Real-World Security Training


On Demand



Training Objectives

Aimed at Web Application Developers and DevOps professionals, the 2-day course provides a holistic approach to understanding modern web attacks and defences. Attendees will learn how to ‘think securely’ and to build secure software by using modern CI/CD approaches, integrating security as part of the development process and becoming antifragile.


The training course is delivered over two days with day one covering attack and day two covering defence. Optionally, the training can be extended to three days to additionally cover the integration of tools and their automation.

Experiential learning methods ensure that participants gain physical, real-world understanding of what is being taught. Attendees will undertake guided, practical work and achieve the following outcomes by the end of the training:

  • Understand the overall security landscape
  • Understand and perform web application attacks against a deliberately vulnerable application (Damn Vulnerable Java App – DVJA)
  • Understand how to fix and mitigate the attacks performed at code level
  • Experience an end to end CI/CD pipeline when their fixes are once committed are auto-deployed to the application server
  • Perform and tackle continuous security assessments with integrated security tooling


To enable a 100% hands-on practical our training methodology incorporates multiple technical and educational artefacts.
For this purpose we will be using a specially built virtual machine which includes the following:

  • A vulnerable application hosted on a Java Application Server
  • Git based version control software
  • Jenkins for CI/CD pipelines
  • Integrated code editing environment to automate code commits to deployment

What attendees need to know

Ideally attendees will have knowledge of the following (but the course can be adapted to cover knowledge gaps):

  • Basic idea of web and HTTP
  • Familiarity with the command line in the OS of their choice
  • Basic idea of networking
  • Familiarity with Docker containers


To attend this course, attendees need a device with a modern OS capable of installing the following:

  • Visual Studio Code (Free and Open source)
  • Running Virtualbox and importing virtual machine
  • SSH client

Tailoring this course

To deliver maximum value this training can be tailored to:

  • The primary programming language used by your developers
  • The frameworks you use
  • The CI/CD tool of your choice
  • Your already existing vulnerability management system

Course outline


  • Introduction: State of the nation
  • Unit 1: Secure thinking
  • Unit 2: Common vulnerabilities


  • Unit 3: Secure coding practices
  • Unit 4: Building security in, becoming antifragile
  • Time for questions and discussions

Ways to attend this course

Private Team Training

We can provide this course for multiple individuals within a team or across an organisation. The training content can be tailored specifically to your project or your team’s skill gaps.
Get in touch to find out more.

Enquire now

About the trainers

DevSecOps Leader, DevSecCon
Automation Security Ninja, Appsecco
Director, Appsecco

Enquire now

I'm interested in: Real-World SecuritySecurity in the CloudDocker Security and Orchestration WorkshopPractical DevSecOps - Continuous Security in the age of cloud

This website uses cookies to ensure you get the best experience on our website More info

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.