Web and API Lab](/learning-labs-interview-and-templates/index-2/owasp-juice-shop-web-and-api-lab.md) | High-value page inside **Learning Paths and Labs**. | | [🧰 Product Security Tooling Landscape and Inventory](/learning-labs-interview-and-templates/index-2/product-security-tooling-landscape-and-inventory.md) | Broad map of the tooling universe plus a companion workbook with 100 tools. | | [πŸ›£οΈ DevSecOps Engineer Learning Roadmap (2026)](/learning-labs-interview-and-templates/index-2/devsecops-engineer-learning-roadmap-2026.md) | Gives a clearer newcomer-to-junior DevSecOps learning order beyond raw tool lists. | | [πŸ›£οΈ Application Security Engineer Learning Roadmap (2026)](/learning-labs-interview-and-templates/index-2/application-security-engineer-learning-roadmap-2026.md) | Gives a realistic AppSec development path from fundamentals to design and review work. | | [🧰 Online Validators, Linters, Generators, and Visual Tools](/learning-labs-interview-and-templates/index-2/online-validators-linters-generators-and-visual-tools-for-appsec-and-devsecops.md) | Collects fast browser-based and CI-friendly tools for YAML, OpenAPI, Docker, Kubernetes, IaC, CSP, tokens, and policy authoring. | ### Related sections * [Third-Party and Integration Security](/devsecops-cicd-and-supply-chain/index-2.md) * [Senior Engineer Perspectives](/strategy-governance-and-leadership/index-1.md) *** > **Intro:** A knowledge base becomes far more valuable when it teaches not only what to read, but what to practice. This section turns the archive into a workbook with role-based tracks, scored exercises, and incident tabletops. > > **What this page includes** > > * role-based learning tracks > * break-fix and tabletop scenarios > * review checklists and cheat sheets > * worked examples for common Product Security judgment calls > * secure coding training platforms for developer upskilling and onboarding ![Learning and Labs Feedback Loop](/files/Zwz6upzHgeoXt8dQ3KFn) ![Learning Labs Expansion Map](/files/Ty0rr2lJUxucXy6hDNaM) ### Section map | Page | Why it belongs here | | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------- | | [Product Security Ramp-Up Tracks](/learning-labs-interview-and-templates/index-2/product-security-ramp-up-tracks.md) | Gives structured learning paths for different roles. | | [DevSecOps Engineer Learning Roadmap (2026)](/learning-labs-interview-and-templates/index-2/devsecops-engineer-learning-roadmap-2026.md) | Adds a more explicit beginner-to-junior DevSecOps progression with a visual roadmap and 12-week plan. | | [Application Security Engineer Learning Roadmap (2026)](/learning-labs-interview-and-templates/index-2/application-security-engineer-learning-roadmap-2026.md) | Adds a more explicit beginner-to-junior AppSec progression with a visual roadmap and 12-week plan. | | [Break-Fix Labs and Tabletop Scenarios](/learning-labs-interview-and-templates/index-2/break-fix-labs-and-tabletop-scenarios.md) | Turns the archive into a workbook, not only a reference. | | [Security Review Checklists and Cheat Sheets](/learning-labs-interview-and-templates/index-2/security-review-checklists-and-cheat-sheets.md) | Creates practical one-page review aids. | | [Newcomer Ramp-Up and Review Checklists](/learning-labs-interview-and-templates/index-3.md) | Adds role-based newcomer tracks, from-zero pages, and reusable review checklists. | | [Worked Example Lab: API Review and Tenant Boundary Failure](https://github.com/D3One/Product-Security-Gitbook/blob/main/22-learning-paths-and-labs/worked-example-api-review-lab.md) | Trains reviewers to distinguish route auth from object-level authorization. | | [Worked Example Lab: Frontend Session Review](https://github.com/D3One/Product-Security-Gitbook/blob/main/22-learning-paths-and-labs/worked-example-frontend-session-review-lab.md) | Builds intuition about browser-held authority and token risk. | | [Worked Example Lab: Business Logic Abuse in Trial and Promo Flows](https://github.com/D3One/Product-Security-Gitbook/blob/main/22-learning-paths-and-labs/worked-example-business-logic-abuse-lab.md) | Trains economic and workflow-focused abuse reasoning. | | [Worked Example Tabletop: CI Runner Compromise Before Release](https://github.com/D3One/Product-Security-Gitbook/blob/main/22-learning-paths-and-labs/worked-example-ci-runner-compromise-tabletop.md) | Adds a realistic tabletop around build trust and release pressure. | | [Mobile Security Lab Track β€” NowSecure, iOS, and Android Learning Flow](/learning-labs-interview-and-templates/index-2/mobile-security-lab-track-nowsecure-ios-and-android.md) | Adds a practical mobile learning path with training workflow plus Android and iOS targets. | | [API Definition Conformance Lab β€” OpenAPI, Contract Linting, AuthZ Checks, and CI Validation](/learning-labs-interview-and-templates/index-2/api-definition-conformance-lab-openapi.md) | Teaches how to treat the API contract itself as a security control. | | [Cloud Compliance Scan Lab β€” Scan β†’ Triage β†’ Fix β†’ Codify](/learning-labs-interview-and-templates/index-2/cloud-compliance-scan-lab-scan-triage-fix-codify.md) | Turns posture findings into engineering feedback and policy codification. | | [Containment and Eradication Automation Lab](/learning-labs-interview-and-templates/index-2/containment-and-eradication-automation-lab.md) | Builds safe response automation and postmortem-to-IaC discipline. | | [Secure Coding Training Platforms for Developers](/learning-labs-interview-and-templates/index-2/secure-coding-training-platforms-for-developers.md) | Adds a practical short-list of enterprise and self-serve platforms for secure coding enablement. | | [Awesome GitHub Repositories for DevSecOps, AppSec, and Cloud Security](/learning-labs-interview-and-templates/index-2/awesome-github-repositories-for-devsecops-appsec-and-cloud-security.md) | Adds a curated discovery layer for engineers who want to keep learning beyond the portal. | | [DevSecOps-Studio β€” Virtual Lab Environment for Learning DevSecOps](/learning-labs-interview-and-templates/index-2/devsecops-studio-virtual-lab-environment.md) | Adds a broad local training distribution and explains how to use it safely as a legacy-to-modern bridge. | | [Developer Workstation Hardening for AppSec and DevSecOps](/learning-labs-interview-and-templates/index-2/developer-workstation-hardening-for-appsec-and-devsecops.md) | Gives a practical workstation baseline for local tooling, signing, Docker safety, and sandboxing. | | [Essential AWS DevSecOps Self-Study Path](/learning-labs-interview-and-templates/index-2/essential-aws-devsecops-self-study-path.md) | Converts a compact AWS DevSecOps course outline into a practical self-study route with KB cross-links and labs. | | [Curated Conference Talks 2021–2025](/learning-labs-interview-and-templates/index-2/curated-conference-talks-2021-2025-appsec-devsecops-cloud-product-security.md) | Turns high-signal conference content into a reusable learning track instead of a random watchlist. | | [🌐 Product Security Ecosystem Projects, Communities, and Learning Hubs](/learning-labs-interview-and-templates/index-2/product-security-ecosystem-projects-communities-and-learning-hubs.md) | Curates the major open communities, projects, and official hubs worth following across Product Security. | | [πŸ“š Top Books for Product Security by Domain and Role](/learning-labs-interview-and-templates/index-2/top-books-for-product-security-by-domain-and-role.md) | Gives a curated 2026 reading shelf with Amazon links and why each book matters. | | [πŸ—“οΈ Three-Month Product Security Self-Study Plan](/learning-labs-interview-and-templates/index-2/three-month-product-security-self-study-plan.md) | Turns the KB into a sequenced reading-plus-lab path instead of only a reference portal. | | [🧰 Product Security Tooling Landscape and Inventory](/learning-labs-interview-and-templates/index-2/product-security-tooling-landscape-and-inventory.md) | Gives a reference map of 100 tools across AppSec, DevSecOps, cloud, Kubernetes, and evidence workflows. | | [🧰 Online Validators, Linters, Generators, and Visual Tools](/learning-labs-interview-and-templates/index-2/online-validators-linters-generators-and-visual-tools-for-appsec-and-devsecops.md) | Adds a fast practical catalog of browser-based validators, policy playgrounds, cloud GUI builders, and CI-friendly linters. | ### Learning bias People retain more when they review, explain, and debug a scenario than when they only read a page once. These environments complement the lighter break-fix labs already in this section. Use the worked-example labs for **judgment practice**, and use the goat environments for **environment practice**. *** *Author attribution: Ivan Piskunov, 2026 - Educational and defensive-engineering use.* --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.product-security.expert/learning-labs-interview-and-templates/index-2.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.