Building secure software is hard.


An attacker has to make just a few correct guesses, while a developer has to take care of a number of things from the start.

Cybersecurity skills are scarce and hard to attain. In building your software, they're essential to mitigate business risks (business continuity, reputation) and compliance risks (such as GDPR and industry-specific regulations like HIPAA, PCI DSS).

Being good at software development does not equal having good cyber security skills. It takes more than reading a few manuals to get things right.

60% of small businesses fold within 6 months of a cyber attack. — Inc.com.
Learn to prevent cyber attacks at their core

Modular curriculum that fits your needs

Introduction to Secure Software Development

Lecture, aimed at general audience. Introduction to developing secure software for developers and managers. Main concepts, things to know, mental models, and directions of effort.

Planning and implementing secure software architecture

Lecture + workshop, aimed at senior engineers and managers. Building architecture of secure software products - patterns, trust models, data flow and lifecycle.

Building secure web applications

Lecture + workshop, aimed at web developers. Understanding web stack, modern web application security and building applications that resist adversary attacks on all levels.

Building secure mobile apps

Lecture + workshop, aimed at mobile developers. Understanding mobile app security, how to build secure apps, main threat vectors and prevention techniques. Fundamentals, tips'n'tricks.

Security as a must-have attribute of your product

Lecture + workshop, aimed at product and project managers. Understanding product security risks and demands, planning roadmap, mapping SDL to real-world development.

Technical GDPR requirements for your product

Lecture, aimed at senior technical staff. Implementing technical controls for GDPR: sensitive data protection, user rights-related data management, ways to implement guiding principles.

Choose training depth relevant to your team's skillset

Basic

After intro lecture, we provide basic speciality trainings in web, mobile, architecture and project management parts of secure development processes.

Pro

Having some knowledge enables developers to get, aside from theoretical basics, a set of practical workshops that provide hands-on experience in building security controls into applications.

Some of the knowledge areas we typically cover in trainings

Honeypots OWASP ASVS, OWASP ASTG Security controls Security design patterns Secure coding, SAST/DAST Security/Vulnerability monitoring, SIEM Authentication, authorization, access control, ABAC/RBAC Identity management: SSO / IAM, MFA, SAML. Transport: TLS, VPN, IPsec Firewalls: network-layer, WAF, database Intrusion detection: IDS/HIDS/IPS Trust models Security lifecycle: OWASP CLASP, SSDLC End-to-end encryption Secret key encryption Public key encryption Key management & PKI KeyChain & Key storage Browser security iOS security Android security

Developer satisfaction after our trainings:

Want to learn more?

       

Program details PDF     Get in touch

Trainings by engineers with extensive teaching experience

We've built highly secure systems and trained others to do so.


We have built secure systems in finance, government security, healthcare. Our products and open-source libraries are adopted by developers from many industries, from small mobile apps taking care of healthcare record exchange to large-scale distributed systems storing sensitive financial data.

Aside from academic and practical background, our team members have experience in running application security workshops, teaching students cryptography academically, running security drills and trainings, educating people on security-related subjects on more than 40 conferences around the globe.
Book your training today!