Learn to code securely

At Manicode Security 100% of our focus is teaching your developers to write secure code. We bring a combination of passion, style and decades of research into all of our education offerings.

Course Catalog

Who is this for?

Any web developer, architect or other software development professional who wishes to build secure web applications, web services, or mobile applications should consider our classes.

Learn to secure your applications

The primary cause of insecurity is the lack of secure software development practices. This highly intensive, interactive, and customizable course provides essential application security training for web applications, web services, and mobile software developers and architects.

Manicode classes are a combination of lecture, security testing demonstration, and code review.

Who are the instructors?

Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also the co-founder of the LocoMoco Security Conference and is an investor/advisor for Nucleus Security, BitDiscovery, Secure Circle and Inspectiv. Jim is a frequent speaker on secure software practices and is a member of the JavaOne rockstar speaker community. He is the author of "Iron-Clad Java: Building Secure Web Applications”  from McGraw-Hill. For more information, visit https://www.linkedin.com/in/jmanico. twitter linkedin

Course Catalog

what you will learn

Students will learn how to code secure web solutions via defense-based code samples. As part of this course, we will explore the use of third-party security libraries and frameworks to speed and standardize secure development. We will highlight production quality APIs from various languages and frameworks that provide production quality and scalable security controls.

Manicode offers custom onsite developer training which pulls from the following topics:

  • Authentication
  • Session Management
  • Password Storage & Policy
  • Multi-Factor Authentication
  • Access Control Design
  • OAuth 2 Security
  • HTTP Security
  • SQL Injection
  • CSRF
  • Clickjacking
  • 3rd Party Library Security
  • JWT
  • Microservice Security
  • File Upload Security
  • HTML Hacking
  • XSS Defense
  • React Security
  • Vue.js Security
  • Content Security Policy
  • Subdomain Takeover
  • Applied Cryptography Basics
  • Mobile Security
  • SDLC & Architecture
  • Threat Modeling
  • API Security
  • DevSecOps
  • ...and more!


Any web developer, architect, security professional, or software development professional tasked with building secure web applications, web services, or mobile applications should attend our classes!

Students should bring a basic laptop with admin access. The courseware will be distributed digitally.

Day 1
9 AM
HTTP Security Basics
10 AM
OWASP Top Ten Overview
11 PM
SQL Injection Defense
12 PM
Lunch and Lab
1 PM
Input Validation Basics
1:30 PM
3rd Party Library Security
2 PM
XSS Defense
3 PM
React Security
3:30 PM
Content Security Policy
4 PM
Cross-Site Request Forgery

Day 2
9 AM
Authentication Best Practices
11 AM
Access Control Design
12 PM
Lunch and Lab
1 PM
API, REST, and Microservices
3:30 PM
File Upload and File IO Security
4 PM
Threat Modeling Basics