I believe that the key to appsec is to close the gap between
devs and security professionals.
Secure development is an organizational issue, and the most important members of the game are developers.
When developers start thinking as hackers, and pentesters start to see things through a developer's eye a much
more secure development-culture emerges.
Student feedbacks
"The exercises were fun, we touched a lot of topics, talked about useful sources which can be used in the
future for security review"
"As a coder, you are taught to code defensively, and be paranoid. But seeing the vulnerabilities exploited in
practice is a real eye opener."
"Helped a lot to learn about security problems, I can use it in daily work when developing the JS application
of our product. Also I can use these in other fields."
Currently here you can order Java, PHP, and .Net courses. If you are interested in more specific or special
courses by me (or by others) visit https://def.dev!
Courses and prices
2 days Java course
Covers the basics that every Java developer should definitely know.
Methodology: The minimal necessary theory presented with Java code examples and
a lots of labs. During the labs we will work on vulnerable Java apps, we gonna exploit them, fix them and than
check the fixes.
Available both online and offline in English and in Hungarian
3000
per course
3 days Java course
Covers the basics and some more advanced or special stuff.
Max group size: 15
Topics covered: As in the 2 days course + audience picks additional topics
according to their needs from these : Basics of Crypto, Java Security Manager, Spring specifics, Security at
the Organizational Level (SSDLC), OAuth, OpenID connect, Dynamic testing basics (OWASP ZAP, BURP, Nikto,
Nessus, SQLmap, ...), SAST (Static Code Analysis) basics (SonarQube, Semgrep, Snyk, Find Security Bugs, ...)
Methodology: As in the 2 days course.
Available both online and offline in English and in Hungarian
3600
per course
Courses and prices
2 days PHP course
Covers the basics that every PHP developer should definitely know.
Methodology: The minimal necessary theory presented with PHP code examples and
a lots of labs.
Available both online and offline in English and in Hungarian
3000
per course
3 days PHP course
Covers the basics and some more advanced or special stuff.
Max group size: 15
Topics covered: As in the 2 days course + audience picks additional topics
according to their needs from these : Basics of Crypto, Security at
the Organizational Level (SSDLC), OAuth, OpenID connect, Dynamic testing basics (OWASP ZAP, BURP, Nikto,
Nessus, SQLmap, ...), SAST (Static Code Analysis) basics (SonarQube, Semgrep, Snyk, Find Security Bugs, ...),
Code-review of audience's own code
Methodology: As in the 2 days course
Available both online and offline in English and in Hungarian
3600
per course
Courses and prices
2 days .NET course
Covers the basics that every .NET developer should definitely know.
Max group size: 15
Topics covered: Injections, Path traversal, File upload / download, URLs, XXE,
CSRF, OSRF, Same origin policy, Authentication and authorization schemes, XSS, HTML5, HTML security headers,
Serialization vulnerablilites, .NET specifics (var, dynamic, unsafe, checked, random generators), Race
Conditions, Threads in .NET.
Methodology: The minimal necessary theory presented with .NET code examples and
a lots of labs.
Available both online and offline in English and in Hungarian
3000
per course
3 days .NET course
Covers the basics and some more advanced or special stuff.
Max group size: 15
Topics covered: As in the 2 days course + audience picks additional topics
according to their needs from these : Basics of Crypto, Security at the Organizational Level (SSDLC), OAuth,
OpenID connect, Dynamic testing basics (OWASP ZAP, BURP, Nikto, Nessus, SQLmap, ...), SAST (Static Code
Analysis) basics (NuGet analyzers, Semgrep, Snyk, ...)
Methodology: As in the 2 days course.
Available both online and offline in English and in Hungarian
3600
per course
Prices are per course. The price is the same for 1 person, and for 15. I do not announce courses in advance, only
negotiate them if need arises. That's how I can keep prices low.
A two days course can be done in two whole days, or in 4 half-days (similarly for 3 days courses). Days (or
half-days) can be consecutive or can be one per week.
