Close Cookies Alert

This website uses cookies to learn and improve. More info in our Privacy Policy.

Secure Development Lifecycle Training

Application security course for software developers. This secure software development training teaches secure app design concepts and presents the most widespread security issues, including OWASP Top 10.

Developer Application Security Training

All software has security bugs, yet some software is harder to hack than others. With appsec training for developers, we help custom software development companies that understand the importance of security training integrate cyber security in their development projects.

Training Details

Course level

Beginner to Intermediate


Four three-hour long sessions over two weeks


Private recordings available on YouTube


English, Ukrainian or Russian



2,400 EUR (ex. VAT) for a group of 15-25 students

Suitable for

Suitable for

Software companies willing to produce secure digital solutions.

Feedback & Support

Feedback & Support

Private chat to interact with trainers during and after the course.

Why do Developers Need Application Security Classes?

It is not simple to describe the need for security training in software development for one main reason: application software is all about features. Features make software products useful, and they are easy to demonstrate to customers. Unlike security, which is virtually invisible.

The obscurity of security threats is the main reason applications get hacked, leak sensitive information, and cause massive user data breaches. Any application can be hacked: from a small business mobile app to the largest Software as a Service provider in silicon valley. We help companies in the software industry learn from the best application security sources of information with a secure development training online course.

Training Program

The Secure Development Lifecycle Training course covers the material recommended by the Open Web Application Security Project (OWASP) Software Assurance Maturity Model (SAMM) and goes far beyond. With this course, we help you implement five crucial Application Security practices into your Software Development Lifecycle:

  • Training and Awareness

    Learning about security engineering principles, application security basics, and appsec practices. More about this practice.

  • Secure Architecture Design

    Establishing the basis for an efficient, secure software development lifecycle. More about this practice.

  • Application Threat Modeling

    Identifying application threats and defining software security requirements. More about this practice.

  • Secure Coding Practices

    Learning main security issues and vulnerabilities and how to prevent them in your code. More about this practice.

  • Application Security Testing

    Verifying security requirements, finding and fixing application security vulnerabilities. More about this practice.

The training consists of theoretical and practical sessions. All students participate in a practical Threat Modeling session and practice Security Testing and Code Review in the online labs.

Training Benefits

High Developer Engagement

We keep the audience engaged by applying hands-on training. Practical tasks keep the students excited and help them better absorb the information.

Only Crucial Security Practices

We share the knowledge we are practicing day-to-day: no theorizing or “best practice” mumbo-jumbo, only the practical stuff.

OWASP SAMM Methodology

We use the OWASP SAMM in our Application Security consulting services and security awareness training for developers.

No Prior Knowledge Required

We offer the training to software development teams, so there are no specific requirements for information technology professionals.

We know how to break security, we know how to make breaking it harder, and we love sharing our knowledge. Our developer security training teaches developers how to build systems that are harder to break. After all, in the security profession, all fun comes from challenges and knowledge sharing.

Serhii Korolenko


OSCP, Senior Consultant & Training Lead

Training Schedule

Day 1

Introduction to Cyber & Application Security

#cybersecurity #cyberattacks #hackers #vulnerability #risk

Day 2

Security Architecture & Threat Modeling

  • Secure app design and secure application protocols.
  • Fundamental security engineering principles.
  • Secure Software Development Lifecycle (SDL) and Application Security practices.
  • OWASP Software Assurance Maturity Model (SAMM).
  • A practical Threat Modeling session OWASP Threat Dragon and Elevation of Privilege.

#threatmodeling #sdl #samm

Day 3

Security Testing

  • Security requirements testing and third-party penetration testing.
  • Demonstration of common vulnerabilities:
    Injections, Cross-Site Scripting, Broken Access Control, sensitive data exposure, and components with known vulnerabilities.
  • OWASP Testing Project and OWASP Web Security Testing Guide (WSTG).
  • A practical security testing session in PortSwigger Web Security Academy.

#securitytesting #wstg #portswigger

Day 4

Secure Development

  • Security requirements and secure coding techniques.
  • Software supply chain vulnerabilities and securing application dependencies.
  • Secure coding practices and code review tools in different programming languages.
  • OWASP Application Security Verification Standard (ASVS).
  • A practical code security review session in OWASP Secure Flag.

#codereview #asvs #secureflag

Start building more secure and reliable software: enroll your development team for application security training – online.


The Developer Application Security Awareness Training is taught by the BSG appsec experts. Our tutors hold top professional certificates, excel at public speaking, and maintain up-to-date knowledge in AppSec practices. They have vast experience in cybersecurity and information technologies and were involved in projects with the most successful software companies in the world.

Andriy Varusha
Andriy Varusha

Co-founder & COO CISSP

BSG services, operations, and quality leader.
IT auditor and cybersecurity consultant.

Andriy Varusha
Co-founder & CSO

Andriy is an accomplished manager with 10+ years of experience in various industry verticals. He has started his IT audit and consulting career and continued in enterprise IT and custom software development services.

Andriy has experience in leading customer relationships within the US, UK, and Western Europe geographies, responsible for distributed teams and permanent engagements of different scales.

Andriy has stood at the root of the Ukrainian cybersecurity professional community and has joined BSG to advance his contribution to the cybersecurity industry's development.
At BSG, Andriy acts the Chief Services Officer and a security consulting practice lead.
Serhii Korolenko
Serhii Korolenko

Security Consultant, Training Lead


Penetration tester. CFT game master. OWASP Kyiv chapter leader.

Serhii Korolenko
Security Consultant, Training Lead

Serhii is an information security professional with vast experience in Application Security and Penetration Testing. He manages the full spectrum of appsec and pentesting engagements in the BSG portfolio.

As the BSG Training Lead, he is always up to date on the latest security trends and is passionate about organizing conferences and speaking publicly. He presented and volunteered at BruCON, OWASP Ukraine, NoNameCon, and TestingStage, among many others.

Serhii is fond of sports videogames and loves riding the drone and taking footage of his picturesque travels.

Our Certificates


Berezha Security conducted the IT training of the employees of the bank. The team explained the latest cybersecurity trends and approaches to effectively overcoming the SDLC processes in our company. We appreciate the approach of lectures to get over complex topics easily. And the vulnerabilities of desktop software applications were the most useful demonstration for them. Altogether, the team did an enormous job.

Viacheslav Viskushenko

Information Security Manager, Crédit Agricole Ukraine

The audience remained highly engaged all the time during the workshop. The trainer's delivery radically differed from what we expected based on our observations during the selection process or after previous experience with CBT security awareness courses. As a result, the audience has learned a lot and was able to clear out every pre-existing ambiguity in the corporate security requirements and countermeasures with a professional third-party expert.

Evgeniy Gubanov

COO, Brightgrove


Do you use OWASP Top 10 in training? Is there a separate SAMM training?

No secure application development training could avoid using materials from OWASP projects. OWASP SAMM is the main basis for this course. We use OWASP Top 10 to demonstrate the application security attack model, present the concept of risk, and introduce common application vulnerabilities. We also use other OWASP standards and guidelines in the course: Web Security Testing Guide and Application Security Verification Standard, among others.

Why should developers learn application security?

The cost of implementing security into a software product grows with time. It is never too late, but the later you start – the more expensive it will be. Fixing security bugs in a final release is the worst, as it might require rebuilding parts of the application from scratch. Using secure development practices from the start allows fixing security vulnerabilities before they even exist.

How do developers benefit from taking the course?

Engineers believe that systems are secure by default. In reality, no software is completely bug-free. Securing the software requires a basic understanding of application security. And security awareness is what this course is about.

Do you provide secure coding training for developers?

Our application security training for software developers covers the five crucial application security practices that all software development teams should follow. These practices are Application Security Training and Awareness, Secure Architecture Design, Application Threat Modeling, Security Testing, and Secure Coding. We could provide a specific secure code development training upon request.

Is the training online or in-person?

It’s either of those. Our security experts deliver this training, and we prefer to do it in person to fully involve the students in the process. Due to the pandemic, though, we had to go online. We record all sessions, so students can review them if they missed a lesson.

What is the course language?

This secure development training course can be delivered in English, Ukrainian, or Russian.

Does this course have a test or certificate?

As it is a corporate awareness type of training, we do not provide a final test or certificate. Instead, we prepare a course completion report that attests that the development team has attended the training. This attestation is usually enough to provide to an inquiring third party.

How long does the course take?

The course has five sessions, two to three hours each. We prefer to span two weeks: we have three classes in the first week and two sessions during the second. We recommend our clients schedule the training in the morning hours for better team productivity.