Secure Coding Practices
OWASP Top Ten Applied Lab
Hands-on labs that map each OWASP category to concrete fixes in Java and TypeScript services you already run.
Overview
You rotate through hardened and vulnerable branches, comparing diffs, writing tests, and shipping patches with mentor review. Labs include SSRF guardrails, deserialization traps, and logging redaction patterns tuned for Japanese privacy expectations.
Duration: 6 weeks · 48 hours · Format: Cohort with async labs · Language: English · Certificate: Included
Price (informational): ¥98,000
What is included
- Branch-per-risk exercises with annotated diffs
- JUnit and Vitest templates for security regressions
- ASVS quick-check worksheet per module
- Pair review with mentor on final merge request
- Japanese PII handling notes alongside OWASP guidance
- Release checklist you can paste into Confluence
- Office hour recordings with anonymized questions
Outcomes
- Produce a prioritized backlog mapped to OWASP categories
- Ship two remediations with automated tests
- Document assumptions for auditors in plain language
Lead mentor
Haruna Sato
Former platform security lead for a Tokyo fintech; focuses on teaching engineers to read traces like attackers do.
FAQ
No. We expect professional coding experience; security depth is built inside the labs.
Experience notes
The SSRF lab finally made me trust our egress proxy story — I reused the checklist in our design doc.
Kenji · Backend engineer · 5/5 · survey
Clear diffs, though the deserialization week felt dense. Mentor comments on my PR were surgical.
Amelia · Logistics API team