Security Training Courses

Move away from after-thought security patch and learn how to build a secure program from scratch

Features

Qualified instructors

Security is complex but it is easy when you learn from seasoned security professionals with years of industry experience and academic lecturing qualification. They tailor the course to your knowledge level.

Practical labs

Step-by-step practical exercises to let you master every topic. You never stuck because your instructor will guide you through each step.

Real world stories

Course examples and labs are based on real-world security issues. Topics that matter today and you should know about them.

Defensive Programming principles

Learn and apply SecDim's Defensive Programming principles to design and implement a secure program from ground-up.

The course content has been through numerous feedback cycle and is aligned with industry standards: OWASP ASVS, NIST, PCI DSS and more.

Extra support and Q&A

At the end of the course you get access to extra resources to practice more.
You will be invited to our private Slack channel to keep in touch with your instructor

Get certified!

Your performance will be assessed and you can receive one of the three Defensive Programming electronic certificates.
Each certificate is signed by your instructor and secured by Blockchain.

Courses & Workshops

  • tl;dr

    Learn defensive design patterns and best-practices to write a secure program that can withstand security attacks. Practice implementing defensive principles against modern security bugs. Master how to patch each security bug and write security tests so the bug never happen again.

    The course will follow a non-traditional approach to security by exploring modern secure design patterns that if they are implemented correctly, they make the program resilient against today's advanced attacks.

    For who

    Java developers, software testers, and other software engineers

    Duration: 1-2 days

    Register

    Syllabus
    1. Hello, World!: security assessment fundamentals
    2. The Art of War: four facts
    3. Know your enemy: a hacker mindset
      1. Challenge assumptions
      2. Five threat actors
      3. Explore the program context
      4. Stress test the generic primitives
      5. and more
    4. Know yourself: seven defensive principles
      1. Domain primitives
      2. Immutable
      3. Context-aware validation
      4. and more
    5. Defensive programming against modern vulnerabilities:
      1. Second-order bugs
      2. Mass assignments
      3. HTTP Parameters Pollution
      4. Unicode vulnerabilities
      5. and more
    6. Write secure components:
      1. Secure login and logout
      2. Secure HTTP headers
      3. and more
    7. Wrap-up: hacking game
  • tl;dr

    Learn a new approach to secure programming by focusing on defensive design patterns. Put defense-in-depth, least privilege, traceability and many other security principles in action. Learn security controls required to build robust and hardened C# programs.

    The course will cover trending security bugs as well as C# language specific security issues. Every topic comes with a hands-on lab and instructor-led step by step walk-through.

    For who

    .NET developers, software testers, and penetration testers

    Duration: 1-2 days

    Register
    Syllabus
    1. Hello, World!: security assessment fundamentals
    2. The Art of War: four facts
    3. Know your enemy: a hacker mindset
      1. Challenge assumptions
      2. Five threat actors
      3. Explore the program context
      4. Stress test the generic primitives
      5. and more
    4. Know yourself: seven defensive principles
      1. Domain primitives
      2. Immutable
      3. Context-aware validation
      4. and more
    5. Defensive programming against modern vulnerabilities:
      1. Unicode vulnerabilities
      2. Mass assignments
      3. Second-order bugs
      4. Server-Side Template Injection
      5. and more
    6. Write secure components:
      1. Secure token generation
      2. Secure file handling
    7. Wrap-up: hacking game
  • tl;dr

    From embedded systems to mobile applications JavaScript has become a programming language in every environment. This has opened up JavaScript programs to several new security issues that you will learn in this course.

    The course will cover trending JavaScript security bugs as well as NodeJS, ExpressJS, Angular, React and other popular JavaScript frameworks security issues. You will also learn what security checks you need to put in place to secure various parts of JavaScript programs.

    For who

    JavaScript developers, software testers, and penetration testers

    Duration: 1-2 days

    Register
    Syllabus
    1. Hello, World!: security assessment fundamentals
    2. The Art of War: four facts
    3. Know your enemy: a hacker mindset
      1. Challenge assumptions
      2. Five threat actors
      3. Explore the program context
      4. Stress test the generic primitives
      5. and more
    4. Know yourself: seven defensive principles
      1. Domain primitives
      2. Immutable
      3. Context-aware validation
      4. and more
    5. Defensive programming against modern vulnerabilities:
      1. Memory disclosures
      2. Regular Expression Denial of Service
      3. Second-order bugs
      4. Unicode vulnerabilities
      5. and more
    6. Write secure programs
      1. Secure file handling
      2. Secure token generation
    7. Wrap-up: hacking game
  • tl;dr

    Docker has become a de-facto for running infrastructure. But it has also resulted in new sets of security vulnerabilities. In this course, you will learn from a seasoned security professional their techniques to find Docker security weaknesses and how to effectively fix them

    The course will cover trending security misconfigurations in Docker. You will also learn what security checks you need to put in place to develop secure Docker images or safely use third-party images.

    For who

    Software engineers, software testers, system administrators, security champions, penetration testers and DevOps

    Duration: 1 day

    Register
    Syllabus
    1. Hello, World!: security assessment fundamental
    2. Docker inSecurity
      1. Docker Hub security incidents
      2. Docker Engine vulnerabilities
      3. Docker orchestration platform issues
      4. Docker insecure configurations
    3. Docker Insecure Configurations
      1. Privileged containers
      2. Engine exposure
      3. Secrets in Env
      4. Unnecessary capabilities
      5. Unknown images
      6. Host network and process access
      7. Privilege Escalation
    4. Wrap-up: write a hardened Docker image
  • tl;dr

    Application Security Testing or Penetration Testing is technique that you can learn and perform on your programs. In this course you will learn from a seasoned security professional his techniques to test any program in real-life.

    The course will cover fundamentals of penetration testing, how to developing misuse-cases, creating a threat model during software design and hunting for modern security vulnerabilities.

    For who

    Software engineers, testers, DevOps, system administrators, security champions, penetration testers and whoever wants to assess their own program like a security professional.

    Duration: 1-2 days

    Register
    Syllabus
    1. Hello, World!: Penetration Testing Lifecycle
    2. Where to look for vulnerabilities
    3. How to create misuse-cases and threat models
    4. Identify and exploit vulnerabilities
      1. Session management
      2. Output rendering
      3. User experience (UX)
      4. URL and file handling
      5. Business logic
      6. Second-order bugs
    5. Capture The Flag (CTF)

Delivery

Classroom

Security is complex but not when you learn in the right environment. Join our popular classroom-based courses.

Online

Are you interested in a specific security topic? Join our online instructor-led workshops

Platform

Busy and want to learn at your own pace? Try our Security Training platform at any time.

Put your contact detail below and we will be in touch with more information.

Thank you. We will be in touch shortly.

Meet Your Instructors

Join hundreds security enthusiasts at SecTalks to learn about latest in offensive and defensive security industry. SecTalks is a multi-national technical security community that we have founded in 2013.