SafeStack Academy logo


Included in all our Secure Development memberships, our monthly online seminars are designed to add to your learning and help you build a community of like-minded people you can share challenges and approaches with.

Sign up for our next seminar or to be notified when it’s coming up, share topics you’d like us to cover, and check out our past seminars below.

Join our next seminar

You down with SOP

Our last seminar discussed the importance of securing frontend applications and some methods for keeping on top of the ever-changing web development paradigms. We briefly discussed the Same-origin Policy and CORS, but we want to take a deeper dive into what this technology is and why it’s one of the most critical controls in web browsers today, and cover common misunderstandings.

Join Principal Developer Advocate Christian Frichot, and Secure Development Specialist Shaun Bettridge, as we peek under the hood at one of the most critical and complicated security controls in modern web development. The seminar will cover the Same-origin Policy, Cross-origin Resource Sharing, Universal XSS, Site Isolation and more.

When: Thursday 28 July 2022, 2:00pm – 2:50pm NZST / 12:00pm – 12:50pm AEST

Register today and we’ll be in touch with more information to help you get the most of the seminar.

Sign up for seminar notifications

Don’t miss out on our monthly seminars and your learning and security community. Sign up below to get notified of upcoming seminar topics and reminders.

Have a topic idea?

Our seminars are designed to be relevant to what you’re learning in SafeStack Academy, as well as any secure development challenges you’d like some help and inspiration to work through.

We’d love to hear your topic suggestions! Share them below and we’ll be in touch with any questions.

Watch past seminars on Crowdcast

Secure Front-End Development for 2022
With SafeStack Academy Secure Development Specialist Shaun Bettridge and Principal Developer Advocate Christian Frichot
June 2022

The popularity of programming languages comes and goes but one thing remains the same – JavaScript is at the forefront of front end web development. With the mainstream adoption of web based tools, and the advancement of web frameworks and libraries, we expect this trend to continue for the foreseeable future. Securing your web applications has never been more critical.

This month’s seminar shone a light on security in modern-day JavaScript-powered frontend frameworks. In addition to the current best practices for front end development we also peek behind the curtains to see what’s coming in the future and how you can best prepare.

Hands-on with Container Security
With SafeStack Academy Principal Developer Advocate Christian Frichot and Secure Development Specialist Shaun Bettridge
May 2022

Many paradigm shifts in computing have occurred in the past ten years. And the explosion of containers may seem like just another technology fad that will fizzle out in time. But it’s undeniable that it’s difficult to avoid conversations about containers, Kubernetes or other orchestrators when looking to build scalable tech. In this seminar we went hands-on with some open source tools to help secure container environments.

AWS Threat Modelling
With SafeStack Academy Principal Developer Advocate Christian Frichot and Secure Development Specialist Shaun Bettridge
April 2022

Threat modelling is one of the best ways to help secure your software products. Unfortunately, it’s also one of the most confusing processes out there. Either the process is very rigid and checklist driven, or it’s too unstructured. Sometimes the challenge is just getting started. You may not have the correct people in the room, and don’t have a way to keep everyone collaborating and working towards the same goal. We’ve all been there! In this seminar we worked together on a threat model for a newly designed solution that’s going to be deployed onto the cloud.

GitHub Actions for AppSec
With SafeStack Academy Principal Developer Advocate Christian Frichot
March 2022

Automating vulnerability identification is one of the north star goals for many DevOps teams. Whether you’re looking for vulnerable dependencies, forgotten secrets, or SQL injection there are many open source and commercial offerings out there that can integrate into your code pipelines. Christian demonstrates automating common security tasks with open source tools on top of GitHub Actions. Don’t worry if you’re an Azure DevOps or GitLab user though, many of the examples can be integrated into those platforms too.

Understanding the bug – Log4Shell
With SafeStack Academy Principal Developer Advocate Christian Frichot and CTO Jigar Patel
February 2022

December was a busy month for development, ops, sysadmin, and security teams around the world. A new publicly disclosed vulnerability took over our social feeds with #log4j and #log4shell, and there was a massive wave of social commentary, news articles, and (of course) memes. The Log4Shell vulnerability, which affected Apache’s Log4j Java-based logging utility, gained a lot of attention, and the first thing you might have thought of is “should I worry about this?”. 

Detecting security attacks in our software products
With SafeStack Academy COO Erica Anderson and Principal Developer Advocate Christian Frichot
November 2021

We all know that security is an important aspect of building high quality software, and it is a balancing act between having security controls that help us prevent and detect events, versus working at speed. Sometimes we can prevent a security event from happening by making conscious decisions in how we design, develop, and manage our software. And sometimes we just need to be ready to detect and handle an attack. In this seminar, we discuss how security attacks happen and what your development team can do to detect them.

Measuring your Software Security Maturity
With SafeStack Academy COO Erica Anderson and Principal Developer Advocate Christian Frichot
October 2021

Releasing modern software products involves many people and teams, often at an increasing velocity, rapidly moving code from practitioner’s computers through continuous integration and deployment systems to the cloud, and out to customers. Applying security throughout this process, including having to consider overarching governance obligations, such as privacy and other regulatory requirements, is a difficult task. Let alone including secure development training, automated security testing tools, threat modelling, managing 3rd party software dependency risks: oh my! In this seminar, we explain software security maturity models, and how building a measurable plan to elevate the security of your people, processes and technology can help your organisation navigate the challenges of embedding security throughout your software development lifecycles.

Preventing Product Security Nightmares: Account Takeover
With SafeStack Academy COO Erica Anderson
September 2021

Attackers and scammers are always looking for ways to “take over” accounts. Once they assume an identity, they could create havoc in your name. When they do this at scale, they can cause nightmares for your team and leave your organisation with a massive product misuse problem. Providing easy, accessible and secure access for your users’ legitimate needs is an important part of a modern software product or service. In this seminar, we explain how these “account takeover attacks” work and how your teams can prepare for this inevitable nightmare to make it a lot less scary.

Breaking Down the Software Supply Chain
With SafeStack Academy COO Erica Anderson
August 2021

We are starting to see a lot of news and incidents relating to supply chain-related attacks – incidents relating to network management software like SolarWinds, to virtual administrative tools like Kaseya, even Microsoft have accidently signed (or “verified a file as safe”) for a malicious driver or two. In this seminar we talk about where in your lifecycle or workflow supply chain risk can crop up, how to vet this software before we use it, and how you can prepare yourself in case that software pops up in advisories or headlines.

Security Culture in Business
With SafeStack Academy CEO Laura Bell
July 2021

Join us as we walk through how to introduce and grow a thriving security culture. During the session, you will have an opportunity to discuss specifics about security culture in your organisation, reflect on your understanding of it, and think about possible improvements to your processes.

Get your SAST on
With SafeStack Academy CTO Jigar Patel
June 2021

Sometimes, despite our best efforts to avoid them, security vulnerabilities still make their way into our applications. Perhaps you accidentally hard-coded credentials in your code, or maybe your JSON parser is susceptible to denial of service attacks. Static Application Security Testing (SAST) tools can automatically analyse your code to find these (and more) known security vulnerabilities, before they get deployed.

In this seminar, we highlight the need for SAST in software development, talk through SAST tools you can use to help find security flaws and how some of these tools can be adopted into a typical software development life cycle, and identify things to consider when adopting SAST as a team.

In Dependencies We Trust
With SafeStack Academy Product Owner Toni James
May 2021

As developers, testers, and tech enthusiasts, we depend heavily on code we didn’t write and applications we have no control over. Supply chain attacks and security issues through third party applications are a genuine threat that need our focus and attention.

In this seminar, we highlight common security issues the development world is facing today, introduce ways to investigate and analyse Software of Unknown Provenance (otherwise known as SOUP), and highlight dependencies that may be overshadowed by more prominent third party applications.

OWASP — Beyond the Top Ten
With SafeStack Academy Product Owner Toni James
April 2021

You’ll hear us talk about the OWASP Top Ten a few times in our courses, but what else does the Open Web Application Security Project have to offer and how can it help you? In this seminar, we highlight resources, community chapters, online conferences, and other ways you can get involved.

Can You Keep A Secret?
With SafeStack CTO Jeremy Stott
March 2021

Intuitively, the best way to keep a secret — such as a password or a key — is never to tell it to anybody. Perhaps this is why we’re often unprepared when we actually need to share one. In this seminar, we go through some coping mechanisms to safely share secrets with your applications, servers, and pipelines.

The Alphabet of Cloud Security
With SafeStack COO Erica Anderson and CTO Jeremy Stott
February 2021

Do you find yourself ‘lost in the clouds’ when it comes to cloud solution security? Maybe you’re in a complicated cloud migration at the moment, or you’re thinking of moving to the cloud in the future and you want to know more about it. It can all be a little overwhelming regardless of where you are in the process. If you could do with some advice and guidance, check out this seminar covering the shared responsibility model, identity and access management, multi-factor authentication, resource monitoring, host-based security, and layers (like WAF, VPN, CDN, and SIEM). Plus, a special appearance from Count von Count.

Capture the Fun in your Security Program
With SafeStack CTO Jeremy Stott and Security Advisor Toni James
December 2020

Whether you’re just starting your security journey or you’re well beyond the basics, there’s always time for fun when it comes to security learning. Capture the Flag (CTF) is a friendly competition where you search for ‘flags’ hidden in security flaws or application code. We cover what CTFs are, how to create your own CTF program, some resources for further learning, and an overview of our CTF-style labs, which are included in every SafeStack Development Academy membership.

An AppSec Guide to Incident Response
With SafeStack COO Erica Anderson and CEO Laura Bell
November 2020

What is Incident Response? How do we do it? Why do we need to know? Secure code, strong auth, added logging, and practicing social engineering scenarios are all things that can both help mitigate incidents and add a level of preparedness for when the bad things do happen. We go through what Incident Response is, and how and why development teams can help.

Level Up Your Personal Security
With SafeStack COO Erica Anderson
October 2020

From work and personal devices to neat third party applications, we walk through achievable actions to take you to the next level with your personal security and OpSec.