Back to list of all Outcomes


Good trainers will be aware of and avoid, the antipatterns listed below.


Try to teach the use of non-trivial tools like OWASP ZAP or BurpSuite along the way during beginner-level web security training.

Time waster

Lecture for too long and try to compensate by a) skipping or b) cutting the far more interesting exercises and demos.

Toy overkill

Overwhelm students with too many pentesting and hacking tools during developer training. Worst case: Let them use Kali Linux right from the start.

Elongated code reviews

Going through an extensive code snippet line by line by line by … Zzzzzz…

Wrong tech stack

Focus too much on vulnerabilities that are not relevant to the techology stack used by the developers you are training.

Mandatory training

Force every developer into generic security training even though it might not affect them in their daily work.

Back to list of all Outcomes

Edit this page here