Security training


Secure Software Engineering Training

The expert-led approach to shifting security left with software engineers

Modern application security begins with an understanding of the attackers’ mindset and methodology. WithSecure’s training for software engineers pairs hands-on labs and learning material on our proprietary Playground platform with direct coaching from industry-leading experts in application security.

  • Strategies and tactics to prevent and all major threats facing modern applications (OWASP Top 10 and beyond)
  • Developers, Engineers and QA Experts will learn to integrate security into the software development lifecycle (SDLC) from the very beginning

Fully-fledged sandbox environments

Secure Software Development Training is built on Playground, our cloud-based training platform. Unlike training labs built for limited purposes, Playground provides a complete simulated environment. This means that when developers learn to hack and secure with us, they are gaining real world experience. Our training is hands-on, engaging, and never feels artificial.

Playground is real hacking done safely.

Secure software engineering training

Proven learning foundations

On demand learning

Our training course for developers is inspired by the training we developed to turn WithSecure consultants into world-leading experts in application security.  The course requires no specific background in security, and each stage prepares learners with the skills they need to tackle the next.

Can be completed at a candidate’s own pace.

A manager dashboard provides a granular overview of each learner’s progression

Participants earn certificates based on level of engagement and achievement, which can be externally verified here.

Expert-led instruction

We believe that long-lasting changes to developer practice require elements of human-led and team-centric training. This is why all our packages enhance on-demand learning with human-led instruction. All training sessions are led by WithSecure consultants, who are experts in the subject, having delivered application security testing and advise to governments, fortune 500 companies, and the EU’s largest banks.

Topical team-building exercises

Shifting security left means creating a culture of security among developers and engineers. Changes in team culture require team-based activities, which is why Capture The Flag (CTF) tournaments incorporating current challenges are central to our learning packages. A live dashboard allows teams to track their progress against others as they race to claim the flag.

Bring teams together to solve security challenges

Select scenarios that accurately reflect challenges facing your business

Have fun (we love delivering capture the flags). With an element of light competition thrown in, these are the ideal centerpiece for team away days.

What can you achieve?

Create a culture of security-first development

Security culture can’t be created from remote exercises alone, which is why our training packages include in-person instruction and team building capture the flag tournaments.

Never compromise on agility

Software Engineers, Developers, Coders and QA Engineers are too valuable to be slowed down. We enable them to integrate security into their work so you don’t have to block their progress.

Reduce downtime for your business-critical applications

Few vulnerabilities mean more robust and resilient applications. Essential when your business relies upon them.

Our approach

The Course


Cover the OWASP Top Ten and beyond.

Developers and Engineers learn how to analyze applications from the perspective of a hostile adversary.

Topics include:
  • Authentication and access control (e.g. preventing URL brute forcing, username enumeration & password guessing)
  • Client-side attacks including Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF)
  • Injection attacks
  • Correct use of cryptography
  • Preventing the exposure of sensitive data
  • Managing and reducing exposure to vulnerabilities in third party components
  • Using JSON web tokens
  • Mitigating risk from parsing XML documents
  • Safe interaction of applications and filesystems

Our philosophy

The most secure code is written by those that know how it could be attacked. We not only teach people what to do: we teach them why they need to do it. We focus on security strategies, which developers can then apply flexibly to whatever languages and frameworks they are working with, and in any situation. Our training is designed to be engaging so that developers want to complete the courses and retain what they learn.

Our packages

Instructor-led packages are designed to meet your specific security needs.  You can access a full brochure outlining our training packages below.

Book a demo today

Complete the form, and we'll be in touch as soon as possible.

Our accreditations and certificates