Secure Coding Education

Web, Webservices, Mobile


Web – Webservice – Mobile

The major cause of web insecurity is insecure software development practices. This highly intensive and interactive course provides essential application security training for web application, webservice and mobile software developers and architects.

Jims classes are a combination of lecture, security testing demonstration and code review. Students will learn the most common threats against applications. More importantly, students will learn how to code secure web solutions via defense-based code samples.

As part of this course, we will explore the use of third-party security libraries and frameworks to speed and standardize secure development. We will highlight production quality API's from various languages and frameworks that provide production quality and scalable security controls.

Jims courses include secure coding information for Java, PHP and .NET programmers, but any software developer building web applications, webservices or mobile applications will benefit.

Who Should Attend?

Any web application developer, architect, web security professional or other software development professional who is tasked with building secure web applications, web services or mobile applications.

Logistics Requirements

Students should bring a basic laptop, tablet or smart phone that can read a PDF. The courseware will be distributed digitally.

Custom Course Development

Jim offers custom onsite developer training which pulls from the following topics.

  • HTTP Basics and Introduction
  • SQL and other Injection
  • Authentication
  • Basic XSS Defense
  • Advanced XSS Defense
  • Content Spoofing and HTML Hacking
  • Access Control
  • Cross Site Request Forgery
  • Clickjacking
  • Applied Crypto Basics
  • Mobile Security
  • SDLC Architecture
  • App Layer Intrusion Detection
  • Webservice Security
  • HTML5 Security Considerations
  • Multi-form Workflow Security Considerations
  • Introduction to Threat Modeling

For more information please contact

Day 1 Sample Schedule

10.00 AM Introduction, HTTP Basics, SQL Injection
11.00 AM Authentication
12.00 AM XSS Defense, Content Spoofing, HTML Hacking
1:00 PM The Access Control Lunch, Open Q/A
2:00 PM Cross Site Request Forgery, Clickjacking
3:00 PM Applied Crypto Basics
4:00 PM App Layer Intrusion Detection
5:00 PM Webservice/Mobile Security Basics

The Professor

Jim Manico Secure Coding

Jim Manico

Jim Manico authors and delivers developer security awareness training and has a 20 year history building software as a developer and architect. Jim is also a global board member for the OWASP foundation where he helps drive the strategic vision for the organization. He manages and participates in several OWASP projects, including the OWASP cheat sheet series and several secure coding projects. For more information, see Jim can be reached at or (808) 652-3805.