Day 1: General Agnostic Secure Coding Advice:On the first day of this intensive course, participants will dive into the fundamental principles and best practices for secure coding. They will gain a solid understanding of secure coding principles that can be applied across various programming languages and frameworks. The day will include theoretical discussions, practical examples, and suitable-for-work-memes.

DAY 1 Key Topics Covered:

• Introduction to a Secure System Development Life Cycle (S-SDLC)
• The 17 Commands of Secure Coding (according to Alice and Bob Learn Application Security, the book)
• API Security Best Practices
• Secure Design Principals
• The OWASP Top Ten (2017 and 2021)
• What Developers Need to Know if There’s a Security Incident

Day 2: Day two of this training will focus on how to use a Semgrep, a next generation static analysis tool, to enforce secure defaults and code quality standards, at scale. There will be hours of hands on exercises, starting from very simple to more advanced topics, using the open source and free version of Semgrep, so that you can immediately go back to you office and use what you learned to implement your own secure defaults at work.

Day 2 Key Topics Covered:

• Overview of static analysis and its benefits
• Why Secure Defaults
• Why Security MUST Scale
• What: Making the Secure Way the Easier Way
• Who: Success Stories
• Exploring Semgrep and it's features
• Understanding secure coding rules and secure default configurations
• Integrating static analysis into the development process
• Configuring secure coding rule sets based on industry standards
• Analyzing code for security vulnerabilities and quality issues
• Incorporating secure coding into CI/CD pipelines
• Hands-on with Semgrep (and bring your own code!)

Objectives:
Understand the importance of secure coding and its impact on application security
Acquire practical knowledge of secure coding principles and best practices
Gain familiarity with common vulnerabilities and effective mitigation techniques
Master the use of static analysis tools to enforce secure coding standards
Learn how to establish secure defaults in code configurations
Strengthen the ability to identify and remediate security vulnerabilities
Develop strategies to integrate secure coding practices into development workflows

Join us for the "Secure Coding and Secure Defaults" course and equip yourself with the essential skills and techniques to ensure that security is at the core of your code. Let's work together to build robust and resilient applications that withstand the ever-growing security challenges. Enroll today and secure your coding future!

Who should attend?
Anyone who writes code for a living or works in application security.

Prerequisites
A basic understanding of software and how it is built (the SDLC). You will need to know how to code in one web related programming language other than HTML, but it does not matter which one. Ideally you’ve used GitHub before, but if not it’s no big deal; we can show you.

Computer setup
You will need wifi, a modern web browser (Chrome or Firefox), and a free GitHub account.