Loading…
← Back to schedule
2-Day Training: Secure Coding That Sticks: From Bad Code to Secure Design
Tuesday November 3, 2026 9:00am - 5:00pm PST
TBA
1-Day Training: November 4, 2026
Level: Intermediate
Trainers:Tanya Janca

To register, please purchase your training ticket here. Training and conference are two separate ticket purchases.

Most developers have heard security advice before. The problem is, it rarely translates into what to actually do when you're writing code.

This two-day, hands-on training focuses on building secure coding skills that work in real life. Attendees learn how to recognize insecure patterns, fix them, and replace them with practical, repeatable approaches they can apply immediately. As AI-generated code becomes the norm, the ability to read code critically, spot security issues, and fix them confidently has never mattered more. This training builds this exact skill.

Day One covers secure coding fundamentals across the areas where vulnerabilities happen most often: input and output handling, data and secrets protection, authentication and authorization, infrastructure and application safety, resilience, supply chain risks, logging, and operational practices. Each topic is taught using a Bad / Better / Best approach, with real code examples and hands-on exercises so participants can clearly see what insecure code looks like, how it fails, and how to fix it properly.

Day Two applies those skills to APIs using the OWASP API Security Top 10. Participants work through each category of vulnerability using practical examples, learning how issues like broken object-level authorization, SSRF, and unsafe API consumption actually show up in code and how to remediate them effectively.

In the final section, the training moves into secure design. Attendees are introduced to core design principles and guided through a live threat modeling exercise, where they identify assets, trust boundaries, and risks in a realistic system, then prioritize and propose mitigations.

Attendees leave with 42 actionable secure coding rules, hands-on experience with the OWASP API Security Top 10, and a practical threat modeling approach they can use immediately. The goal is not a list of things to memorize. It's a new way of thinking about code and your everyday work.
Speakers
avatar for Tanya Janca

Tanya Janca

Security Trainer and Founder, She Hacks Purple & DevSec Station
Tanya Janca, known online as SheHacksPurple, is the best-selling author of Alice and Bob Learn Secure Coding and Alice and Bob Learn Application Security. She is the founder of DevSec Station, a modern learning platform and community built to help software developers master secure... Read More →
Tuesday November 3, 2026 9:00am - 5:00pm PST
TBA
  2-Day Training

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Conference Scheduling Software Privacy Terms
Share Modal

Share this link via

Or copy link