Learn to code securely

At Manicode Security 100% of our focus is teaching your developers to write secure code. We bring a combination of passion, style and years of research into all of our education offerings.

Course Catalog

Who is this for?

Any web developer, architect, security professional or other software development professional who is tasked with building secure web applications, web services, or mobile applications should consider our classes.

Learn to secure your applications

The major cause of insecurity is the lack of secure software development practices. This highly intensive and interactive course provides essential application security training for web applications, web services and mobile software developers and architects.

Manicode classes are a combination of lecture, security testing demonstration and code review.

Who are the instructors?

Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also the co-founder of the LocoMoco Security Conference and is an investor/advisor for Nucleus Security, BitDiscovery, Secure Circle and CESPPA. Jim is a frequent speaker on secure software practices and is a member of the JavaOne rockstar speaker community. He is the author of "Iron-Clad Java: Building Secure Web Applications”  from McGraw-Hill. For more information, visit https://www.linkedin.com/in/jmanico. twitter linkedin

Course Catalog

what you will learn

Students will learn how to code secure web solutions via defense-based code samples. As part of this course, we will explore the use of third-party security libraries and frameworks to speed and standardize secure development. We will highlight production quality APIs from various languages and frameworks that provide production quality and scalable security controls.

Manicode offers custom onsite developer training which pulls from the following topics:

  • HTTP Security
  • Injection Defense
  • Authentication
  • Access Control
  • XSS Defense
  • CSP
  • Content Spoofing
  • HTML Hacking
  • Access Control
  • CSRF
  • Clickjacking
  • Applied Crypto Basics
  • Mobile Security
  • SDLC & Architecture
  • App Intrusion Detection
  • Webservice Security
  • HTML5 Security
  • Multi-Form Workflows
  • Intro to Threat Modeling
  • OAuth Best Practices
  • File Upload Security
  • Spring Security
  • Angular Security


Any web developer, architect, security professional or other software development professional who is tasked with building secure web applications, web services or mobile applications should consider our classes.

Students should bring a basic laptop, tablet or smartphone that can read a PDF. The courseware will be distributed digitally. Any standard PC or Mac is necessary for lab-centric classes.

Day 1
9 AM
HTTP Security Basics
10 AM
OWASP Top Ten Overview
11 PM
SQL Injection Defense
12 PM
1 PM
Input Validation Basics
1:30 PM
3rd Party Library Security
2 PM
XSS Defense
3 PM
React Security
3:30 PM
Content Security Policy
4 PM
Cross-Site Request Forgery

Day 2
9 AM
Authentication Best Practices
11 AM
Access Control Design
12 PM
1 PM
API, REST, and Microservices
3:30 PM
File Upload and File IO Security
4 PM
HTTPS/TLS Best Practices