Secure Development Trainings

SCJ – DevSec Java Masterclass

“Java Secure Development Training for Professionals at the Apex of Code Security!”



Davide Cioccia

Davide Cioccia

Founder and Principal Security Architect @ DCODX

Hi there! I’m Davide Cioccia, founder of DCODX, an ethical hacking, and DevSecOps consulting and coaching firm. Besides helping companies implement their Sec in DevOps, I’m also a developer of security tools (check our GitHub), OWASP Mobile Security Testing Guide contributor and DevSecCon Chapter Lead for the Netherlands. You can find my talks at security conferences like BlackHat, OWASP AppSec, DevSecCon, DevDays Europe and more online, together with some CVE disclosed to Microsoft and other big vendors. Enjoy my course :)  

Course overview

Level up your Java secure coding skills with our immersive and hands-on Java DevSec Masterclass. Learn to detect and mitigate vulnerabilities seamlessly as part of your development process, ensuring your Java code remains secure. Highlights:
  1. Practical Exercises: Dive into real-world scenarios and hands-on exercises to identify and address vulnerabilities effectively.
  2. Security Auditing and Code Review: Learn to conduct thorough security audits and code reviews to uncover hidden vulnerabilities.
  3. Secure Development Lifecycle Integration: Integrate security practices throughout your development process using a structured SDLC approach.
  4. Industry Best Practices and Tools: Get acquainted with leading security tools and frameworks for Java secure development.
Join our Java DevSec Masterclass and become a security-savvy developer. Safeguard your code and stay one step ahead of cyber threats. Enroll today for a secure coding journey!


Secure coding introduction
Secure coding principles
OWASP Top 10 2021
Build your security requirements from OWASP ASVS
CVSS: how to rate vulnerabilities
Spring Security Framework
Authentication and Authorization in Spring
CSRF protection (Cross Site Request Forgery)
Password encryption in Spring
Dissecting (in)famous Java CVE
Log4j to Log4Shell (CVE -2021-44228)
Spring4Shell (CVE-2022-22965)
Authentication and Authotization attacks
LAB: IDOR (Insecure Direct Object Reference)
LAB: Path Traversal
LAB: CSRF (Cross-Site Request Forgery)
Spring actuators exploitation
LAB: LDAP injection and authentication bypass
Attacking Spring web applications
LAB: SQL injections
LAB: Command injection
LAB: Code and Object Injection
LAB: XML Injections
LAB: Server-Side Request Forgery
LAB: NoSQL injections
LAB: Local and remote file inclusion
LAB: Server Side Template Injections
All labs are executed locally
Vulnerable and Outdated Dependencies
Dependencies as graph
The importance of SCA (Static Component Analysis) and SBOM (Software Bill of Materials)
LAB: Detecting known vulnerabilities using Snyk
Integrate SCA and SBOM in the CI/CD pipeline
Detecting vulnerabilities in Java using SAST tools
Semgrep basics
Scanning your code using Semgrep
Semgrep automation in CI/CD