Black Friday Sale Happening Now! Learn More

Secure Coding and API Hardening: Secure Design, Development, and Threat Modeling

Course Authored by .

Secure Coding and API Hardening: Secure Design, Development, and Threat Modeling with Tanya Janca

In this intensive two-day hands-on training, participants will master the fundamentals and advanced techniques of secure application development and API hardening.

Course Length: 16 Hours

Includes a Certificate of Completion



Enroll Now

WWHF Mile High 2026 - Link at bottom.

Description

In this intensive two-day hands-on training, participants will master the fundamentals and advanced techniques of secure application development and API hardening.

Using a “Bad, Better, Best” methodology, students will analyze vulnerable code, iteratively improve it, and implement robust security controls. The course blends secure coding, API security, secure design concepts, threat modeling, and a tiny bit of incident response to provide a comprehensive foundation for building and maintaining secure software systems. Key tools include VS Code, GitHub, OWASP DevSlop Pixi, Semgrep Community, and 42Crunch IDE plugins.

  • System Requirements
    • Ability to install VS Code extensions
    • Laptop with administrative privileges
    • Visual Studio Code installed
    • Git installed
    • Internet access for GitHub, Semgrep Community, 42Crunch plugin setup
  • Student Requirements/Prerequisites
    • Ability to read and write basic JavaScript or another programming language
    • Working knowledge of the system development lifecycle (SDLC)
    • Laptop with the IDE VS Code (preferred) or Eclipse installed before the class 
    • Free GitHub account
    • Optional but helpful: basic understanding of HTTP, APIs, and common web vulnerabilities

Syllabus

Day 1: Secure Coding & Design Foundations

    • Welcome

    • Secure Coding Fundamentals with “Bad, Better, Best”

    • Break

    • Advanced Secure Coding Practices

    • Lunch Break

    • Live Threat Modeling Workshop

    • Break

    • Secure Design Concepts – Interactive Ideation

    • Incident Response for Developers

Day 2: Hands-On Secure API Design & Hardening

    • Recap

    • API Threats & OWASP API Top 10 (1–5)

    • Break

    • Advanced API Threats & OWASP API Top 10 (6–10)

    • Lunch Break

    • API Best Practices & Tools Overview

    • Break

    • Hands-On API Hardening Workshop

    • Final Q&A & Course Wrap-Up

FAQ

Who Should Take this Class:

Application Developers
Backend and Frontend Engineers
API Developers
DevSecOps and Security Engineers
Software Architects

Audience Skill Level:

Beginner to Intermediate. Basic coding experience is expected. Some familiarity with web technologies, APIs, and development tools (e.g., Git, VS Code) is helpful but not mandatory.

Do I need to be a security expert to take this class?

No. This course is designed for developers and engineers with some experience in software development, but not necessarily in security.

What languages and frameworks will be used?

Primarily JavaScript, Python, and REST APIs (openAPI/swagger), though principles are transferable across languages.

Will we write code or is this lecture-only?

We will review code and discuss code constantly. We will fix API vulnerabilities together on day two. We will use the 42Crunch free plugin with VS Code to analyze the security of an API. You can fix the issues with me, or just watch. If you are not comfortable reading or writing code, you can just follow along. Many students choose to follow along, and that is perfectly ok.

Will I get a copy of the course materials?

Yes. You will receive the code, cheat sheets, and slide decks during the class.

About the Instructor

Pixel splash background
Bio

Tanya Janca, aka SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Secure Coding’, ‘Alice and Bob Learn Application Security’ and the ‘AppSec Antics’ card game. Over her 28-year IT career she has won countless awards (including OWASP Lifetime Distinguished Member and Hacker of the Year), spoken all over the planet, and is a prolific blogger. Tanya has trained thousands of software developers and IT security professionals, via her online academies (We Hack Purple and Semgrep Academy), and her live training programs. Having performed counter-terrorism, led security for the 52nd Canadian general election, developed or secured countless applications, Tanya Janca is widely considered an international authority on the security of software.

This class is being taught at Wild West Hackin’ Fest – Mile High 2026.

For more information about our conferences, visit Wild West Hackin’ Fest!

REGISTER HERE

Clicking on the button above will take you to our registration page

Related products

Shopping Cart

No products in the cart.