Foundations of Application Security
Foundations of Application Security with Cole Cornford Practical training for secure-by-design software development From $1,800 per person (ex GST) Register your interest Discount pricing for students. Please see the terms of booking below! Overview Key Focus Areas Course Outcomes Benefits Locations Instructor Bio Overview This two-day course gives software and security engineers the foundational skills for building secure and resilient software. This course will give you the practical skills and cutting-edge knowledge needed to secure software applications. With an emphasis on combining hands-on practical exercises, engaging group activities, and discussions around real-world case studies, this course covers all bases. Attendees will walk away confident in their ability to interrogate source code for security flaws and empowered to select the right DevSecOps capabilities for their technology stack. We go further and not only teach technical skills, but the critical program management skills like achieving buy-in from stakeholders, being successful with training programs, and measuring success too. But the best part? You can join ‘The Flock’, alumni who are the best product security professionals in Asia Pacific. Key Focus Areas Core training areas include: Threat modelling techniques, including STRIDE, 4Q, and Attack Trees Secure coding practices focused on authentication, configuration, and secrets management Application security tooling such as SAST, SCA, SBOMs, and secrets scanning DevSecOps pipelines and lightweight assurance workflows Secure-by-design principles supported by real-world case studies Running a successful AppSec program aligned with the Essential Eight and ISM Course Outcomes By the end of this course, you’ll know how to: Build secure applications aligned with established cybersecurity frameworks Catch and fix issues earlier in the development cycle, reducing reliance on penetration testing Ship faster and safer in Agile and DevOps environments Strengthen collaboration between dev, security, and ops without adding friction Who will benefit from this course Software Engineer Programmer/Developer AppSec Engineer DevSecOps Engineer DevOps Professional Cloud Engineer Upcoming Locations Sydney – September 15 – 16 Newcastle – October 2 – 3 Melbourne – October 6 – 7 Canberra – November 17 – 18 Register Your Interest ”100% of our staff endorse this training and would gladly recommend it to others.” ”We found a 27% average of skill improvement across six key areas within our team post-training, with an impressive 65% skill boost in one topic.” ”The real-world threat modelling scenarios provided invaluable context and clarity.” ”Exceptional presentation style. A comprehensive overview of AppSec, surpassing other cyber courses we’ve experienced.” ”100% of our staff endorse this training and would gladly recommend it to others.” ”We found a 27% average of skill improvement across six key areas within our team post-training, with an impressive 65% skill boost in one topic.” ”The real-world threat modelling scenarios provided invaluable context and clarity.” ”Exceptional presentation style. A comprehensive overview of AppSec, surpassing other cyber courses we’ve experienced.” Instructor Bio Cole Cornford Founder & CEO Galah Cyber Cole Cornford is a recognised leader in Australia’s application security scene. As Founder of Galah Cyber, he’s led major security programs across global teams and brings a strong engineering mindset to everything he does. An active OWASP contributor, sought-after speaker, and host of the Secured podcast, Cole is known for cutting through complexity and speaking the language of developers.
Foundations of Application Security – Enrol
Foundations of Application Security with Cole Cornford Practical training for secure-by-design software development Sydney Sep 17th – 18th Newcastle Oct 2nd – 3rd Melbourne Oct 6th – 7th Canberra Nov 17th – 18th Foundations of Application Security Instructor Bio Cole Cornford Founder & CEO Galah Cyber Cole Cornford is a recognised leader in Australia’s application security scene. As Founder of Galah Cyber, he’s led major security programs across global teams and brings a strong engineering mindset to everything he does. An active OWASP contributor, sought-after speaker, and host of the Secured podcast, Cole is known for cutting through complexity and speaking the language of developers.
An Introduction to Threat Modelling
Lunch & Learn Series An Introduction to Threat Modelling Overview This Lunch-and-Learn series provides an essential introduction to threat modelling, equipping participants with tools to identify vulnerabilities early, ensuring cost-effectiveness and regulatory compliance. We delve into Adam Shostack’s Four Questions framework and other methodologies to establish common language and consistent risk reporting across teams. Through the course, we underscore the importance of focusing on outcomes, rather than documentation, and we highlight that threat modelling is an ongoing process. Practical tips on initiating threat modelling, stakeholder involvement, scope definition, and use of Data Flow Diagrams are also provided. Course Outline Threat Modelling & the Four Questions Framework A. Threat modelling overview B. Understanding threat modelling: What it is and what it isn’t C. Exploration of the “four questions” framework Threat Modelling Methodologies A. Examination of different threat modelling methodologies B. Selecting the right methodology for your specific needs Best Practices in Threat Modelling A. Overview of best practices for effective threat modelling B. Strategies for maintaining and updating threat models Conclusion A. Recap of key learning points Register Your Interest Instructor Bio Cole Cornford Founder & CEO Galah Cyber Cole is a renowned figure in the Australian Application Security scene. An active OWASP contributor and sought-after speaker, Cole has spearheaded significant AppSec programs globally. In addition to leading Galah, he hosts the Secured podcast and authors influential security-focused articles.
