Security awareness for developers

This intensive two-day training is designed for developers who want to take a proactive role in securing the software they build. Instead of treating security as an afterthought, you’ll learn how to integrate it into every stage of the development lifecycle; from design and coding to testing and deployment. Through a mix of theory, demos, and hands-on exercises, you’ll explore real-world attack techniques, understand how vulnerabilities are discovered and exploited, and practice building defenses directly into your code. You’ll also learn how to work effectively with security teams, interpret pentest results, and translate them into concrete, prioritized improvements. By the end of the course, you’ll have a clear roadmap for embedding security into your daily development work and delivering resilient, production-ready applications.

Quick info

• Duration: 2 days

• Audience: Software developers, backend/frontend engineers, DevOps teams

• Format: Hands-on training with demos, exercises, and real-world examples

• Prerequisites: Basic programming knowledge and experience with web or API development

• Focus: Secure Development Lifecycle (SSDLC), DevSecOps practices, secure coding, vulnerability management

Key takeaways

• Understand the Secure Software Development Lifecycle (SSDLC) and how to integrate DevSecOps into your workflow.

• Master vulnerability discovery and remediation using SAST, DAST, IAST, SCA, and SBOM.

• Perform threat modeling with STRIDE and prioritize vulnerabilities using CVE and CVSS.

• Gain insight into attacker techniques: OSINT, reconnaissance, pentest workflows, and tooling (Burp Suite, ZAP, Nessus).

• Apply secure design principles: defense in depth, secure by default, least privilege, and fail-safe design.

• Recognize and prevent common web and API vulnerabilities (OWASP Top 10 and beyond).

• Understand WAF capabilities and bypass techniques — and why secure coding is still critical.

• Implement secure authentication, authorization, and session handling (MFA, JWT, RBAC, ABAC).

• Identify and mitigate business logic flaws like price manipulation, coupon abuse, and race conditions.

• Harden frameworks and servers and apply sandboxing and isolation.

• Get the fundamentals of cryptography, secure key management, and common pitfalls to avoid.

• Secure non-HTTP protocols and services (SSL/TLS, DNS, SSH, email).

• Implement effective logging, monitoring, and alerting integrated into CI/CD pipelines.

• Build and automate security testing workflows and translate pentest findings into actionable backlog items.

• Walk away with practical quick wins, cheat sheets, templates, and configuration guides.