Network security for developers
CYDNet3d
>
Audience
Developers working on networked applications
Group size
12 participants
Labs
Hands-on
Description
In our connected world, networked applications are more exposed to cyberattacks than ever – therefore, securing the communication between the system’s components is extremely important.
This course focuses on the “whys” and “hows” of secure communication. It provides foundational knowledge about essential cryptographic algorithms and their usage (hashing, encryption, digital signatures, PKI), and puts them into practice in a TCP/IP environment through practical exercises. Starting from the use of secure sockets and TLS certificate management, you’ll see a systematic overview of network attacks on each layer of the OSI model from data link to application. This includes classic attacks against IPv4 and IPv6 networks like ARP and NDP spoofing, DHCP starvation and SYN floods as well as more modern application-layer attacks such as DNS cache poisoning and Slowloris.
Of course the course also covers appropriate best practices and recommendations to prevent these attacks, from secure switch configuration to secure operating system settings and the proper use of secure protocols on each layer.
Because even if you don’t know about these attacks, the hackers certainly will!
Outline
What you will learn
Responsible AI in software development
CYDRespAI
>
Audience
All people involved in using GenAI or developing machine learning
Group size
12 participants
Labs
Hands-on
Description
Generative AI is inevitably transforming the software industry. Tools like ChatGPT or GitHub Copilot enable developers to code more efficiently than ever before. While this sparks excitement, it also raises concerns, and so many stakeholders tend to balance this optimism with caution. Though these tools are advancing rapidly, to date they still lack the necessary sophistication to consider various subtle but important aspects of software products. This course emphasizes the importance of understanding this evolution through the well-established principles of Responsible AI.
After a short overview of AI and specifically responsible AI, participants delve into the complex world of machine learning (ML), focusing on how these solutions can be compromised. Threats and vulnerabilities such as model evasion, poisoning, and inversion attacks are explained in a simple way, via real-world case studies and live demonstrations. Finally, we overview the security challenges of large language models (LLMs), exploring the practical defenses as well.
The course then highlights the capabilities and limitations of generative AI (GenAI) tools – like GitHub Copilot, Codeium or others -, offering insights into their role in code generation and beyond. Topics include smart prompt engineering, not only during the implementation phase, but also during requirements capturing, design, testing, and maintenance. Participants will learn best practices and pitfalls of using AI-generated code, with hands-on labs demonstrating potential security flaws such as dependency hallucination and path traversal. By the end, software engineers and managers will have a clear understanding of how to responsibly integrate GenAI tools into the various stages of the software development lifecycle.
Outline
What you will learn
Code responsibly with generative AI in Java
CYDJvWeb3dCop
>
Audience
Java developers using Copilot or other GenAI tools
Group size
12 participants
Labs
Hands-on
Description
Generative AI is transforming the software industry, with tools like GitHub Copilot and Codeium enabling developers to achieve unprecedented levels of efficiency. While this is exciting progress, it also raises important concerns, encouraging stakeholders to approach these technologies with care. Current AI tools often lack the nuanced understanding necessary to address subtle, yet critical aspects of software development, particularly in the domain of security.
This course provides a comprehensive insight into the responsible use of generative AI in coding. Participants delve into topics in software development that are most likely to be impacted by careless use of generative AI, including authentication, authorization, and cryptography. The curriculum also includes an analysis of how AI tools like Copilot handle secure coding practices related to key vulnerabilities outlined in the OWASP Top Ten, such as path traversal, SQL injection, or cross-site scripting.
Through hands-on learning and experimenting, participants will get a solid understanding of both the strengths and limitations of AI-assisted development. In addition, case studies of real-world incidents showcase the consequences of insecure code and demonstrate the dual nature of generative AI as both a resource and a potential risk.
By the end of the course, developers will be equipped with the knowledge and skills to integrate AI tools into the software development lifecycle responsibly, enhancing efficiency without compromising security or product quality.
Outline
What you will learn
Code responsibly with generative AI in Python
CYDPyWeb3dCop
>
Audience
Python developers using Copilot or other GenAI tools
Group size
12 participants
Labs
Hands-on
Description
Generative AI is transforming the software industry, with tools like GitHub Copilot and Codeium enabling developers to achieve unprecedented levels of efficiency. While this is exciting progress, it also raises important concerns, encouraging stakeholders to approach these technologies with care. Current AI tools often lack the nuanced understanding necessary to address subtle, yet critical aspects of software development, particularly in the domain of security.
This course provides a comprehensive insight into the responsible use of generative AI in coding. Participants delve into topics in software development that are most likely to be impacted by careless use of generative AI, including authentication, authorization, and cryptography. The curriculum also includes an analysis of how AI tools like Copilot handle secure coding practices related to key vulnerabilities outlined in the OWASP Top Ten, such as path traversal, SQL injection, or cross-site scripting.
Through hands-on learning and experimenting, participants will get a solid understanding of both the strengths and limitations of AI-assisted development. In addition, case studies of real-world incidents showcase the consequences of insecure code and demonstrate the dual nature of generative AI as both a resource and a potential risk.
By the end of the course, developers will be equipped with the knowledge and skills to integrate AI tools into the software development lifecycle responsibly, enhancing efficiency without compromising security or product quality.
Outline
What you will learn
Code responsibly with generative AI in C#
CYDCsWeb3dCop
>
Audience
C# developers using Copilot or other GenAI tools
Group size
12 participants
Labs
Hands-on
Description
Generative AI is transforming the software industry, with tools like GitHub Copilot and Codeium enabling developers to achieve unprecedented levels of efficiency. While this is exciting progress, it also raises important concerns, encouraging stakeholders to approach these technologies with care. Current AI tools often lack the nuanced understanding necessary to address subtle, yet critical aspects of software development, particularly in the domain of security.
This course provides a comprehensive insight into the responsible use of generative AI in coding. Participants delve into topics in software development that are most likely to be impacted by careless use of generative AI, including authentication, authorization, and cryptography. The curriculum also includes an analysis of how AI tools like Copilot handle secure coding practices related to key vulnerabilities outlined in the OWASP Top Ten, such as path traversal, SQL injection, or cross-site scripting.
Through hands-on learning and experimenting, participants will get a solid understanding of both the strengths and limitations of AI-assisted development. In addition, case studies of real-world incidents showcase the consequences of insecure code and demonstrate the dual nature of generative AI as both a resource and a potential risk.
By the end of the course, developers will be equipped with the knowledge and skills to integrate AI tools into the software development lifecycle responsibly, enhancing efficiency without compromising security or product quality.
Outline
What you will learn
Code responsibly with generative AI in C++
CYDCpp3dCop
>
Audience
C/C++ developers using Copilot or other GenAI tools
Group size
12 participants
Labs
Hands-on
Description
Generative AI is transforming the software industry, with tools like GitHub Copilot and Codeium enabling developers to achieve unprecedented levels of efficiency. While this is exciting progress, it also raises important concerns, encouraging stakeholders to approach these technologies with care. Current AI tools often lack the nuanced understanding necessary to address subtle, yet critical aspects of software development, particularly in the domain of security.
This course provides a comprehensive insight into the responsible use of generative AI in coding. Participants delve into topics in software development that are most likely to be impacted by careless use of generative AI, including authentication, authorization, and cryptography. The curriculum also includes an analysis of how AI tools like Copilot handle secure coding practices related to key vulnerabilities outlined in the OWASP Top Ten, such as path traversal, SQL injection, or cross-site scripting.
Through hands-on learning and experimenting, participants will get a solid understanding of both the strengths and limitations of AI-assisted development. In addition, case studies of real-world incidents showcase the consequences of insecure code and demonstrate the dual nature of generative AI as both a resource and a potential risk.
By the end of the course, developers will be equipped with the knowledge and skills to integrate AI tools into the software development lifecycle responsibly, enhancing efficiency without compromising security or product quality.
Outline
What you will learn
Web application security for PCI DSS 4.0 compliance
CYDPCIDSSMs
>
Audience
Managers and developers working on Web applications in banking and finance
Group size
12 participants
Labs
Hands-on
Description
The course aligns PCI DSS Requirements 4.0 with foundational concepts of secure coding, and thus natively serves the compliance with secure coding training requirement (6.2.2).
The comprehensive journey starts with laying down the basics of security, cybersecurity and secure coding, as well as PCI DSS itself. Participants then delve deep into secure configuration, cryptography and protection against malicious software, aligned to the Requirements.
Requirement 6 specifically focuses on development and maintenance of secure systems and software, and the corresponding chapter is therefore the broadest one. Topics include bug categorization, secure design and implementation principles. Approaches to input validation are followed up by some specific issues, like integer handling, injection or XSS. We also discuss common software security weaknesses, like error handling or code quality, as well as security of some commonly used data structures like XML or JSON.
The curriculum continues with a thorough examination of authentication, authorization and accountability challenges, and concludes with security testing methodology and specific testing techniques.
The course goes beyond theory, providing hands-on labs and real-world case studies from the financial sector. Participants emerge with a heightened understanding of secure coding best practices, ensuring the development of applications that safeguard sensitive payment card data and comply with the stringent requirements of PCI DSS 4.0 on a yearly basis.
Outline
What you will learn
Web application security in Java
CYDJvWeb3d
>
Audience
Java developers working on Web applications
Group size
12 participants
Labs
Hands-on
Description
Your Web application written in Java works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.
The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of Java, and extended by core programming issues, discussing security pitfalls of the Java language and the runtime environment.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Web application security in Java
CELJvWeb
>
Audience
Java developers working on Web applications
Labs
Online VM
Description
The course provides a comprehensive exploration of secure coding principles and practices tailored specifically for Java developers. Starting off from the foundations of cybersecurity, you will understand the consequences of insecure code by examining threats through the lens of the CIA triad.
In the main part of the material, you will systematically walk through the various vulnerabilities outlined in the OWASP Top Ten. As you progress through the modules investigating the intricacies of authentication and authorization, through realizing the practical aspects of cryptography, to tackling injection attacks, you will gain a deep understanding of both theoretical concepts and practical skills for securing Java web applications. Further subjects are aligned to some common software security weakness types, such as error handling, code quality or denial of service.
These modules go beyond just the theory. Not only do they identify vulnerabilities, show their consequences, and detail the best practices, but – through hands-on labs and real-world case studies – they offer practical experience in identifying, exploiting, and mitigating these security risks within Java-based web applications.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens in your code.
Nothing.
Outline
What you will learn
Extended Web application security in Java
CYDJvWeb4d
>
Audience
Java developers working on Web applications
Group size
12 participants
Labs
Hands-on
Description
Your Web application written in Java works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.
The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of Java, and extended by core programming issues, discussing security pitfalls of the Java language and the runtime environment.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Web application security masterclass in Java
CYDJvWeb5d
>
Audience
Java developers working on Web applications
Group size
12 participants
Labs
Hands-on
Description
Your Web application written in Java works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.
The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of Java, and extended by core programming issues, discussing security pitfalls of the Java language and the runtime environment.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Web application security in Python
CYDPyWeb3d
>
Audience
Python developers working on Web applications
Group size
12 participants
Labs
Hands-on
Description
Your Web application written in Python works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.
The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of Python, and extended by core programming issues, discussing security pitfalls of the programming language.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Web application security in Python
CELPyWeb
>
Audience
Python developers working on Web applications
Labs
Online VM
Description
The course provides a comprehensive exploration of secure coding principles and practices tailored specifically for Python developers. Starting off from the foundations of cybersecurity, you will understand the consequences of insecure code by examining threats through the lens of the CIA triad.
In the main part of the material, you will systematically walk through the various vulnerabilities outlined in the OWASP Top Ten. As you progress through the modules investigating the intricacies of authentication and authorization, through realizing the practical aspects of cryptography, to tackling injection attacks, you will gain a deep understanding of both theoretical concepts and practical skills for securing Python web applications. Further subjects include error handling, code quality or denial of service, as well as XML and JSON security, and security considerations of the Python platform.
These modules go beyond just the theory. Not only do they identify vulnerabilities, show their consequences, and detail the best practices, but – through hands-on labs and real-world case studies – they offer practical experience in identifying, exploiting, and mitigating these security risks within Python-based web applications.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens in your code.
Nothing.
Outline
What you will learn
Extended Web application security in Python
CYDPyWeb4d
>
Audience
Python developers working on Web applications
Group size
12 participants
Labs
Hands-on
Description
Your Web application written in Python works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.
The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of Python, and extended by core programming issues, discussing security pitfalls of the programming language.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Web application security masterclass in Python
CYDPyWeb5d
>
Audience
Python developers working on Web applications
Group size
12 participants
Labs
Hands-on
Description
Your Web application written in Python works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.
The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of Python, and extended by core programming issues, discussing security pitfalls of the programming language.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Web application security in C#
CYDCsWeb3d
>
Audience
C# developers working on Web applications
Group size
12 participants
Labs
Hands-on
Description
Your Web application written in C# works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.
The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of C#, and extended by core programming issues, discussing security pitfalls of the C# language and the ASP.NET framework.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Extended Web application security in C#
CYDCsWeb4d
>
Audience
C# developers working on Web applications
Group size
12 participants
Labs
Hands-on
Description
Your Web application written in C# works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.
The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of C#, and extended by core programming issues, discussing security pitfalls of the C# language and the ASP.NET framework.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Web application security masterclass in C#
CYDCsWeb5d
>
Audience
C# developers working on Web applications
Group size
12 participants
Labs
Hands-on
Description
Your Web application written in C# works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.
The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of C#, and extended by core programming issues, discussing security pitfalls of the C# language and the ASP.NET framework.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Secure coding in C and C++ (ARM)
CELCpARM
>
Audience
C/C++ developers
Labs
Online VM
Description
The ARM variant of the comprehensive C and C++ e-learning course provides a structured approach to understanding and addressing various aspects of secure coding in C and C++. After a primer on ARM assembly and memory operations, the curriculum addresses critical security issues related to memory management. The effects of various toolchain-level protection techniques you can apply to defend against such vulnerabilities (such as SSP, ASLR and NX) are also explained.
The secure coding modules are aligned to common software security weaknesses in all major categories: input validation, improper use of security features, code quality, error handling, time and state, and denial of service. The course also provides practical skills related to cryptography that every developer should understand (such as hashing, encryption, digital signatures, PKI), showing how to use these in OpenSSL. Finally, we give an overview of security testing tools and how to use them to find vulnerabilities in your code.
Through hands-on labs and real-world case studies, you will explore best practices to get the appropriate skills and master the secure coding mindset.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens in your code.
Nothing.
Outline
What you will learn
Secure coding in C and C++ (x64)
CELCpx64
>
Audience
C/C++ developers
Labs
Online VM
Description
The x64 variant of the comprehensive C and C++ e-learning course provides a structured approach to understanding and addressing various aspects of secure coding in C and C++. After a primer on x64 assembly and memory operations, the curriculum addresses critical security issues related to memory management. The effects of various toolchain-level protection techniques you can apply to defend against such vulnerabilities (such as SSP, ASLR and NX) are also explained.
The secure coding modules are aligned to common software security weaknesses in all major categories: input validation, improper use of security features, code quality, error handling, time and state, and denial of service. The course also provides practical skills related to cryptography that every developer should understand (such as hashing, encryption, digital signatures, PKI), showing how to use these in OpenSSL. Finally, we give an overview of security testing tools and how to use them to find vulnerabilities in your code.
Through hands-on labs and real-world case studies, you will explore best practices to get the appropriate skills and master the secure coding mindset.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens in your code.
Nothing.
Outline
What you will learn
Secure coding in C and C++
CYDCp3d
>
Audience
C/C++ developers
Group size
12 participants
Labs
Hands-on
Description
Your application written in C and C++ works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.
All this is put in the context of C and C++, and extended by core programming issues, discussing security pitfalls of these languages.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Secure coding in C and C++ masterclass
CYDCp5d
>
Audience
C/C++ developers
Group size
12 participants
Labs
Hands-on
Description
Your application written in C and C++ is tested functionally, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
Testing for security needs a remarkable software security expertise and a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life.
A special focus is given to finding all discussed issues during testing, and an overview is provided on security testing methodology, techniques and tools.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Secure coding in C and C++ for automotive
CYDCp_Auto
>
Audience
C/C++ developers
Group size
12 participants
Labs
Hands-on
Description
Your application written in C and C++ works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
To date vehicles become highly connected – not only between the internal components, but also to the outside worlds. Todays cars are already running millions of lines of source code, and this introduces a new set of risks to the industry that is historically concerned about safety. Even though some of the attacks are still theoretical, many of the standards already started introducing security considerations.
Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Secure coding in C and C++ for medical devices
CYDCp_MedDev
>
Audience
C/C++ developers developing medical devices
Group size
12 participants
Labs
Hands-on
Description
Your application written in C and C++ works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
The most important concern in the healthcare industry is naturally safety. However, once isolated medical devices became highly connected to date, which poses new kinds of security risks: from exposing sensitive patient information to denial of service. And remember, there is no safety without security!
Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.
All this is put in the context of medical devices developed in C and C++, and extended by core programming issues, discussing security pitfalls of these languages.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Secure coding in C and C++ - ARM
CYDCp3d_ARM
>
Audience
C/C++ developers
Group size
12 participants
Labs
Hands-on
Description
Your application written in C and C++ works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.
All this is put in the context of C and C++, and extended by core programming issues, discussing security pitfalls of these languages.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Secure coding in C and C++ masterclass - ARM
CYDCp5d_ARM
>
Audience
C/C++ developers
Group size
12 participants
Labs
Hands-on
Description
Your application written in C and C++ is tested functionally, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
Testing for security needs a remarkable software security expertise and a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life.
A special focus is given to finding all discussed issues during testing, and an overview is provided on security testing methodology, techniques and tools.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Secure coding in C++
CYDCpp3d
>
Audience
C/C++ developers
Group size
12 participants
Labs
Hands-on
Description
Embark on a comprehensive exploration of cybersecurity and secure coding practices in this intensive three-day course. It is primarily focusing on C++, but also integrates some C concepts. Based on a primer on machine code, assembly, and memory overlay (Intel and ARM versions available), the curriculum addresses critical security issues related to memory management. Various protection techniques on the level of source code, compiler, OS or hardware are discussed – such as stack smashing protection, ASLR or the non-execution bit – to understand how they work and make clear what we can and what we can’t expect from them.
The various secure coding subjects are aligned to common software security weakness categories, such as security features, error handling or code quality. Many of the weaknesses are, however, linked to missing or improper input validation. In this category you’ll learn about injection, the surprising world of integer overflows, and about handling file names correctly to avoid path traversal.
Through hands-on labs and real-world case studies, you will navigate the details of secure coding practices to get essential approaches and skills in cybersecurity.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Node.js web application security
CYDNdWeb3d
>
Audience
Node developers working on Web applications
Group size
12 participants
Labs
Hands-on
Description
Your Web application written in JS/TS works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.
The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of Node, and extended by core programming issues, discussing security pitfalls of the JS and TS language.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Web application security
CYDWeb3d
>
Audience
Web developers
Group size
12 participants
Labs
Hands-on
Description
Your application written in any programming language works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.
The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of Java, and extended by core programming issues, discussing security pitfalls of the Java language.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Extended Web application security
CYDWeb4d
>
Audience
Web developers
Group size
12 participants
Labs
Hands-on
Description
Your application written in any programming language works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.
The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of Java, and extended by core programming issues, discussing security pitfalls of the Java language.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Web application security masterclass
CYDWeb5d
>
Audience
Web developers
Group size
12 participants
Labs
Hands-on
Description
Your application written in any programming language works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.
The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of Java, and extended by core programming issues, discussing security pitfalls of the Java language.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Desktop application security in Java
CYDJvDsk3d
>
Audience
Java developers working on desktop applications
Group size
12 participants
Labs
Hands-on
Description
Your application written in Java works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.
All this is put in the context of Java, and extended by core programming issues, discussing security pitfalls of the Java language and the runtime environment.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Desktop application security in Python
CYDPyDsk3d
>
Audience
Python developers working on desktop applications
Group size
12 participants
Labs
Hands-on
Description
Your application written in Python works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.
All this is put in the context of Python, and extended by core programming issues, discussing security pitfalls of the programming language.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Desktop application security in C#
CYDCsDsk3d
>
Audience
C# developers working on desktop applications
Group size
12 participants
Labs
Hands-on
Description
Your application written in C# works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.
All this is put in the context of C#, and extended by core programming issues, discussing security pitfalls of the C# language and the .NET framework.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Machine learning security
CYDMLPy
>
Audience
Python developers working on machine learning systems
Group size
12 participants
Labs
Hands-on
Description
The course bridges the two worlds of cybersecurity and machine learning. Starting from the core cybersecurity principles, it highlights how ML systems are exposed to threats – both pre-existing threats from the world of software security affecting these systems in unexpected ways and completely new kinds of threats that require a deeper understanding of adversarial machine learning.
The first step of understanding the security of ML is to analyze the relevant threats. We synthesize a threat model (the assets to protect, the security requirements, the attack surface, potential attacker profiles, and the actual threat model represented via attack trees) based on the existing threat models of NIST, Microsoft, BIML, and OWASP. We then explore the relationship of security and ML, from ML-driven static analysis tools and IDS to a brief glimpse at ML-assisted attack tools used by hackers today. We look at the most significant threats against Large Language Models (LLMs), following the OWASP LLM Top 10 2025 (among others). The bulk of the course deals with adversarial machine learning, and a detailed discussion of the four main attack subtypes: evasion, poisoning, model inversion, and model stealing as well as practical aspects of these attacks. Various labs on adversarial attack techniques (model editing, poisoning, evasion, transfer attacks, model inversion, model extraction) offer practical insights into vulnerabilities, while a discussion of defense techniques such as adversarial training, certified robustness, and gradient masking provide the possible countermeasures.
In the rest of the course we discuss some common software security weakness categories, such as input validation, improper use of security features, time and state, error handling and using vulnerable components, putting them in the context of machine learning wherever relevant. Finally, participants are equipped with a solid foundation in cryptography, covering essential knowledge and skills every developer should have as well as techniques of special interest for machine learning such as multiparty computation, differential privacy, and fully homomorphic encryption.
Outline
What you will learn
Security testing Java Web applications
CYDWebJvTst3d
>
Audience
Java developers and testers working on Web applications
Group size
12 participants
Labs
Hands-on
Description
Your Web application written in Java is tested functionally, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
Testing for security needs a remarkable software security expertise and a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life.
The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.A special focus is given to finding all discussed issues during testing, and an overview is provided on security testing methodology, techniques and tools.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Security testing Python Web applications
CYDWebPyTst3d
>
Audience
Python developers and testers working on Web applications
Group size
12 participants
Labs
Hands-on
Description
Your Web application written in Python is tested functionally, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
Testing for security needs a remarkable software security expertise and a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life.
The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.A special focus is given to finding all discussed issues during testing, and an overview is provided on security testing methodology, techniques and tools.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Security testing C# Web applications
CYDWebCsTst3d
>
Audience
C# developers and testers working on Web applications
Group size
12 participants
Labs
Hands-on
Description
Your Web application written in C# is tested functionally, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
Testing for security needs a remarkable software security expertise and a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life.
The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.A special focus is given to finding all discussed issues during testing, and an overview is provided on security testing methodology, techniques and tools.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Security testing C and C++ applications
CYDCpTst3d
>
Audience
C/C++ developers and testers
Group size
12 participants
Labs
Hands-on
Description
Your application written in C and C++ is tested functionally, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
Testing for security needs a remarkable software security expertise and a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life.
A special focus is given to finding all discussed issues during testing, and an overview is provided on security testing methodology, techniques and tools.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Cloud application security in Java for AWS
CYDJvCldAWS5d
>
Audience
Java developers working on Web applications and AWS
Group size
12 participants
Labs
Hands-on
Description
Your cloud application written in Java works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
The cloud has become a critical aspect of online services. No matter which model you’re using (SaaS, PaaS, IaaS), part of your service is now operated by someone else. This may look like a net positive, but it also greatly expands the attack surface and brings in several new risks that may not be obvious. Have you configured all security settings correctly? Are you prepared for supply chain attacks? How can you protect the confidentiality of user data in the cloud? And most importantly: can the bad guys use your exposure to their advantage?
Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.
The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of Java, and extended by core programming issues, discussing security pitfalls of the Java language and the AWS cloud platform.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Cloud application security in Python for AWS
CYDPyCldAWS5d
>
Audience
Python developers working on Web applications and AWS
Group size
12 participants
Labs
Hands-on
Description
Your cloud application written in Python works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
The cloud has become a critical aspect of online services. No matter which model you’re using (SaaS, PaaS, IaaS), part of your service is now operated by someone else. This may look like a net positive, but it also greatly expands the attack surface and brings in several new risks that may not be obvious. Have you configured all security settings correctly? Are you prepared for supply chain attacks? How can you protect the confidentiality of user data in the cloud? And most importantly: can the bad guys use your exposure to their advantage?
Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.
The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of Python, and extended by core programming issues, discussing security pitfalls of the programming language and the AWS cloud platform.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Web application security in Java and C#
CYDJvCsWeb4d
>
Audience
Java and C# developers working on Web applications
Group size
12 participants
Labs
Hands-on
Description
Your application written in Java and C# works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.
The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of the discussed programming languages, and extended by core programming issues, discussing security pitfalls of the used frameworks.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Cloud application security in C# for Azure
CYDCsCldAz5d
>
Audience
C# developers working on Web applications and Azure
Group size
12 participants
Labs
Hands-on
Description
Your cloud application written in C# works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
The cloud has become a critical aspect of online services. No matter which model you’re using (SaaS, PaaS, IaaS), part of your service is now operated by someone else. This may look like a net positive, but it also greatly expands the attack surface and brings in several new risks that may not be obvious. Have you configured all security settings correctly? Are you prepared for supply chain attacks? How can you protect the confidentiality of user data in the cloud? And most importantly: can the bad guys use your exposure to their advantage?
Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.
The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of C#, and extended by core programming issues, discussing security pitfalls of the C# language and the Azure cloud platform.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Secure coding and security testing in Java for DevSecOps
CYDJvDop3d
>
Audience
Java architects, developers and testers
Group size
12 participants
Labs
Hands-on
Description
The course provides an in-depth exploration of security concerns and best practices tailored specifically for DevOps engineers working on Java software on the AWS cloud platform. Starting off from the foundations of cybersecurity, you will understand the consequences of insecure code by examining threats through the lens of the CIA triad.
In the main part of the material, you will go through the various security issues outlined in the OWASP Top Ten with a focus on DevSecOps issues – identity management in microservice and cloud environments, secure AWS configuration, securing CI / CD build processes, secrets management, and logging and monitoring. Finally, you’ll explore cloud security with a focus on security automation and tooling in AWS, the security of containers and container orchestration (Docker, Kubernetes), microservices, and Infrastructure as Code tools (CloudFormation, Terraform), and security testing tools relevant for DevSecOps.
These modules go beyond just theory. Not only do they show vulnerabilities, their consequences, and corresponding best practices, but – through hands-on labs and real-world case studies – they offer practical experience in identifying, exploiting, and mitigating these security risks.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn
Secure coding and security testing in C# for DevSecOps
CYDCsDop3d
>
Audience
C# architects, developers and testers working on web applications and Azure
Group size
12 participants
Labs
Hands-on
Description
The course provides an in-depth exploration of security concerns and best practices tailored specifically for DevOps engineers working on C# software on the Azure cloud platform. Starting off from the foundations of cybersecurity, you will understand the consequences of insecure code by examining threats through the lens of the CIA triad.
In the main part of the material, you will go through the various security issues outlined in the OWASP Top Ten with a focus on DevSecOps issues – identity management in microservice and cloud environments, secure Azure configuration, securing CI / CD build processes, secrets management, and logging and monitoring. Finally, you’ll explore cloud security with a focus on security automation and tooling in Azure, the security of containers and container orchestration (Docker, Kubernetes), microservices, and Infrastructure as Code tools (Azure Resource Manager, Terraform), and security testing tools relevant for DevSecOps.
These modules go beyond just theory. Not only do they show vulnerabilities, their consequences, and corresponding best practices, but – through hands-on labs and real-world case studies – they offer practical experience in identifying, exploiting, and mitigating these security risks.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
What you will learn