What is OWASP Top 10 Training?

Developers are typically trained in writing secure code through an annual slide presentation covering the OWASP Top 10. Yet such presentations have limited impact since people are unable to fully internalize and understand the security issues and to avoid the problems in practice. Barring proper training, developers will continue to write insecure code, which can be costly for a business if vulnerable code gets exploited.


How does it work?

Syndis offers an intensive hands-on training, pedagogically teaching developers to spot and to exploit OWASP Top 10 issues by themselves, developing a rigorous understanding and knowledge of the issues. Based on this firsthand exposure, developers learn how to prevent such issues in practice.

The training  greatly increases the security awareness of the developer, as they both know how to spot and exploit issues in a real-world setting at the workplace, and to fix the issues the right way, which can often be a difficult process.


Why is it relevant?

In order to decrease the likelihood of a breach resulting from insecurely written code, developers must be taught about common vulnerabilities and how to avoid them. By making the experience hands-on, rather than a simple hands-off presentation once a year, developers obtain a much deeper understanding of the issues that they can apply in their work. 


Adversary is an online platform for cybersecurity training with emphasis on understanding software vulnerabilities. Trainees put themselves in the shoes of the attacker and learn why vulnerabilities arise and thus to understand proper mitigation.

The Syndis training gave me the overview I need in my daily work to spot and avoid security problems in my own or my colleagues’ code
— Torfi Gunnarsson, Nova


  • Hands-on lab assignments

  • Training with local knowledge

  • Connecting the OWASP issues with real events

  • Focused on how things work and testing and exploiting issues

  • More engaging than a simple presentation, centered on many exercises with real-world vulnerabilities for people to exploit

  • Entertaining for developers, with exercises presented in a capture-the-flag style