Secure Coding Education
At Manicode Security, we teach both developers and AI systems to write secure code. Our live and downloadable courses combine decades of research, passion, and hands-on techniques for immediate impact. We also offer 580+ AI prompt topics tuned for Claude, GPT, Gemini, Grok, and Copilot that train your AI to generate secure code by default.
Course Catalog AI Prompt LibraryLive Training & AI Security Courses
Learn to secure your applications
The primary cause of insecurity is the absence of secure software development practices. Our intensive, interactive, and customizable courses deliver essential application security training for web, services, mobile developers and architects. We also provide AI-focused training and prompt packs, helping teams and AI systems build security in from the start.
Manicode classes are a combination of lecture, security testing demonstration, and code review.
Web Apps
Web Services
Mobile Apps
Native Apps
Who are the instructors?
Jim Manico is the founder of Manicode Security, specializing in training developers in secure coding, security engineering, and AI security practices. He is an active investor/advisor with Semgrep, EdgeScan, Nucleus Security, Defect Dojo, RAD Security and others. A recognized speaker and author of "Iron-Clad Java: Building Secure Web Applications", Jim continues to lead industry standards through OWASP initiatives. Connect with Jim via LinkedIn or X/Twitter.
What You Will Learn
Learn to architect and implement secure web, API, mobile and AI solutions using real-world, defense-oriented coding exercises and lessons. Manicode offers custom onsite developer training which pulls from the following topics:
- Core AppSec
- HTTP Security & CORS
- Input Validation
- SQL & Command Injection
- CSRF Defense
- File Upload
- Deserialization
- 3rd Party Library Security
- Threat Modeling
- Security Logging & Monitoring
- API Security
- REST API Security
- Microservice API Security
- SSRF Prevention
- gRPC Security
- Identity & Access
- Authentication
- Session Management
- Password Storage
- Multi-Factor Authentication
- Passkey Authentication
- Access Control Design
- Brute Force Defense
- OAuth 2 Security
- OpenID Connect Security
- SAML Security
- UI Security
- XSS Defense
- Content Security Policy
- Content Spoofing
- Clickjacking
- React Security
- Vue.js Security
- Angular Security
- Flutter Mobile & Desktop
- AI Security
- OWASP Top 10 for LLM
- Enterprise Vibe Coding
- Threat Modeling for AI
- Zero Trust for AI
- Agentic AI Security
- Adversarial ML & Red Teaming
- AI Supply Chain Security
- MCP Security
- Self-Hosted Models
- Differential Privacy
- EU AI Act
- Crypto
- Secrets Management
- HTTPS/TLS
- Symmetric Cryptography
- Hash Functions
- Digital Signatures
- Randomness
- Post-Quantum Cryptography
- Tokenization vs Encryption
- Cloud & DevSecOps
- Cloud Security & IAM
- Docker & Container Security
- Kubernetes Security
- Istio Service Mesh
- Terraform Security
- Cloud Formation
- Serverless Security
- DevOps & Secure SDLC
- Incident Response
- NIST Cybersecurity Framework
- Threat Detection & Analysis
- Containment & Recovery
- DevOps Incident Response
- Post-Incident Activities
- Real-World Scenarios
- Standards
- OWASP Top 10
- OWASP ASVS 5.0
- OWASP Proactive Controls
- GDPR
- PCI Secure SDLC
- Additional Topics & Labs
- iOS & Android Security
- Java, PHP, Go, Rust Security
- Social Engineering for Developers
- Subdomain Takeover
- Competitive Web & API Hacking Labs
- Secure Coding Knowledge Labs
WHO SHOULD ATTEND?
Our classes are ideal for developers, architects, security professionals, DevSecOps engineers, and software teams building modern, secure applications and AI-driven systems.
2-DAY CLASS SCHEDULE SAMPLE:
Students should bring a laptop with administrative access. Course materials will be distributed digitally.