Loading…
← Back to schedule
3-Day Training: AppSec and AI Security for Developers with Jim Manico
Saturday July 26, 2025 9:00am - 5:00pm EDT

To register, please purchase your training ticket here. Training and conference are two separate ticket purchases.

3-Day Training: November 3-5, 2025
Level: Beginner
Trainer: Jim Manico

Description: This three-day security course is designed for software engineers and AppSec professionals who want to tailor their learning experience. Throughout the class, you’ll select the topics that interest you most—ensuring that the content aligns with your individual needs and goals. We’ll honor every participant’s topic requests, so you can dive deeper into the areas that matter most.

Students will choose from the following material:

Core Modules
  • 00-00 Introduction to Application Security (1 hr): Goals and Threats in AppSec
  • 00-01 Input Validation Basics (1 hr): Allowlist Validation, Safe Redirects
  • 00-02 HTTP Security Basics (1.5 hrs): Response/Request Headers, Verbs, Secure Transport Basics
  • 00-03 SOP and CORS (1 hr): Same-Origin Policy, Cross-Origin Resource Sharing Security
  • 00-04 SQL and Other Injections (1.5 hrs): Parameterized Queries, Secure Database Configurations, Command Injection
  • 00-05 Cross-Site Request Forgery (1.5 hrs): CSRF Defenses for Various Architectures
  • 00-06 File Upload and File I/O Security (1 hr): Secure File Upload, File I/O Security
  • 00-07 Deserialization Security (0.5 hr): Safe Deserialization Practices
  • 00-08 Third-Party Library Security Management (1 hr): Ensuring Third-Party Library Security
  • 00-09 Security Logging and Monitoring (0.5 hr): Security-Focused Logging
  • 00-10 Application Layer Intrusion Detection (0.5 hr): Detecting App Layer Attacks
  • 00-11 Threat Modeling Fundamentals (1 hr): Security Design via Threat Modeling
  • 00-12 Forms and Workflows Security (0.5 hr): Secure Handling of Complex Form Workflows

API Security
  • 01-00 API and REST Security (2 hrs): REST Design, XML, XXE, JSON, API Access Control
  • 01-01 Microservice Security (2 hrs): Security Architectures in Microservices
  • 01-02 JSON Web Tokens (JWT) (1 hr): Addressing JWT Security Challenges
  • 01-03 gRPC Security (1 hr): gRPC Security Architecture

Foundations of AI Security
  • 02-00 Introduction to AI Security (1 hr): Overview of AI Security Concepts, Threats, and Mitigations
  • 02-01 OWASP Top 10 for Large Language Model (LLM) Applications (4 hrs): Top 10 Practices for Protecting Large Language Model Applications

AI Secure Development Practices
  • 02-10 AI for Code Creation (1 hr): Exploring the Security Implications of Using AI for Code Generation
  • 02-11 React Security Prompt Engineering (1 hr): Building Secure React Applications with AI

AI Architecture
  • 02-20 Threat Modeling for AI Systems (1 hr): Applying Threat Modeling Methodologies Specifically Tailored to AI Architectures and Pipelines
  • 02-21 Zero Trust Architectures for AI (1 hr): Adapting Zero Trust Principles in Designing and Deploying Secure AI Infrastructure
  • 02-22 Access Control Design for AI (1 hr): Building Access Control in Vector Database AI Systems
  • 02-23 AI for UI Development (1 hr): Building Access Control in Vector Database AI Systems
  • 02-24 AI Model Updates and Patching (1 hr): Best Practices for Securely Updating and Patching Deployed Models, Especially in Response to Emerging Threats
  • 02-25 Self Hosted Models (1 hr): Strategies for securely deploying and operating self-hosted LLMs and vector stores

AI Adversarial Techniques
  • 02-30 Adversarial Machine Learning (1 hr): Understanding and Mitigating Adversarial Attacks on AI Systems
  • 02-31 Red Teaming AI Systems (1 hr): Conducting Adversarial Testing and Red Teaming for AI Systems to Identify Vulnerabilities and Resilience

AI Supply Chain
  • 02-40 Integrating AI in Software (1 hr): Security architecture patterns, risks, and mitigation strategies for integrating LLMs and AI APIs into real-world applications
  • 02-41 Hugging Face OSS Model Security (1 hr): Securing the Hugging Face Ecosystem
  • 02-42 AI Model Drift and Security Monitoring (1 hr): Strategies for Monitoring Models in Production to Detect Security Drift and Performance Degradation Over Time
  • 02-43 AWS Bedrock (1 hr): Securely using AWS Bedrock to access and manage foundation models
  • 02-44 PySpark Security (1 hr): Securing large-scale data pipelines with PySpark

AI Regulatory and Ethical Frameworks
  • 02-50 Differential Privacy (1 hr): Principles and Practices for Ensuring Privacy and Ethical AI Usage in Business Environments
  • 02-51 European Union AI Act (1 hr): Detailed Examination of the EU AI Act and Its Implications for AI Development and Deployment

Standards
  • 03-00 OWASP Top Ten (1-4 hrs): Top Ten Web Security Risks
  • 03-01 Introduction to GDPR (1 hr): European Data Privacy Law
  • 03-02 OWASP ASVS (1 hr): Comprehensive Secure Coding Standard
  • 03-03 OWASP Top Ten Proactive Controls (1 hr): Web Security Defense Categories
  • 03-04 PCI Secure SDLC Standard (1 hr): Credit Card SDLC Requirements

User Interface Security
  • 04-00 XSS Defense (2 hrs): Client-Side Web Security
  • 04-01 Content Security Policy (1 hr): Advanced Client-Side Web Security
  • 04-02 Content Spoofing and HTML Hacking (0.5 hr): HTML Client-Side Injection Attacks
  • 04-03 React Security (1 hr): Secure React Application Development
  • 04-04 Vue.js Security (1 hr): Secure Vue.js Application Development
  • 04-05 Angular and AngularJS Security (1 hr): Secure Angular Application Development
  • 04-06 Clickjacking (0.5 hr): UI Redress Attack Defense
  • 04-07 Flutter Security (0.5 hr): Flutter Security Basics

Identity & Access Management
  • 05-00 Authentication Best Practices (1.5 hrs): Web Authentication Practices
  • 05-01 Session Management Best Practices (1.5 hrs): Web Session Management Practices
  • 05-02 Multi-Factor Authentication (1 hr): NIST SP-800-63 Compliant MFA Implementation
  • 05-03 Secure Password Policy and Storage (1 hr): Secure User Password Policy and Storage
  • 05-04 Access Control Design (1 hr): ABAC/Capabilities-Based Access Control
  • 05-05 OAuth2 Security (1 hr): OAuth2 Authorization Protocol
  • 05-06 OpenID Connect Security (1 hr): OpenID Connect Federation Protocol
  • 05-07 Brute Force Defense (0.5 hr): Stopping Brute Force Attacks

Crypto Modules
  • 06-00 Secrets Management (1 hr): Key and Credential Storage Strategies
  • 06-01 HTTPS/TLS Best Practices (1 hr): Transport Security Introduction
  • 06-02 Cryptography Fundamentals:
  • 06-02-00 Terminology and Basic Concepts (1 hr): Understanding Key Terms in Cryptography
  • 06-02-01 Steganography (1 hr): Techniques for Concealing Information
  • 06-02-02 Cryptographic Attacks (1 hr): Common Attacks and How to Defend Against Them
  • 06-02-03 Kerckhoffs's Principle and Perfect Forward Secrecy (1 hr): Fundamental Principles in Cryptographic Security
  • 06-02-04 Hash Functions (1 hr): Importance and Use Cases of Hash Functions
  • 06-02-05 Symmetric Cryptography (1 hr): Understanding Symmetric Key Algorithms
  • 06-02-06 Randomness in Cryptography (1 hr): Role and Generation of Randomness
  • 06-02-07 Digital Signatures (1 hr): Ensuring Integrity and Authenticity in Digital Communications

Process
  • 07-00 DevOps Best Practices (1 hr): DevOps and DevSecO
Speakers
avatar for Jim Manico
Saturday July 26, 2025 9:00am - 5:00pm EDT
  3-Day Training

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2025. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning App Privacy Terms
Share Modal

Share this link via

Or copy link