TRAINING
Training
Hands-on application security training, customized to the languages, frameworks, and vulnerabilities your developers actually face.
AAA-101
Application Security Awareness Training
Our Application Security Awareness Training for developers (AAA-101) meets the annual developer-training compliance requirements companies have — while delivering real security value for your organization.
The recommended two-hour version is customized to your organization, reflecting the issues that exist in the languages and frameworks you use as well as the recent vulnerabilities creeping into your security reviews. Organizations focused on Security Awareness Month in October will find it especially useful: training that goes beyond compliance to provide tips and insights that strengthen your security culture.
APPSEC-101
Application Security Fundamentals
Building secure software requires a deep understanding of common exploits and the professional techniques used to identify and remediate them.
What You’ll Learn:
Vulnerability Awareness: Identify risks from the latest OWASP Top 10 Web Application Security Risks.
Hands-on Exploitation: Learn to find and exploit vulnerabilities within a custom-built, intentionally vulnerable application.
Remediation: Gain practical experience in fixing security flaws and implementing preventative coding practices.
APPSEC-102
Advanced Application Security
This one-day course builds on foundational knowledge gained from AppSec-101, while exploring complex vulnerabilities and the advanced defenses required to prevent them.
What You’ll Learn:
Advanced Vulnerabilities: Deep dive into account takeover, insecure deserialization, and cross-site request forgery.
Defensive Mastery: Expand your skills in addressing complex injection and cross-site scripting flaws.
Tool Proficiency: Gain hands-on experience with Burp Suite and other automated vulnerability identification tools.
VibeSec-101
AI Development Security
Securely leveraging AI-assisted coding requires a shift in perspective—moving from reactive patching to proactive prevention during the development phase.
What You’ll Learn:
AI-Specific Security: Understand the unique risks and exploits associated with building applications using LLM agents.
Secure Prompting: Learn to guide AI assistants to generate secure, hardened code rather than exploitable output.
Lifecycle Integration: Effectively engage with AppSec fundamentals while utilizing AI-assisted development workflows.
ThreatModel-101
Strategic Threat Modeling
Developing threat models for modern applications requires more than just listing risks—it requires understanding the infrastructure, development processes, and the threat actors targeting your data.
What You’ll Learn:
Methodologies: Apply standard frameworks, including STRIDE, PASTA, and DREAD.
Perspectives: Analyze risk from multiple angles: asset-focused, process-focused, and threat-actor-focused.
Integration: Learn how to implement threat modeling directly into your existing Software Development Lifecycle (SDLC).
Stakeholder Engagement: Strategies for identifying key organizational stakeholders to ensure your threat models remain useful and accurate.
Talk to our team about training tailored to your stack.
