Learn to code securely

At Manicode Security, our sole focus is teaching your developers to write secure code. Our courses blend decades of research, passion, and practical techniques for immediate impact.

Course Catalog

New: AI Security Courses Now Available

Explore cutting-edge courses designed specifically for developers building secure AI systems.

See AI Security Courses

Who is this for?

Any web developer, architect or other software development professional who wishes to build secure web applications, web services, or mobile applications should consider our classes.

Learn to secure your applications

The primary cause of insecurity is the lack of secure software development practices. This highly intensive, interactive, and customizable course provides essential application security training for web applications, web services, and mobile software developers and architects.

Manicode classes are a combination of lecture, security testing demonstration, and code review.

Who are the instructors?

Jim Manico is the founder of Manicode Security, specializing in training developers in secure coding, security engineering, and AI security practices. He is an active investor/advisor with Semgrep, EdgeScan, Nucleus Security, Defect Dojo, RAD Security and others. A recognized speaker and author of "Iron-Clad Java: Building Secure Web Applications", Jim continues to lead industry standards through OWASP initiatives. Connect with Jim via LinkedIn or Twitter.

Course Catalog

what you will learn

Students will learn to create secure web, API and AI applications through defense-oriented coding examples. Our courses also explore trusted third-party security libraries and frameworks, emphasizing practical, production-quality, and scalable security controls across various languages and frameworks.

Manicode offers custom onsite developer training which pulls from the following topics:

  • Identity
  • Authentication
  • Session Management
  • Password Storage
  • Multi-Factor Authentication
  • Access Control Design
  • OAuth 2 Security
  • OpenID Connect Security
  • Web/API Security
  • HTTP Security
  • SQL Injection
  • CSRF
  • Clickjacking
  • HTTPS/TLS
  • 3rd Party Security
  • JSON Web Tokens
  • API Security
  • User Interface
  • File Upload Security
  • HTML & Content Spoofing
  • XSS Defense
  • React Security
  • Vue.js Security
  • Angular & AngularJS Security
  • Content Security Policy (CSP)
  • AI New!
  • AI Security
  • Secure AI Development
  • OWASP Top 10 for LLM
  • AI Model Security
  • Adversarial Machine Learning
  • AI Governance
  • Cryptography
  • Applied Cryptography
  • Secrets Management
  • Fundamentals
  • Digital Signatures
  • Hash Functions
  • Randomness
  • DevSecOps & Cloud
  • Secure SDLC
  • Threat Modeling
  • DevSecOps
  • Docker Security
  • Kubernetes Security
  • Cloud Security
  • Incident Response
  • Introduction
  • Threat Detections
  • Incident Containment
  • Eradication & Recovery
  • ...and more!

WHO SHOULD ATTEND?

Our classes are ideal for developers, architects, security professionals, DevSecOps engineers, and software teams building modern, secure applications and AI-driven systems.

2-DAY CLASS SCHEDULE SAMPLE:
Students should bring a laptop with administrative access. Course materials will be distributed digitally.

Day 1
9:00 AM
HTTP Security Fundamentals
10:00 AM
OWASP Top Ten (2021–2025)
11:00 AM
SQL & Command Injection Defense
12:00 PM
Lunch and Hands-On Lab
1:00 PM
AI for Secure Code Generation
2:00 PM
Third-Party Library Security
2:30 PM
XSS Defense & Content Security Policy
3:30 PM
React & Modern JavaScript Security
4:15 PM
Cross-Site Request Forgery Defense

Day 2
9:00 AM
Authentication & Session Management
10:30 AM
Access Control Design
12:00 PM
Lunch and Hands-On Lab
1:00 PM
Secure AI Development Lifecycle
2:00 PM
API/Microservices Architecture
3:00 PM
File Upload & Deserialization Security
3:45 PM
Threat Modeling