Comment on page
Secure Development Trainings
version 2023.01
Hello there 👋
The blog and the secure development trainings have been moved to our main websites, so this space will not be updated anymore. Our presentations and talks will still be on this space till we migrate them also.
Enjoy, and check out our new website @ https://www.dcodx.com
As our motto is "break it, fix it", our trainings fully reflect our philosophy. Our students will explore different aspects of secure coding, switching from adopting the hacker mindset to adopting a more defensive approach. Our courses are based on the industry standards such as OWASP (ASVS, the OWASP Top 10, MASVS), MITRE ATT&CK, and D3FEND.
If you are looking for real hands-on DevSecOps and Secure Coding training, you are in the right spot.
Our trainings are fully hands-on. We develop our own labs, based on what we encounter during pentests and real-life attacks. Complexity can vary depending on the starting knowledge of the students. Labs will be provided with full source code as students will need to read the code, detect the issues and fix them.
Our courses combine the power of GitHub , Docker and VSCode to provide our students with a hassle-free setup. We want to spend time learning, hacking, coding, and fixing and not debugging environment issues.
Base tool set used during the trainings
We always provide a personal Certificate of Completion to our students. Each certificate has a unique ID to verify its authenticity.
Certificate of Completion sample
We offer training exams to test your knowledge and show your skills. Our exams are based on real use cases and tasks DevSecOps will go through in their job:
- Peer Review and security fixes
- Fix vulnerable dependencies
- Create secure pipelines and automate security
We will never ask you to create a report, but instead, you will:
- open pull requests in GitHub
- commit actual code to fix vulnerabilities
- automate security tools like SemGrep and other open-source software
Exam Duration
24 hours
Review and results
Each exam will have a different scoring system, explained during the course. An expert from DCODX will review the results and score the challenges.
Onsite delivery can be organized with one or a few of our trainers, depending on the number of attendees. We can come to you to host one or more days at your facility or we can get everything arranged for you, including the location.
We are aware of both benefits and challenges that online trainings bring to the table. While they enable trainees to join from everywhere in the world, it also allows for less engagement and attention. That is why we experimented with different ways of teaching online and finally found a good formula to keep engagement and attention high while having fun.
The online trainings we provide, use the following vetted format:
- Main stage: every topic will be presented on the main stage (everybody together), where the trainer will share slides, practical examples, and links that will be useful during the practical exercises
- Breakout rooms: after each main topic, the trainees will be divided into groups to solve a clear assignment (20 to 40 mins). This could be a code fix or a threat model exercise.
- Groups presentation: One main stakeholder from each group will share their results and thoughts with the other groups and the trainer after each breakout room session. A discussion will follow.
- Final technical quiz: We create a fun and engaging competition using Kahoot or similar tools, to go over the topics explained and have some fun.
Last modified 3mo ago