Security Training Courses

Cyber Security

Let’s raise your team’s security maturity. Whether you're scaling, fortifying your operational processes, or preparing for acquisition, these two hands-on training courses - Application Security Fundamentals and Application Security Deep Dive - will elevate your security posture and your strategic position.

Training for software teams who build with purpose

Open any newspaper or news app, and you face ominous news headlines that expose the many software risks. Organizations face digital threats like data breaches, phishing, and ransomware attacks. These threats generally arise from insufficient knowledge to minimize software risks. As a developer and software development team, you must know the latest developments and techniques to prevent your organization from becoming the next victim.

We have developed two hands-on training courses to make developers and other stakeholders more aware of, and armed against, these risks.

Two Tracks. One Mission: Security first

Too many security courses treat developers like compliance checklists. Ours doesn’t. Taught by our senior security consultants who assess software for our clients daily. These courses are designed to shift mindsets and habits so security becomes second nature.

Application Security Fundamentals

This training covers the fundamentals of secure application development and the most common security risks identified by the Open Web Application Security Project in the OWASP Top 10 and API Security Top 10. You will learn to understand and recognize the most common security risks.

Understand the “why” behind secure coding principles.
Dive into the OWASP Top 10 vulnerabilities with real-world examples.
Spot common pitfalls in code reviews, CI/CD, and cloud configs.
Build a shared language across dev and security teams.

Ideal for: Developers, DevOps, QA, Product Owners. Take note that it should not be seen as basic training.

Application Security Deep Dive

This training is aimed at developers and development teams who are aware of the various security risks and who want to act accordingly. You are familiar with the most common threats and possible solutions. Now, you want to dive deeper into the code to embed a security-first mindset into all software development processes.

Analyze sophisticated exploit scenarios and attack vectors.
Explore secure design patterns for microservices, APIs, and cloud-native architectures.
Master secure deployment in Azure, containerized environments, and CI/CD pipelines.
Walk through code from real-world assessments (anonymized).

Ideal for: Senior Developers, Architects, Tech Leads who understand C# and/or Javascript/Typescript.

What we teach and how we train

Our training is interactive, hands-on, and grounded in practical, proven methods and real-world scenarios. Every session is led by senior security consultants who bring frontline experience from security assessments and due diligence engagements.

Fundamentals

We combine topics from the OWASP Top 10 and API Security Top 10 to give you the most relevant, up-to-date training. Supplemented with background info and experience on the hacker mindset. We cover:

OWASP
Hacker mindset
Hacker kill chain
Broken Object Level Authorization
Broken User Authentication
Excessive Data Exposure
Lack of Resources & Rate Limiting
Broken Function Level Authorization
Mass Assignment
Cross-site scripting
Broken Access Control
Cross-site & Server-side Request Forgery
Security Misconfiguration
Injection
Improper Assets Management
Security Logging and Monitoring
Post exploitation
Reverse shells
Hacker tools

Deep Dive

The core of this training is finding and analyzing vulnerabilities in two applications:

one with a C# backend with Vue.js frontend;
and a Javascript Express.js application.

In addition to codebases, we also cover the Secure Development Life Cycle, threat modeling, and the STRIDE model, among other topics:

Security code analysis - Analyzing multiple code bases (C#, Typescript, Infrastructure as Code) with dozens of security issues and errors. What is wrong? How do you prevent it? And how can you defend yourself against this?
Secure Software Development Life Cycle - Which additional steps or features can you add to incorporate security into the daily software cycle?
Security Testing - What types of security tests are there? When and how do you deploy them? We cover SAST, IAST, and DAST.
Security & AI - What are the risks of using AI tools like ChatGPT or GitHub Copilot?

These courses are the most effective first step to improving your organization's software development processes and culture and minimizing software risks.