To register, please purchase your training ticket
here. Training and conference are two separate ticket purchases.
3-Day Training: June 22-24, 2026
Level: Beginner
Trainer:
Jim ManicoYou may attend this training course in person or virtually
Description: This three-day security course is designed for software engineers and AppSec professionals who want to tailor their learning experience. Throughout the class, you’ll select the topics that interest you most—ensuring that the content aligns with your individual needs and goals. We’ll honor every participant’s topic requests, so you can dive deeper into the areas that matter most.
Students will choose from the following material:Core Modules- 00-00 Introduction to Application Security (1 hr): Goals and Threats in AppSec
- 00-01 Input Validation Basics (1 hr): Allowlist Validation, Safe Redirects
- 00-02 HTTP Security Basics (1.5 hrs): Response/Request Headers, Verbs, Secure Transport Basics
- 00-03 SOP and CORS (1 hr): Same-Origin Policy, Cross-Origin Resource Sharing Security
- 00-04 SQL and Other Injections (1.5 hrs): Parameterized Queries, Secure Database Configurations, Command Injection
- 00-05 Cross-Site Request Forgery (1.5 hrs): CSRF Defenses for Various Architectures
- 00-06 File Upload and File I/O Security (1 hr): Secure File Upload, File I/O Security
- 00-07 Deserialization Security (0.5 hr): Safe Deserialization Practices
- 00-08 Third-Party Library Security Management (1 hr): Ensuring Third-Party Library Security
- 00-09 Security Logging and Monitoring (0.5 hr): Security-Focused Logging
- 00-10 Application Layer Intrusion Detection (0.5 hr): Detecting App Layer Attacks
- 00-11 Threat Modeling Fundamentals (1 hr): Security Design via Threat Modeling
- 00-12 Forms and Workflows Security (0.5 hr): Secure Handling of Complex Form Workflows
API Security- 01-00 API and REST Security (2 hrs): REST Design, XML, XXE, JSON, API Access Control
- 01-01 Microservice Security (2 hrs): Security Architectures in Microservices
- 01-02 JSON Web Tokens (JWT) (1 hr): Addressing JWT Security Challenges
- 01-03 gRPC Security (1 hr): gRPC Security Architecture
Foundations of AI Security- 02-00 Introduction to AI Security (1 hr): Overview of AI Security Concepts, Threats, and Mitigations
- 02-01 OWASP Top 10 for Large Language Model (LLM) Applications (4 hrs): Top 10 Practices for Protecting Large Language Model Applications
AI Secure Development Practices- 02-10 AI for Code Creation (1 hr): Exploring the Security Implications of Using AI for Code Generation
- 02-11 React Security Prompt Engineering (
