Liran Tal profile picture

Training the world's developers on application security

Take a proactive approach to modern software security risks to engage your developers with hands-on workshops, educational awareness sessions, and educational books citing secure coding best practices

New Supply Chain Security Awareness Training
Trusted by

Educate your developer team on supply chain security and Node.js security topics

Node.js Secure Coding

Focus on command injection and path traversal vulnerabilities. Participants will get acquainted with real-world, vulnerable code of open source npm packages that were identified via CVEs. They will learn how to recognize patterns of vulnerable code, and best practices to mitigate these sets of vulnerabilities. We can focus on one of command injection or path traversal, or encompass both in order to provide a broader spectrum of patterns and cases. The session includes an intro for AppSec fundamentals and an outro for continued education and other resources at their disposal.

The Mechanics of Malicious Packages

A deepdive into supply chain security incidents with a focus on malicious packages - analyzing real incidents and stories behind them in the JavaScript / npm packages, analyzing vulnerable code, understanding the threat landscape from developer's to SCM, to CI, to public registries such as npmjs and pypi. Participants will have an increased awareness and secure mindset when working in the open source ecosystems (dependencies, docker container images, github actions) and will be presented with best practices and tools to help them combat against these threats.

Open Source and JavaScript Security Controls

Software supply chain security risks are ever-increasing, and if this wasn’t worrying enough, attacks have been sharpened to target developers and their ecosystems. From dependency confusion attacks, spearheaded malicious code backdoors in open source packages, and compromising your build pipelines infrastructure. The security risks prevalent in open source libraries and ecosystems pose an imminent threat to developers. What are some software security controls we can apply for a better security posture? Participants will have a broader understanding of the risks of open source software, from malicious packages to other security risks involved with open source software.

Looking to train your team on a different topic? Let's chat!

Liran Tal presenting at a conference

Companies Share Their Success

Read testimonials from companies such as Taboola and others who have taken security training and educational books and experienced successful engagement and security uptick awareness in their teams.

Meital Eli Mur

Meital Eli Mur

InfoSec Compliance Leader at Taboola

I had the pleasure of planning and hosting a session on Open-Source Security & Secure Coding, delving into the vital intersection of development and security. In today's interconnected world, it's crucial to fortify our development against evolving threats. The enthusiastic engagement and insightful discussions during the training showcased a collective commitment to raising the security bar in our projects. A huge thank you to Liran Tal for sharing his expertise and empowering our teams with a great Security Development Training! 🙏

Liran Tal presenting at Taboola
Liran Tal presenting at Taboola

#1: Educate Your Developers and Security Teams

📖 🦄 🎓

35 copies of the Node.js Secure Coding book

Hand-out book copies of the Node.js Secure Coding book in digital edition (PDF and EPUB) to your teams around the world

Empower your team with a comprehensive understanding of Command Injection security vulnerabilities in Node.js applications and their impact on your business

Support your developers technical career growth and broaden their skill-set with valuable and positive business impact that builds secure coding practices experience

Node.js Secure Coding: Defending Against Command Injection Vulnerabilities

#2: Technical Expert Session

🎸 🔉

60 minutes with Liran Tal in-person or remote session

Host a technical expert session with me about a topic of your choosing

How to get involved in the Node.js project? Interested in open-source security & supply chain security stories? Developer Relations, open-source communities and more

Liran Tal talks about React Seecurity at React Next 2021
Liran Tal talks about Node.js security at ReactiveConf
Liran Tal talks about supply chain security and JavaScript security at JSNation 2021
Liran Tal talks about container security and building production-grade secure Node.js docker containers at DevOpsDays 2021
Liran Tal talks about Node.js security and web security topics at JSHeroes 2017
Liran Tal talks about breaking into containers at NodeTLV 2021

#3: Evaluate Your Developers Skills and Engage in Fun Quizzes

🤝 ✅ 🤝

33 Questions to Test Your Knowledge

33 Yes-No and multiple answers questions to engage your developers in a fun and educational way

Open-ended questions to encourage your developers to think about security and how it impacts their work

Code quizzes to evaluate your developers knowledge and understanding of security best practices

Node.js Secure Coding: Defending Against Command Injection Vulnerabilities
Node.js Secure Coding: Defending Against Command Injection Vulnerabilities

Business Plans

Rollout secure coding practices to your development and security teams in meaningful and engaging ways

Learn Secure Coding

Educate your developer, ops and security teams with secure coding knowledge and help promote their technical career path

  • 60 minutes live session with Liran Tal on secure coding, supply chain security or other security topics with your R&D team
  • 5 free complimentary digital edition copies of the Node.js Secure Coding book

Practice Secure Coding

Engage your developer and security teams in meaningful interactions that instill secure coding knowledge and awareness

  • 1/2 half day hands-on practical workshop with Liran Tal on secure coding with your R&D team. We learn by hacking and fixing code together!
  • 12 free digital edition copies of the Node.js Secure Coding book
  • 35% OFF

Take a peak in the book

Note that many of the book chapters and headlines were removed or redacted in this freely available public book preview version.

More reasons to practice secure coding?