Training the world's developers on application security
Take a proactive approach to modern software security risks to engage your developers with hands-on workshops, educational awareness sessions, and educational books citing secure coding best practices
Educate your developer team on supply chain security and Node.js security topics
Node.js Secure Coding
Focus on command injection and path traversal vulnerabilities. Participants will get acquainted with real-world, vulnerable code of open source npm packages that were identified via CVEs. They will learn how to recognize patterns of vulnerable code, and best practices to mitigate these sets of vulnerabilities. We can focus on one of command injection or path traversal, or encompass both in order to provide a broader spectrum of patterns and cases. The session includes an intro for AppSec fundamentals and an outro for continued education and other resources at their disposal.
The Mechanics of Malicious Packages
A deepdive into supply chain security incidents with a focus on malicious packages - analyzing real incidents and stories behind them in the JavaScript / npm packages, analyzing vulnerable code, understanding the threat landscape from developer's to SCM, to CI, to public registries such as npmjs and pypi. Participants will have an increased awareness and secure mindset when working in the open source ecosystems (dependencies, docker container images, github actions) and will be presented with best practices and tools to help them combat against these threats.
Open Source and JavaScript Security Controls
Software supply chain security risks are ever-increasing, and if this wasn’t worrying enough, attacks have been sharpened to target developers and their ecosystems. From dependency confusion attacks, spearheaded malicious code backdoors in open source packages, and compromising your build pipelines infrastructure. The security risks prevalent in open source libraries and ecosystems pose an imminent threat to developers. What are some software security controls we can apply for a better security posture? Participants will have a broader understanding of the risks of open source software, from malicious packages to other security risks involved with open source software.
Looking to train your team on a different topic? Let's chat!
Companies Share Their Success
Read testimonials from companies such as Taboola and others who have taken security training and educational books and experienced successful engagement and security uptick awareness in their teams.
Meital Eli Mur
InfoSec Compliance Leader at Taboola
I had the pleasure of planning and hosting a session on Open-Source Security & Secure Coding, delving into the vital intersection of development and security. In today's interconnected world, it's crucial to fortify our development against evolving threats. The enthusiastic engagement and insightful discussions during the training showcased a collective commitment to raising the security bar in our projects. A huge thank you to Liran Tal for sharing his expertise and empowering our teams with a great Security Development Training! 🙏
#1: Educate Your Developers and Security Teams
📖 🦄 🎓
35 copies of the Node.js Secure Coding book
Hand-out book copies of the Node.js Secure Coding book in digital edition (PDF and EPUB) to your teams around the world
Empower your team with a comprehensive understanding of Command Injection security vulnerabilities in Node.js applications and their impact on your business
Support your developers technical career growth and broaden their skill-set with valuable and positive business impact that builds secure coding practices experience
#2: Technical Expert Session
🎸 🔉
60 minutes with Liran Tal in-person or remote session
Host a technical expert session with me about a topic of your choosing
How to get involved in the Node.js project? Interested in open-source security & supply chain security stories? Developer Relations, open-source communities and more
#3: Evaluate Your Developers Skills and Engage in Fun Quizzes
🤝 ✅ 🤝
33 Questions to Test Your Knowledge
33 Yes-No and multiple answers questions to engage your developers in a fun and educational way
Open-ended questions to encourage your developers to think about security and how it impacts their work
Code quizzes to evaluate your developers knowledge and understanding of security best practices
Business Plans
Rollout secure coding practices to your development and security teams in meaningful and engaging ways
Learn Secure Coding
Educate your developer, ops and security teams with secure coding knowledge and help promote their technical career path
- 60 minutes live session with Liran Tal on secure coding, supply chain security or other security topics with your R&D team
- 5 free complimentary digital edition copies of the Node.js Secure Coding book
Practice Secure Coding
Engage your developer and security teams in meaningful interactions that instill secure coding knowledge and awareness
- 1/2 half day hands-on practical workshop with Liran Tal on secure coding with your R&D team. We learn by hacking and fixing code together!
- 12 free digital edition copies of the Node.js Secure Coding book
- 35% OFF
Take a peak in the book
Note that many of the book chapters and headlines were removed or redacted in this freely available public book preview version.