Room 6 

09:00 - 17:00 


2 Days

Secure Coding and Secure Defaults

In today's digital landscape, secure coding practices and enforcing secure defaults are crucial to protect applications from ever-evolving cybersecurity threats. The "Secure Coding and Secure Defaults” 2-day training is designed to equip developers and software engineers with the knowledge and tools required to write secure code and establish strong security foundations. All security exercises will be performed using Semgrep OSS.


Day 1: General Agnostic Secure Coding Advice:On the first day of this intensive course, participants will dive into the fundamental principles and best practices for secure coding. They will gain a solid understanding of secure coding principles that can be applied across various programming languages and frameworks. The day will include theoretical discussions, practical examples, and suitable-for-work-memes.

DAY 1 Key Topics Covered:

  • Introduction to a Secure System Development Life Cycle (S-SDLC)
  • The 17 Commands of Secure Coding (according to Alice and Bob Learn Application Security, the book)
  • API Security Best Practices
  • Secure Design Principals
  • The OWASP Top Ten (2017 and 2021)
  • What Developers Need to Know if There’s a Security Incident

Day 2: Day two of this training will focus on how to use a Semgrep, a next generation static analysis tool, to enforce secure defaults and code quality standards, at scale. There will be hours of hands on exercises, starting from very simple to more advanced topics, using the open source and free version of Semgrep, so that you can immediately go back to you office and use what you learned to implement your own secure defaults at work.

Day 2 Key Topics Covered:

  • Overview of static analysis and its benefits
  • Why Secure Defaults
  • Why Security MUST Scale
  • What: Making the Secure Way the Easier Way
  • Who: Success Stories
  • Exploring Semgrep and it's features
  • Understanding secure coding rules and secure default configurations
  • Integrating static analysis into the development process
  • Configuring secure coding rule sets based on industry standards
  • Analyzing code for security vulnerabilities and quality issues
  • Incorporating secure coding into CI/CD pipelines
  • Hands-on with Semgrep (and bring your own code!)

Understand the importance of secure coding and its impact on application security
Acquire practical knowledge of secure coding principles and best practices
Gain familiarity with common vulnerabilities and effective mitigation techniques
Master the use of static analysis tools to enforce secure coding standards
Learn how to establish secure defaults in code configurations
Strengthen the ability to identify and remediate security vulnerabilities
Develop strategies to integrate secure coding practices into development workflows

Join us for the "Secure Coding and Secure Defaults" course and equip yourself with the essential skills and techniques to ensure that security is at the core of your code. Let's work together to build robust and resilient applications that withstand the ever-growing security challenges. Enroll today and secure your coding future!

Who should attend?
Anyone who writes code for a living or works in application security.

A basic understanding of software and how it is built (the SDLC). You will need to know how to code in one web related programming language other than HTML, but it does not matter which one. Ideally you’ve used GitHub before, but if not it’s no big deal; we can show you.

Computer setup
You will need wifi, a modern web browser (Chrome or Firefox), and a free GitHub account.

Tanya Janca

Tanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She is also the Head of Education and Community at Semgrep, sharing content and training that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty-five years, won countless awards, and has been everywhere from public service to tech giants, writing software, leading communities, founding companies and ‘securing all the things’. She is an award-winning public speaker & active blogger, and has delivered hundreds of talks on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives.

Claudio Merloni

Claudio is a veteran security expert. After completing his Master in Computer Engineering at the Politecnico di Milano University, he started a now more than 15 years long journey in the security space. Security consultant first, then moving through different roles, from technical sales engineering to security research and product engineering. This has allowed him to experience application security from a variety of perspectives.

He fell in love with static source code analysis early on and spent most of his career working with, and on, the leading static analysis solutions.

He’s now leading the security research team at Semgrep and trying to make the world a safer place, one rule at a time.

In his free time he enjoys doing way too many things. If he had to pick up four: synthesizer nerd, avid runner, beginner Go player, foreign languages enthusiast.