Developer Training

Developer training is an important piece in any Secure Software Development Lifecycle.

Developer Training is a one-day course encompassing an overview of Information Security and how to incorporate Information Security into the software development process. Developers will learn through a combination of lectures, demonstrations, and hands-on labs. The latest application exploits will be covered with a discussion of real world assessment experiences, breach incidents, as well as secure coding practices.


This training experience will help developers learn the fundamentals of secure coding by allowing them to exploit coding flaws through hands-on labs. When paired with a previous SecureState application assessment, SecureState can use vulnerabilities found in the client’s own applications. This allows developers to discuss real vulnerabilities that they may have coded.


SecureState has a long history of educating local security groups, speaking worldwide on application security, and performing training for our clients who want to learn about application security. SecureState’s instructors possess extensive experience in application penetration testing combined with a comprehensive background in software development. Our instructors frequently speak at large security conferences on cutting edge research in the application security community.

Typical Training Agenda

Developer training familiarizes application developers, testers, and administrators with the methodologies necessary to create, maintain, and host secure applications. Attendees are exposed to actual techniques and tools used in industry as well as provided with hands-on experience using these techniques and tools to exploit real vulnerabilities. Training focuses on the Open Web Application Security Project (OWASP) Top 10, a broad industry consensus of the ten most prevalent and/or critical security flaws found in real-world applications. Each of the ten vulnerabilities is covered in-depth and accompanied by a lab or demonstration.

Once familiar with the OWASP Top 10, attendees are instructed on more advanced topics including vulnerability linkage theory and application defense. Vulnerability linkage is studied via case studies of real world incidents in which attackers exploited a series of simpler vulnerabilities to achieve a complex objective. Developers are also given the opportunity to execute such complex objectives in a series of challenging labs which build on the individual vulnerabilities in the OWASP Top 10. Finally, training covers application defense methodology including secure development practices, code review, software testing, and various software solutions to defend deployed applications.

Additionally, SecureState’s Developer training covers all of the vulnerabilities identified by the PCI Council as required for PCI 3.1 compliance. Developer training is not only a vital portion of any application defense strategy, but a critical component to PCI compliance efforts as well.

Get Started!