Description
This 2 hour training is intended to give developers the skills needed to use the Content-Security-Policy (CSP) as a security-in-depth measure in web applications. The aim is to demystify CSP shedding light on its importance and functionality. The focus is on understanding and implementing CSP in a way that it mitigates several attacks by instructing the victim’s web browser on expected behavior. This way you can minimize the chances of your end users falling prey to hackers targeting them via phishing or by leveraging another vulnerability in your web application. The workshop navigates through the complexities of client-side vulnerabilities and how they can be used by hackers to cause harm to a web application. With a well-configured CSP in place a crucial defense mechanism is built into your applications. Another key topic is the examination of methods malicious actors employ to bypass CSPs. This segment is not just about identifying potential threats but also about understanding and developing robust strategies to counter these challenges. The workshop is structured to cater to a wide range of participants from those new to CSP to experienced web developers and security experts. The goal is to offer valuable insights into the subtleties of Content-Security-Policy encouraging a deeper understanding and application of this crucial security measure.

Target Audience
Everyone in your organization who is involved with (or interested in) the technical aspects of software delivery process.
The session lasts 2 hours, can accommodate an unlimited number of participants, and is available in virtual, on‑site, or mass‑lecture formats.

Description
Cryptography, while complex, is an integral part of secure software development. In this workshop, we’ll attempt to demystify the mathematical concepts of cryptography and illuminate its vital role throughout the Software Development Life Cycle (SDLC). We’ll delve into key cryptographic principles, their application, and common pitfalls to avoid.

Target Audience
Developers and other technically savvy staff who what to get a better understanding of the “black magic” that mystifies this topic.
The session runs for 3 hours, accommodates up to 15 participants, and can be delivered virtually or on‑site.

Description
This awareness session explains the common threats for software applications from an attacker point of view, by using real‑world data breaches and what the attacked companies could have done to prevent it.

Target Audience
Everyone in your organization who is involved with the software delivery process.
The session lasts 2 hours, accommodates an unlimited number of participants, and can be delivered virtually, on‑site, or as a mass lecture.

Description
This workshop is intended to give the participant an understanding of techniques employed by hackers, bug bounty penetration testers in the real world when attacking applications that communicate over the web using HTTP(S). Via theory and hands‑on hacking exercises, you will get a peek into the more practical side of cyber security. Without being too overwhelming on the bits-and-bytes-front, it serves as a true eye‑opener for anyone involved in software development, both technical and non‑technical.

The workshop is delivered as an awareness session which does not require the participants to install any tooling. Practical examples will be shown on‑screen with ample opportunity for audience interaction.

Target Audience
Everyone in your organization who is involved with (or interested in) the technical aspects of software delivery process.
The 2‑hour session can accommodate an unlimited number of participants and is available virtually, on‑site, or as a mass lecture.

Description
The realm of Application Security is vast and complex, yet mastering its fundamentals is crucial in today’s digital age. This interactive session introduces the participants to the cornerstones of Application Security, diving into the essential principles, exploring the common security vulnerabilities via examples, and discuss the key aspects of a Secure Development Life Cycle (SSDLC). Through code examples and case studies we create clarity in an opaque subject matter to help participants move forward in application security awareness.

Target Audience
Everyone in your organization who is involved with (or interested in) the technical aspects of software delivery process.
This 2‑hour session accommodates an unlimited number of participants and can be delivered virtually, on‑site, or as a mass lecture, providing flexible options to suit your organization’s needs.

Description
This session introduces the participant to the two major protocols that drive identity and access for modern web applications : OAuth2 and OpenID Connect. Ubiquitous, yet often confused and rarely well understood. In this session we aim to help participants
• distinguish between them (It’s harder than you think)
• learn the basic mechanics behind them
• recognize the use cases of when to use which one

Target Audience
Everyone in your organization who is involved with (or interested in) the technical aspects of software delivery process.
The 3‑hour session can accommodate an unlimited number of participants and is available in virtual, on‑site, or mass lecture formats.

Description
This session introduces the participant to the two major protocols that drive identity and access for modern web applications : OAuth2 and OpenID Connect. Ubiquitous, yet often confused and rarely well understood. In this two hour session we aim to help participants
• distinguish between them (It’s harder than you think)
• learn the basic mechanics behind them
• recognize the use cases of when to use which one

Target Audience
Everyone in your organization who is involved with (or interested in) the technical aspects of software delivery process.
The session lasts 1 hour, accommodates up to 15 participants, and can be delivered virtually or on‑site.

Description
This session is designed to equip you with the knowledge to confidently embrace open-source technologies whilst avoiding getting into any legal trouble for a licensing infringement.

Target Audience
Everyone in your organization who is involved with the software delivery process.
The session lasts 1 hour, can accommodate an unlimited number of participants, and can be delivered virtually, on‑site, or as a mass lecture.

Description
In this 4-hour session we present OWASP as a source of information to help an organization organize the security of software products. The goal of this session is twofold:

Present an overview of what OWASP is, how it can be used and why this would be needed

Create a sense of urgency for the participants by showing several examples of recent security breaches, how they happened and how they could have been avoided by using information and/or tools available from OWASP

OWASP currently contains more than 250 open-source projects. We will present an overview and ensure the participants can find their way around the different projects. (+/- 30 minutes)

Target Audience
Everyone in your organization who is involved with the software delivery process.
The session is designed for up to 25 participants and can be delivered virtually, on‑site, or as a mass lecture, lasting four hours.

Description
This session introduces one of the most well-known yet frequently misunderstood OWASP projects: the OWASP Top 10. More than just a list of vulnerabilities, the OWASP Top 10 is an awareness document that highlights the most critical security risks to web applications.

Target Audience
Everyone in your organization who is involved with (or interested in) the technical aspects of software delivery process.
This session lasts 1 hour, can accommodate an unlimited number of participants, and is available in virtual, on‑site, or mass lecture formats.

Description
In this awareness session, we aim to give the attendee a basic understanding of Dynamic Application Security Testing. We’ll cover what it is (and isn’t) and conclude with a short demonstration.

Target Audience
Everyone in your organization who is involved with (or interested in) the technical aspects of software delivery process.
This 1‑hour session is suitable for groups of 15 to 25 participants and can be delivered virtually, on‑site, or as a mass lecture.

Description
This “Introduction to Software Bill of Materials (SBOM)” session is designed to introduce professionals in the software industry to SBOM’s and their importance in defending against cyber-attacks. If you currently do not have a crystal-clear view of the third-party components in your product, a cyber attack may well hit you through your supply chain.

This session can be organized independently, but also combines very well with our “Open-Source Licensing” workshop. (link to the Open-Source Licensing)

Target Audience
Everyone in your organization who is involved with the software delivery process.
The session lasts 1 hour and accommodates groups of 15 to 25 participants, and can be delivered virtually, on‑site, or as a mass lecture.

Description
In this awareness session, we will discuss some of the most commonly used security-related response headers. HTTP Response headers are one of the few mechanisms that servers can use to communicate to browsers how to prevent, detect and respond to a client-side threat. We’ll be discussing straightforward headers, which can be centrally set identically for all responses, as well as context- and page-dependent headers and where to set them best.

Target Audience
Everyone in your organization who is involved with (or interested in) the technical aspects of software delivery process.
The session lasts 1 hour, accommodates groups of 15 to 25 participants, and can be delivered virtually, on‑site, or as a mass lecture.

Description
APIs are the backbone of data exchange and are increasingly targeted in malicious cyber attacks. This introductory session dives into the top 10 API vulnerabilities as identified by OWASP. We’ll explore each vulnerability, its potential impact, and effective countermeasures to prevent them, including real‑world examples.

Target Audience
Everyone in your organization who is involved with (or interested in) the technical aspects of software delivery process.
The 2‑hour session accommodates groups of 15 to 25 participants and can be delivered either virtually or on‑site.

Description
This half day workshop teaches a subset of the OWASP Top 10 for APIs and Web Applications, going more in depth on access control, injection, system configuration and logging/auditing issues in the context of modern, multi-service web applications and APIs. We start with theoretical examples of API vulnerabilities, and practical coding / architecture patterns and best practices to mitigate them.

The second part is a guided hacking session using a network interception tool like ZAP or Burpsuite against the “OWASP crAPI”, a modern web application which is purposely vulnerable against the vulnerabilities discussed in the theory.

Target Audience
Web app developers, testers, devops.
The 4‑hour workshop accommodates up to 15 participants and can be delivered virtually or on‑site.

Description
AI-powered tools accelerate software development but also introduce significant, often-overlooked security risks. Using results from recent studies, we demonstrate that currently AI-generated code contains more vulnerabilities than human-written code. We will explore the root causes, from flawed training on public codebases to the emergence of novel threats. Attendees will gain a clear understanding of the multifaceted security landscape of AI-assisted coding and the urgent need for new governance and verification strategies.

Target Audience
Everyone in your organization who is involved with the software delivery process.
The 2‑hour session accommodates an unlimited number of participants and can be delivered virtually, on‑site, or as a mass lecture.

Description
In the face of escalating cyber threats, secure software development is no longer a choice, but a necessity. The Secure Software Development Life Cycle (SSDLC) equips you with the framework needed to weave security into every stage of your software development process. This introductory session explores the transformation from SDLC to SSDLC, integrating crucial security practices into each phase of your software development. From requirements gathering to deployment and maintenance, we’ve got it all covered. You’ll also gain valuable insights from real‑world case studies of SSDLC implementation.

Target Audience
Everyone in your organization who is involved with the software delivery process.
The session lasts 1 hour, can accommodate an unlimited number of participants, and is available virtually, on‑site, or as a mass lecture.

Description
Building a robust Software Assurance strategy is a complex endeavor. That’s where OWASP’s Software Assurance Maturity Model (SAMM) proves its worth. This session offers a comprehensive exploration of SAMM, breaking down its key components and illustrating how to use it to evaluate and enhance your organization’s software assurance strategy. Through an in-depth exploration of Business Functions, Maturity Levels, and Security Practices, as well as a practical case study, you’ll gain a solid foundation and actionable insights.

Target Audience
Everyone in your organization who is involved with the software delivery process.
The 2‑hour session accommodates up to 15 participants and can be delivered virtually or on‑site.

Description
The OWASP Application Security Verification Standard (ASVS) ( has as a primary aim to normalize the range in the coverage and level of rigor available in the market when it comes to performing Web application security verification using a commercially-workable open standard. We will learn how to distinguish between security levels needed for applications and what the resulting requirements are as well on how to test these requirements later on.

Target Audience
Everyone in your organization who is involved with the software delivery process.
This 1 hour session can accommodate an unknown number of participants and is available in virtual, on‑site, or mass lecture formats.

Description

Wouldn’t it be nice to know in advance the key elements required to build secure software right from the start? Unfortunately, every development framework allows you to configure things in an insecure way, so it is clear that something extra must be done. This is where the concept of “security requirements” come in. They differ from functional requirements because they often dictate something that SHOULDN’T happen. Security issues are often unintended byproducts of well-intended features, so scrutinizing these is paramount to (re)gain a good security posture for your organization. In this session we’ll dive into the rules of well‑written security requirements, how to test them.

Target Audience

Everyone in your organization who is involved with (or interested in) the technical aspects of software delivery process.
This 2‑hour session can be delivered virtually, on‑site, or as a mass lecture.

Description
This introduction to threat modeling gives the participants a high-level primer on the core concepts of threat modeling, using group exercises to get the participants some hands‑on practice. Participants interested in deepening their knowledge on the topic can enroll in our Threat Modeling Practitioner course.

Target Audience
Everyone in your organization who is involved with (or interested in) the technical aspects of threat modeling.
The session lasts 3 hours, accommodates up to 15 participants, and can be delivered virtually or on‑site.

Description
This training program focuses on raising awareness and strengthening defenses against phishing and malware attacks. Participants will learn how to identify suspicious emails, malicious links, and harmful attachments, understand common attack techniques used by cybercriminals, and apply best practices to prevent security incidents in their daily work.

Target Audience
Every IT admin inside an organization
The 2‑hour session can accommodate an unknown number of participants and is available both virtually and on‑site.

Description
What is cross-site scripting and how do we prevent it.

Target Audience
Everyone in your organization who is involved with the software delivery process.
The one‑hour session can accommodate groups of any size and is available virtually, on‑site, or as a mass lecture.

Description

Extension to the introductory course

Description
Interactive session to answer questions on the best practices and practical application of security test strategies. This includes but is not limited to SAST, DAST, SCA, regression testing, unit vs integrations vs end to end testing etc.

Target Audience
Everyone in your organization who is involved with the software delivery process. This 2 hour session can be delivered virtually, on‑site, or as a mass lecture and can accommodate an unknown number of participants.

Description
Interactive session to answer questions on the best practices and practical application of security test strategies. This includes but is not limited to SAST, DAST, SCA, regression testing, unit vs integration vs end to end testing etc.

Target Audience
Everyone in your organization who is involved with (or interested in) the technical aspects of software delivery process.
The session runs for 2 hours, can accommodate an unknown number of participants, and is available both virtually and on‑site.

Description
Security that is “bolted on” at the end of your project usually leads to expensive fixes and lots of rework. Having security “built-in” as requirements without grinding your development speed to a halt is a delicate art that can be taught. With this session you’ll gain more understanding of preventable security nightmares by approaching your early sprints in a smart way.

Target Audience
Everyone in your organization who is involved with (or interested in) the technical aspects of software delivery process.
The session lasts 2 hours, can accommodate an unlimited number of participants, and is available both virtually and on‑site.

Description
For secure transmission of data across an untrusted network, applying transport encryption is an absolute must. Unfortunately, when using or allowing older protocols, there are still some ways for attackers to bypass this protection mechanism and eavesdrop on the conversation. With this workshop we aim to demonstrate how attackers leverage interception techniques to break older versions of the Transport Layer Security (TLS) protocol.

Target Audience
Everyone in your organization who is involved with (or interested in) the technical aspects of software delivery process.
The session can be delivered virtually, on‑site, or as a mass lecture.

Description
As pre-production environments are loaded with new versions of your software, you want to make sure that it works with real-life data. Often times, this leads to copying and (best-case) pseudonymizing real data. While this approach has a few conveniences, there is often a confidentiality and/or privacy risk involved when not properly hiding the true identity of the data subjects. Well-executed anonymization/pseudonymization is not easy and this session aims to underscore the how, what and why of that process. We also explore synthesizing test data sets through the use of Artificial Intelligence to avoid having to use real data altogether.

Target Audience
Everyone in your organization who is involved with the software delivery process.
The session lasts 1 hour, can accommodate an unknown group size, and is available both virtually and on‑site.

Description
This half-day awareness session starts with the fundamentals of information security, then highlights some of the largest breaches, before diving into the changing regulatory landscape and discussing what approaches an organization can take to ensure they create secure products, diving deep into the practices in an SSDLC. This session is an excellent follow‑up session after an initial SAMM roadmap kickoff, it is intended for a mixed technical audience and provides a foundational structure that other trainings can build on.

Target Audience
Everyone in your organization who is involved with the software delivery process.
The 3‑hour session accommodates unlimited participants and can be delivered virtually, on‑site, or as a mass lecture.

Description

In this technical session, we aim to help you understand the concept of Cross-Site Scripting (XSS) attacks. The anatomy of an XSS is relatively straightforward; however, the potential consequences can be devastating. This ranges from being able to change text on a webpage in one person’s browser all the way to an account takeover or theft of thousands of credit card numbers. With this in mind, we will take a closer look at these attacks by using a real‑world case study as well as simulating one via QR‑code scanning with your mobile phone…

Target Audience

Everyone in the organizaton who is involved with technical aspects of software delivery automation: development, QA automation, devops, release engineering, … This 1 hour session can be delivered virtually, on‑site, or as a mass lecture, accommodating groups of any size.

Description
This session provides an overview of automated SAST/DAST/SCA tools, as well as manually created security tests, and what their respective strengths and weaknesses are. After following this session, participants should have a good idea of which tools to apply to detect which security risks, and in which stages of the development process or CI/CD pipeline.

Target Audience
Everyone in the organizaton who is involved with technical aspects of software delivery automation: development, QA automation, devops, release engineering, …
The 1 hour session accommodates unlimited participants and can be delivered virtually, on‑site, or as a mass lecture.

Description
This is an awareness session built around the OWASP CI/CD Top 10 to demonstrate the ways a CI/CD pipeline can be attacked and defended. It also covers some case studies of real-world CI/CD breaches such as the SolarWinds incident. This session is intended for a technical audience that has some awareness of how CI/CD pipelines are structured.

Target Audience
Everyone in the organizaton who is involved with technical aspects of software delivery automation: development, QA automation, devops, release engineering, …
The 2‑hour session accommodates unlimited participants and can be delivered virtually, on‑site, or as a mass lecture, whichever best fits your needs.

Description
Join us for an in-depth exploration of safeguarding your MS Active Directory domain against a myriad of cyber threats. This session will cover defensive strategies tailored to combat common attack vectors such as password attacks, privilege escalation, and reconnaissance techniques used by malicious actors. From implementing robust authentication mechanisms to fortifying against insider threats, we’ll equip you with practical insights and actionable steps to fortify your Active Directory environment against evolving security threats.

Target Audience
Every IT admin inside an organization.
It can be delivered virtually or on‑site, providing flexible options for your team.

Description
This interactive training session will challenge developers to look at their mobile applications through the lens of an attacker. We will dig into some vulnerable Android applications with common coding faults. This session can be extended by 2 hours to include a small CTF.

Target Audience
Mobile Developers
The session runs for 2 hours, supports an unlimited group size, and can be delivered virtually or on‑site.

Description
This session will focus on understanding how to assess a company’s online presence by exploring and analyzing publicly available information. Participants will learn how to identify what data an organization unintentionally exposes on the internet, how this information can be collected, and what insights it can reveal. We will cover practical techniques for gathering open-source intelligence (OSINT), spotting potential risks, and understanding how attackers might use this information. By the end of the session, you’ll have a clearer view of how to evaluate an organization’s digital footprint and how this knowledge can help strengthen overall security.

Target Audience
Everyone in your organization who is involved with (or interested in) the technical aspects of ethical hacking.
This 1‑hour session accommodates groups of 15 to 25 participants and can be delivered virtually or on‑site.

Description
This session takes a deep dive into the methods and strategies used by physical intruders to gain access to sensitive information inside a company’s facilities. We will explore how attackers exploit human behavior, building layouts, and weak security procedures to enter restricted areas without raising suspicion. Participants will learn about common intrusion techniques such as tailgating, badge cloning, social engineering at the door, and bypassing poorly secured entry points. We’ll also discuss real-world examples of how small oversights can lead to major security breaches.

Target Audience
Everyone in your organization who is involved with (or interested in) the technical aspects of ethical hacking.
The session lasts 2 hours, accommodates 15 to 25 participants, and can be delivered virtually or on‑site.

Description
This session will go into web application security, specifically focusing on popular attacks that have not (yet) been included in the OWASP top 10. Things like cache confusion and poisoning, race conditions and more

Target Audience
Web app developers
The session lasts 1 hour, can accommodate an unlimited number of participants, and is available virtually, on‑site, or as a mass lecture.

Description
This session will provide a comprehensive deep dive into the security aspects of JSON Web Tokens (JWT), a widely used technology for authentication and data exchange in modern applications. We will explore how JWTs work, why they are so commonly adopted, and what security challenges arise when they are not implemented correctly.

Target Audience
Web App developers
The session lasts 1 hour, accommodates unlimited participants, and can be delivered virtually or on‑site.

Description
This training session’s goal is to teach developers the hacker mindset: A very powerful mindset that always tricks you into thinking out of the box and to view applications from a different perspective. This session is highly interactive with hacking challenges.

Target Audience
Developers
The session lasts 2 hours, can accommodate an unknown number of participants, and is available both virtually and on‑site.

Description
This workshop teaches a subset of the OWASP Top 10 for APIs and Web Applications, going more in depth on access control, injection, system configuration and logging/auditing issues in the context of modern, multi-service web applications and APIs. The first part of the workshop is theory with examples of vulnerabilities, and practical coding- and architectural patterns and best practices to mitigate them. The second part of the workshop is a hands‑on practical session where we use penetration testing tools to attack a vulnerable API.

Target Audience
Web app developers, testers, devops.
The 4‑hour session can accommodate unlimited participants for the theory portion and about six small groups (2‑3 people each) for the practical exercises, and it is available in virtual, on‑site, or mass‑lecture formats.

Description
With the Cyber resilience act going into effect in December 2024, the countdown for compliance to the European Union’s Cyber Resilience Act has officially started.

This training is aimed at everyone in your organization that plays a role in product development. It will explain in detail what the Cyber Resilience Act is, goes over its legislative context and core concepts in a fun and accessible way and helps you make sense of the obligations.
Part awareness, part pragmatic advice, it is continually updated with the latest information and developments from the legislative and standardization process. The training is an excellent first step to prepare your organization for the law that will mandate cybersecurity requirements for software and products containing software.

Target Audience
General audience
The 2‑hour session accommodates an unlimited number of participants and can be delivered virtually, on‑site, or as a mass lecture, offering flexible options to suit your organization’s needs.

Description
With the Cyber Resilience Act coming into effect, organizations that develop digital products must adapt the way they work to meet new European requirements. This training helps development teams understand their role in this transition and how their daily decisions contribute to building and maintaining secure, compliant products.

Building on an introductory session, the training translates the goals of the Cyber Resilience Act into clear expectations and practical habits that support safer product development over time. It provides clarity on what the legislation is trying to achieve, how it affects product teams, and how organizations can prepare for compliance in a structured and realistic way. By connecting legal obligations to everyday responsibilities, the training helps teams contribute confidently to a more resilient and future‑proof organization.

Target Audience
Developers, engineers, architects, ..
The 2‑hour session can accommodate an unlimited number of participants and is offered virtually, on‑site, or as a mass lecture.

Description
The NIS2 legislation took effect in October 2024 and is causing ripples through the supply chain of several industries. Have you noticed an increase in third party security assessments yet?

This training is relevant for general audiences but most relevant for managerial roles. It will explain in detail what the NIS2 Directive is, goes over its legislative context and core concepts in a fun and accessible way and helps you make sense of the obligations.

Target Audience
General audience
The session lasts 2 hours and can accommodate an unlimited number of participants, and it is available virtually, on‑site, or as a mass lecture.

Description
This session aims to be an insightful exploration into the evolving risks associated with AI in general and specifically in Large Language Models (LLMs) and Generative AI (GenAI) applications. To achieve this, we start off with introducing participants to the basic concepts of cyber risk and “threat modeling” in traditional business application development. We will also briefly point to well-adopted open standards and established organizations whose frameworks we can leverage. After laying this essential groundwork, we will dive into some examples of LLM/GenAI-specific vulnerabilities to raise awareness around the risks that businesses face when haphazardly adopting GenAI-powered technologies. Overall, this session is designed to equip you with the basics to help navigate the challenges of deploying and securing AI systems.

Target Audience
Everyone in the organization who is involved with design or delivery of GenAI-based systems.
The 3‑hour session can accommodate an unlimited number of participants and is available in virtual, on‑site, or mass‑lecture formats, allowing flexible delivery to suit your team’s needs.

Description
Threat modeling is often presented as an essential security practice, but rarely does anyone discuss when to declare a threat model “done”, because the uncomfortable truth is that it never really is. This talk explores the paradox at the heart of threat modeling: while threats continuously evolve and systems constantly change, practical security work demands we set boundaries in our analysis and move forward with implementation of the mitigations.

Target Audience
Everyone in your organization who is involved with the software delivery process.
The session lasts 1 hour, can accommodate an unlimited number of participants, and is offered in virtual, on‑site, and mass lecture formats.

Description
This session aims to show that implementing a basic secure API does not have to be a large undertaking as long as you rely on battle‑tested architectures and technologies. We go through the full lifecycle of an HTTP API request using a Django REST framework application as an example, and map the different security activities that are enabled by our choices to activities in OWASP SAMM, and mitigated risks in the OWASP Top 10 lists for web applications and APIs.

Target Audience
Developers and architects on API driven web applications.
The 1 hour session can accommodate an unlimited number of participants and is available in virtual, on‑site, or mass‑lecture formats.

Description
In this awareness session, we will introduce you to the most famous, yet one of the most misunderstood OWASP projects : “The OWASP Top-10”. Learn more about this awareness tool (it’s NOT a standard!) and its applicability to your software product portfolio. If so desired, this workshop can be tailored to your organization if we are provided with output from scanning tools. We will then map the CWE-identifiers from those tools to the OWASP Top-10 and put more focus on the areas that your developers are struggling with the most.

Target Audience
Everyone in your organization who is involved with (or interested in) the technical aspects of software delivery process.
The session lasts 2 hours, can accommodate an unlimited number of participants, and is available in virtual, on‑site, or mass‑lecture delivery formats.

Description
This introduction to threat modeling gives the participants a high-level primer on the core concepts of threat modeling. Participants interested in deepening their knowledge on the topic can enroll in our Threat Modeling Practitioner course ( )

Target Audience
Everyone in your organization who is involved with (or interested in) the technical aspects of threat modeling.
The session lasts 2 hours, accommodates up to 15 participants, and can be delivered virtually or on‑site.

Description
As software development teams increasingly adopt AI-powered tools to accelerate coding, they are introducing a new class of complex security risks. This session provides a comprehensive analysis of the security implications of AI-generated code, moving beyond the hype to examine the tangible vulnerabilities and threats. Drawing on recent research, this presentation demonstrates that while LLMs significantly increase code generation velocity, they consistently produce code with a higher density of security flaws compared to human developers. The session will dissect a critical paradox: developers using AI assistants often perceive their code as more secure, when empirical data shows it is frequently more vulnerable.

We will delve into the root causes of these issues, tracing them back to inherent security-issues within the datasets used to train LLMs and the limitations of current fine-tuning techniques which prioritize plausible output over robust security. Furthermore, the session expands the scope to address broader, systemic risks, including intellectual property leakage, novel supply chain attacks, and the emerging dangers associated with excessive agency in autonomous agentic workflows.

Target Audience
Everyone in the organization who is involved with technical aspects of software delivery automation: development, QA automation, devops, release engineering, …
The one‑hour session can accommodate an unlimited number of participants and is available in virtual, on‑site, or mass‑lecture formats, providing flexible delivery options to suit your team’s needs.

Description
This workshop is intended to give the participant an understanding of techniques employed by hackers, bug bounty penetration testers in the real world when attacking applications that communicate over the web using HTTP(S). Via theory and hands‑on hacking exercises, you will get a peek into the more practical side of cyber security. Without being too overwhelming on the bits-and-bytes-front, it serves as a true eye‑opener for anyone involved in software development, both technical and non‑technical.

The workshop is delivered as an awareness session which does not require the participants to install any tooling. Practical examples will be shown on‑screen with ample opportunity for audience interaction.

Target Audience
Everyone in your organization who is involved with (or interested in) the technical aspects of software delivery process.
The 2‑hour session can accommodate an unlimited number of participants and is available virtually, on‑site, or as a mass lecture.

Description
This session will cover security tooling, threat modeling and how this interacts with SSDLC. Furthermore, the ASVS is used to guide through secure coding best practices and the anatomy of certain vulnerabilities.

Target Audience
Everyone in your organization who is involved with (or interested in) the technical aspects of software delivery process.
The 4‑hour session can accommodate an unlimited number of participants and is available in virtual, on‑site, or mass‑lecture formats.