The secure dev and ssdlc trainings/conf series
Hosted by Jim Manico and Glenn ten Cate
Days of mastering your 
 secure software skills

€150+200=260
defensive development [defdev] is a security trainings and conference series dedicated to helping you build and maintain secure software

Catered to [developers, architects, testers, devops, team leaders and security engineers] by the leading appsec/secdev authorities to expand your carrier by mastering the secure software production skills and practices.

NOV 17-19, BUDAPEST — we hope to see you there!




 NOV19 #ssdlc NOV19 #ssdlc
 

Saturday (codename: s-sdlc.master) is the day of mastering the S-SDLC, appsec management, testing and devops skills (w/ special modules of SIEM, IAM and mobile). Meant to attract {team leaders, sec engs, testers and those who dig the devops}. Check out the SSDLC day agenda...




 NOV18 #dev NOV18 #dev
 

Friday is the exclusive secdev classes day (secdev.master): HTTP security, HTTPS/TLS best practices, Input validation, serialization, Solving input injections, CSRF and Clickjacking defense, Webservices security, AngularJS security. Check out the dev mastering agenda details...




 NOV17 #dev NOV17 #dev
 

secdev.prep day on Thursday is an addition to the exclusive secdev classes day (secdev.master) may you need to acquire the secure coding essentials first. Thus with secdev.prep and secdev.master together you get a full secure coding course (for the price of mastering only). Check out the prep agenda...

The manifest

the developers are the key players of the software security at the end of the day, not the pentesters

Secure software development is a professional field which has not many dedicated events yet, and especially not many events which educate and improve developers. Meanwhile the developers are the key players of the software security at the end of the day, not the pentesters.

Our ambition is to establish the #1 European event of the "securely developing" professionals, the def[dev]eu conference. Our first trainings event takes place in Budapest on November 17-19th, and it will be purely about educating and improving our visitor developers and other professionals involved in the ssdlc.

def[dev]eu is a developers training and SSDLC conference series, it's not a hacking show, nor is it about boring security preaching. We are structured, practical, and we see the challenge with the eyes of a software engineer.

The masters

When two of the world's leading security specialists come together on stage, be prepared to take in a wealth of online security knowledge







Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also the founder of Brakeman Security, Inc. and is a investor/advisor for Signal Sciences. Jim is a frequent speaker on secure software practices and is a member of the JavaOne rockstar speaker community. Jim also was a Global Board Member for the OWASP foundation where he helped drive the strategic vision for the organization. He is the author of "Iron-Clad Java: Building Secure Web Applications" from McGraw-Hill.







As a coder, hacker, speaker, trainer and security researcher Glenn has over 10 years experience in the field of security. Employed as a security engineer at Schuberg Philis in the Netherlands and speaking at multiple security conferences. His goals is to create an open-source software development life cycle with the tools and knowledge gathered over the years.


The guest trainers

Krisztián Schäffer

Krisztián's specialities are web application security and code audit. After a strong JEE development past his interest turned to security 10 years ago when he took part in development of an infrastructure level AM solution for GE Money Hungary. Krisztián became application security advisor several years ago. From time to time he participates in security quality assurance assignments. Krisztián is one of the founders of the OWASP Hungary chapter. He delivered speeches and workshops for Hacktivity and ITBN.

Zsombor Kovács

Zsombor is a security specialist with around 9 years of hands-on heavy experience in penetration testing. His main occupation and interest today is mobile application testing (iOS and Android). Beside his main area, he also has been involved in projects dealing with infrastructure testing, incident response, forensic engineering, reversing, wireless IDS implementations and physical security.

Budapest, November

Nov 17-19 (Thu-Fri-Sat) #defdev1611

Our next event will take place in Budapest, Hungary on November 17-20 (Thu-Fri-Sat-Sun). Thursday (.prep) and Sunday (.brunch) are add-on days.

Friday and Saturday (secdev.master and s-sdlc.master) are the core event with Jim and Glenn on stage. The mastering days classes assume that you are familiar with the corresponding foundation (secure coding and design essentials to enter the secdev mastering day, and the appsec management basics to enjoy the s-sdlc mastering day).

May you need to acquire the secure coding essentials first, the secdev.prep day (Thursday) is for you to prepare for jumping into the exclusive secdev classes day (secdev.master). With the combination of the prep and the mastering dev days you get a full secure dev't course (for the price of mastering only). The labs.brunch (planned for Sunday) is fun and free, and is to provide you with hands-on hacking and defending experience.

The mastering days (18Fri-19Sat)

** The full pass includes all three days: both mastering days + .prep day.

If not indicated otherwise the mastering day modules below are presented by Jim or Glenn.
The venues and the starting times see below in the Venues section.

Click on the agenda items below to open their corresponding descriptions.

secdev.master
NOV18Fri
€150*

At the end of the secdev mastering day you'll walk away with the mindset of a defensive developer

#Dev
HTTP security
HTTPS/TLS best practices
Input validation, serialization
Solving input injections
CSRF and Clickjacking defense
Webservices security
AngularJS security

* For the price of the secdev.master you can get both the mastering and the secdev.prep day as a complete secdev (secure coding) course.

s-sdlc.master
NOV19Sat
€200
#SSDLC #DevOps

The S-SDLC masterting day is about operating, leading and managing the appsec (w/ bonus mobile sec)

Mobile security, defense practices
Secure SDLC and AppSec Management
DevOps security
Security testing
Introduction to IAM
SIEM (Security Information Event Monitoring)

Add-on days (17Thu, 20Sun)

#Dev

Attend the extra day of the prep secdev classes, get a full two-days secure coding course!

Introduction to Application security
OWASP Top 10
Secure coding principles
Security features
Demos of hacking and defending

* The price of the secdev.master ticket entitles you to visit the prep secdev training day also. Please indicate that you also attend on Thursday when making your order (in the 'Additional info' field).

labs.brunch
NOV20Sun
free
Noon brunching with the trainers at Ustream.

During the brunch you can play with some hands-on exercises Glenn prepares.

In the lab you will also have a chance to talk with our trainers. This day is free so don't miss this amazing opportunity!

Tickets menu

secdev.master is a must for devs and architects.
s-sdlc.master is for team leaders, security and project managers, devops and security professionals.

The online tickets are sold via Ti.to and PayPal. May Paypal be a non-option for you, please use the 'Corporate/offline tickets' option below.

s-sdlc.master NOV19 [exclusive management topics]

#ssdlc

Saturday (s-sdlc.master) is about mastering the S-SDLC, appsec management, testing and devops skills (w/ special modules of SIEM, IAM and mobile). Meant to attract {team leaders, security engineers, testers and those who dig the devops}.

Check out the SSDLC day agenda...

secdev.master NOV18 [exclusive devs' classes]

Friday (secdev.master) is for {developers, architects and testers}. Advanced classes on HTTP security, HTTPS/TLS, input validation, injections, CSRF, clickjacking, webservices and Angular security.

Check out the detailed agenda ...

With the secdev.master ticket you can also attend the secdev.prep day (see below) and get a complete secdev (secure coding) course!

secdev.prep NOV17 [essentials add-on to NOV18]

#dev

secdev.prep helps you to quick jump on the secdev wagon. This Thursday is a free addition to the exclusive secdev Friday classes (secdev.master) may you need to acquire the secure coding essentials first.

Check out the detailed agenda ...

Please indicate that you also attend on Thursday when making your order (in the 'Additional info' field).

The full pass (25% off)

#dev
#ssdlc

This ticket gives you the complete defdev experience. You can attend the secdev.master, s-sdlc.master, secdev.prep days and you are welcome on the Sunday brunch of course.

Student pass [limited and conditional]

We start with 12 student passes for a symbolic price. You need to apply for this pass, describe your motivation and make your professors or any serious person on the appsec/cybersec field support your application. Contact us!

Corporate tickets

For corporate tickets and invoicing contact us directly. Use the form linked to the above 'Contact our sales' button!

Contact us directly in email at hellodefdev.eu, by direct message to @defdeveu, or via the form (click the button above) and we will contact you (or call Timur 'x' Khrotko , +36309225777, +12318468790.)

We offer discounts for purchases in the ranges of 3-5-8-11+ tickets. Contact us directly!

Offline tickets and support

For offline payment or may you have any other special requirement, please, use the above 'Contact our support' channel!

Or order directly by contacting us in email, via direct message or phone. See the details in the above 'Corporate tickets' box.

If you are an ethical hacker the combination of secdev.master and s-sdlc.master is a must for you to enter the appsec profession.

The venues, the times

the mastering days of the event take place at Marriott Courtyard Budapest City Center

On Friday doors open at 900, the training starts at 930.
On Saturday doors open at 930, the training starts at 1000.

The secdev.prep (NOV17) and the labs.brunch (NOV20) venues are different!

The .prep training on Thursday will be held in Hotel Gellért.
On Thursday doors open at 900, the training starts at 930.
Sunday noon brunching with the trainers will be held at Ustream from 11am to 2pm.

The city

Budapest is one of the major tourist destinations in East-central Europe. It's a 250km long drive east from Vienna. There's a great variety of budget and major airlines flying here, see the list of the airport site. Start reading about the city on the Lonely Planet. And also about ruin pubs, dining out, photography and other cool stuff worth doing here on a weekend even in mid-November.

Our partners



FAQ

Is defdev a one-off event in Budapest?

No, defdev is a series of trainings and conferences in Europe throughout the year. Next stations will be the Netherlands, Poland and Berlin. We plan to return to Budapest next year.

What is the difference between secdev and secure coding?

We prefer to tag our secure development courses as "secdev", but usually those are referred to as secure coding courses. In our view the secdev is a broader field than just secure coding. The S-SDLC day is not about coding but methods, approaches, practices and tools.

What kind of training can an attendee expect? Is it a hands-on training with computer labs or is it more like talks to certain topics?

Days secdev.master, ssdlc.master and secdev.prep are lectures. While the labs.brunch is a brunch and some hands-on.

With what equipment should an attendee visit the trainings?

No devices are needed. Except on the labs.brunch day.

Who are the trainers on specific days?

The .master days (Friday and Saturday) are by Jim and Glenn.
The .prep day is to be delivered by a mix of trainers.

Why are the prices of a single day so different?

The S-SDLC training is targeted to managers and other professionals, and is also quite a unique course. While the secdev (secure coding) trainings are for developers and we believe those should be more accessible pricewise.

What packages do you offer for groups of attendees?

We offer impressive discounts on purchases of 3, 5, 8 and 11 tickets or more. Please contact us directly!

Are there discounts on professional membership?

For OWASP members the discount is 50% (owaspmember), for ISACA members - 20% (isaca20). With Hacktivity ticket you get 15% off.

I would like to make a defdev event in my city, it is possible?

defdev is open for cooperation with local professionals. defdev has strict rules of quality and format. Please contact us.

We require special kind of invoice due to our local requlations, is it possible to get?

Of course! Please contact us directly.

Is the Sunday brunch open to everyone, even without participating in the other days?

Yes! But please register.

Dresscode?

No dresscode.


Press releases

EN

Jim Manico and Glenn ten Cate introduce def[dev]eu, the defensive development education and mastering project. The def[dev]eu trainings and conference series is dedicated to helping developers and other professionals involved in the S-SDLC build and maintain secure software. The defdev events will pop up in several European locations, mostly linked to major security and development conferences.

Our first event takes place on November 17-19 in Budapest, Hungary where the idea of the project was born. This event is purely about trainings on secure coding and S-SDLC. The agenda in reverse order is as follows: Saturday, Nov 19 will be a real tidbit, when secdev management practices will be evaluated eg.: Secure SDLC and AppSec Management, DevOps security, Security testing, SIEM (Security Information Event Monitoring), IAM and the mobile application security from a defensive point of view. On the previous day, Nov 18 Jim and Glenn will master the developers’ secure coding skills through modules like HTTP security, HTTPS/TLS best practices, Input validation, serialization, Solving input injections, CSRF and Clickjacking defense, Webservices security, AngularJS security. All these module require an advanced knowledge of the field. The entry level knowledge to these modules can be gained on Thursday, Nov 17. So with these two days (Thursday and Friday) defdev provides a complete secure coding course. Training day prices are 150 and 200 eur.

See you in Budapest in November, and stay tuned for the continuation of the defdev series! https://defdev.eu https://twitter.com/defdeveu

HU

A tavalyi Hacktivity OWASP trackjének két főszereplője, Jim Manico és Glenn ten Cate az idén egy saját tréning konferenciával jönnek vissza Budapestre. A def[dev]eu nevű rendezvénysorozat meghatározása eredetiben így szól: "defensive development [defdev] trainings and conference series is dedicated to helping developers and other professionals involved in the S-SDLC build and maintain secure software". Az urak a biztonságos fejlesztés (secure coding and development) szcénáján a legismertebb nevek közé tartoznak. A def[dev]eu több európai helyszínen is megrendezésre kerül majd, Budapest az első állomás, mert a projekt ötlete itt született. A budapesti szakmai továbbképzés 3 napja két blokkra bontható, az első két nap a fejlesztőké, a harmadik pedig az operációs szakértőket és a managmentet célozza. A műsor napokban visszafelé haladva:

November 19., szombat csemegének ígérkezik, mikor is a secdev irányításának kérdéseit feszegetik: Secure SDLC and AppSec Management, DevOps security, Security testing, SIEM (Security Information Event Monitoring), IAM. Szombaton vendégelőadóként Kovács Zsombor is fellép majd, a mobil alkalmazások biztonságáról beszél védelmi szemszögből.

Pénteken (18.) egy a fejlesztőknek szóló tréninget tart Jim és Glenn, olyan modulokkal mint: HTTP security, HTTPS/TLS best practices, Input validation, serialization, Solving input injections, CSRF and Clickjacking defense, Webservices security, AngularJS security -- mindezek haladóbb secdev tudást feltételeznek. A pénteki belépő szintet csütörtökön lehet összeszedni, így azon a két napon (csütörtökön és pénteken) egy komplett fejlesztői secure coding kúrzust kínál a defdev.

https://defdev.eu