TRAINING

Training

Hands-on application security training, customized to the languages, frameworks, and vulnerabilities your developers actually face.

AAA-101

Application Security Awareness Training

Our Application Security Awareness Training for developers (AAA-101) meets the annual developer-training compliance requirements companies have — while delivering real security value for your organization.

The recommended two-hour version is customized to your organization, reflecting the issues that exist in the languages and frameworks you use as well as the recent vulnerabilities creeping into your security reviews. Organizations focused on Security Awareness Month in October will find it especially useful: training that goes beyond compliance to provide tips and insights that strengthen your security culture.

APPSEC-101

Application Security Fundamentals

Building secure software requires a deep understanding of common exploits and the professional techniques used to identify and remediate them.

What You’ll Learn:

Vulnerability Awareness: Identify risks from the latest OWASP Top 10 Web Application Security Risks.

Hands-on Exploitation: Learn to find and exploit vulnerabilities within a custom-built, intentionally vulnerable application.

Remediation: Gain practical experience in fixing security flaws and implementing preventative coding practices.

APPSEC-102

Advanced Application Security

This one-day course builds on foundational knowledge gained from AppSec-101, while exploring complex vulnerabilities and the advanced defenses required to prevent them.

What You’ll Learn:

Advanced Vulnerabilities: Deep dive into account takeover, insecure deserialization, and cross-site request forgery.

Defensive Mastery: Expand your skills in addressing complex injection and cross-site scripting flaws.

Tool Proficiency: Gain hands-on experience with Burp Suite and other automated vulnerability identification tools.

VibeSec-101

AI Development Security

Securely leveraging AI-assisted coding requires a shift in perspective—moving from reactive patching to proactive prevention during the development phase.

What You’ll Learn:

AI-Specific Security: Understand the unique risks and exploits associated with building applications using LLM agents.

Secure Prompting: Learn to guide AI assistants to generate secure, hardened code rather than exploitable output.

Lifecycle Integration: Effectively engage with AppSec fundamentals while utilizing AI-assisted development workflows.

ThreatModel-101

Strategic Threat Modeling

Developing threat models for modern applications requires more than just listing risks—it requires understanding the infrastructure, development processes, and the threat actors targeting your data.

What You’ll Learn:

Methodologies: Apply standard frameworks, including STRIDE, PASTA, and DREAD.

Perspectives: Analyze risk from multiple angles: asset-focused, process-focused, and threat-actor-focused.

Integration: Learn how to implement threat modeling directly into your existing Software Development Lifecycle (SDLC).

Stakeholder Engagement: Strategies for identifying key organizational stakeholders to ensure your threat models remain useful and accurate.

Train your developers to think like attackers

Talk to our team about training tailored to your stack.