See an overview of the platform in a 10-minute video.

Free Training Courses

Master the Fundamentals of Secure Coding with Jim Manico

Ensure your code is secure from the top ten vulnerabilities discovered in the wild by Edgescan so far in 2023.

  1. SQL injection
  2. File path traversal
  3. Cross-site scripting (stored)
  4. Malicious file upload
  5. Brute forcing possible
  6. PHP Unsupported version detection
  7. Out-of-band resource load (HTTP)
  8. Server-side template injection
  9. Password submitted sing GET method
  10. Sensitive file(s) disclosure
Upcoming Session

Stored but Not Secure: Defending Against Cross-site Scripting

Live On November 30
6:00 PM IST, 1:00 PM PT, 10:00 AM PT

Gear up for a secure coding journey guided by security expert Jim Manico and aligned with the most common vulnerabilities discovered and reported in Edgescan’s 2023 vulnerability stats snapshot.
Our free courses are designed to teach students how to prevent specific vulnerabilities in just 20 minutes, followed by a Q&A session.


The Snake in the Query:
Preventing SQL Injection

SQL injection is a notorious vulnerability that we, as security practitioners and developers, must tackle head-on. It arises when attackers manipulate user inputs to execute malicious SQL queries, endangering our data integrity. To thwart these attacks, we must embrace prepared statements and parameterized queries, techniques that treat user inputs as data, not executable code, thus forming a robust defense against this venomous threat.
Finding Your Way:
Mitigating File Path Traversal Risk

File path traversal, or directory traversal, is a treacherous adversary, capable of granting attackers unauthorized access to sensitive files. Our mission is to shield against this threat through stringent input validation and more, ensuring that user-provided file paths remain confined within their intended directory structures. Combining this with access control measures, such as ACLs and permissions, fortifies our defenses, guiding us safely through the complex terrain of file system security.

Stored but Not Secure: Defending Against Cross-site Scripting
Live On November 30
6:00 PM IST | 1:00 PM PT | 10:00 AM PT

Cross-site Scripting (XSS) is a persistent peril that exposes web applications to script injection attacks. Our strategy to protect against this vulnerability should encompass rigorous output encoding, HTML sanitization and input filtering. Also, by adopting robust Content Security Policy (CSP) headers, diligent input validation, and embracing modern security-focused frameworks, we can fortify our applications against XSS, ensuring they remain both functional and resilient in the ever-evolving landscape of web security.

Jim Manico

Your instructor.

Jim Manico is the founder of Manicode Security, where he trains software developers on secure coding and security engineering. He is also an investor/advisor for 10Security, Aiya, MergeBase, Nucleus Security, KSOC, and Inspectiv.

Jim is a frequent speaker on secure software practices, is a member of the Java Champion community, and is the author of “Iron-Clad Java: Building Secure Web Applications” from Oracle Press. Jim also volunteers for the OWASP foundation as the project lead for the OWASP Application Security Verification Standard and the OWASP Cheatsheet Series.

Visit to schedule an in-depth training course with Jim and crew.

Upcoming secure coding courses you can't miss


Behind the Malicious File Upload: What You Need to Know


Crack the Code: Defending Against Brute Forcing


The PHP Time Bomb: How to Detect Unsupported Versions


The PHP Time Bomb: How to Detect Unsupported Versions


Template or Trap: Server-side Template Injection Explained


The GET No-Go: Why Passwords Shouldn't be Submitted


The Hidden Dangers of Sensitive File Disclosure