Desent

Bali · English · Certification

Cybersecurity Training for Developers

Delivered by a local security expert, backed by German engineering rigor. Built specifically for programmers and engineering teams.

English|Bahasa Indonesia

One vulnerability can sink your business.

Cyber threats are escalating across Indonesia, and regulations like Indonesia's UU PDP and Europe's GDPR apply to anyone handling user data. This training arms your developers with real-world practices to build secure applications — including how to use AI tools like ChatGPT, Claude, and Copilot without leaking company data.

Developer-Focused

Curriculum built for programmers and engineering teams — not generic IT training. Real code examples, not theory slides.

Safe AI Usage

How to use ChatGPT, Claude, and Copilot at work without leaking your company's code or sensitive data.

Certification

Ends with a pass/fail exam. Participants who pass receive an official certificate from Desent Solutions GmbH (Germany).

Bilingual Delivery

Sessions delivered in English with Indonesian context when needed — matching how Indonesian engineering teams actually work.

Who Teaches

In Bali the training is delivered by Bahirul. In Germany it is delivered by Tobias Winter.

Bahirul R.

Bahirul R.

Back-end Developer

Bali, Indonesia

Versatile back-end developer and operations leader with 13+ years in IT infrastructure, networking, and software development. Goes beyond writing code — he excels at understanding, mapping out, and architecting features end-to-end. Has deep expertise in Network Architecture and is ideal for maintaining complex projects and developing rapidly with Golang. Built a realtime public transport tracking app for Trans Gianyar and co-founded cloudxchange.id, growing it into a top-5 national IXP in Indonesia with global peering connections.

Chat on WhatsAppFull Profile →
Tobias Winter

Tobias Winter

Senior Fullstack Entwickler

München, Germany

Hallo, mein Name ist Tobias Winter und ich bin Senior Fullstack Entwickler bei Desent.io. Ich komme aus Regensburg, Deutschland.

Full Profile →

Curriculum

Ten structured modules — from fundamentals through to AI integration in security workflows.

1. Introduction: Why Security Matters for Developers

  • Developer accountability for user data and production code
  • Real breach case studies at Indonesian SaaS companies
  • Legal consequences under UU PDP (Indonesian Data Protection Law) and GDPR
  • How a single small vulnerability can destroy a company's reputation

2. OWASP Top 10 for Modern Web Applications

  • Injection, broken authentication, sensitive data exposure
  • Insecure deserialization, XXE, broken access control
  • Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF)
  • Live attack demonstrations and in-code mitigations

3. Secure Coding: Input Validation, Output Encoding, Error Handling

  • Validating input at every layer (client, server, database)
  • Output encoding to prevent XSS and injection attacks
  • Error handling that does not leak stack traces or internal data
  • Defensive programming: assume all input is hostile

4. Authentication, Authorization & Session Management

  • Proper password hashing implementation (bcrypt, Argon2)
  • JWT, OAuth 2.0, and secure session management
  • Multi-factor authentication (MFA) in your application
  • Role-based access control (RBAC) and principle of least privilege

5. Data Security: Encryption, Hashing, Secret Management

  • Encryption vs hashing vs encoding — when to use which
  • Secure secret storage (Vault, AWS Secrets Manager, .env)
  • Never commit secrets to Git — and how to clean up history when you do
  • TLS, HTTPS, and encryption at-rest vs in-transit

6. API Security & Supply Chain (Dependency Risk)

  • Rate limiting, API key rotation, API gateways
  • Risks in npm/pip/composer dependencies and how to audit them
  • Software Bill of Materials (SBOM) and dependency scanning
  • Log4shell and event-stream case studies — early detection patterns

7. Safe AI: Using ChatGPT/Claude/Copilot Securely

  • What you must NEVER paste into a public AI prompt
  • Prompt injection risks in your own LLM-powered applications
  • Self-hosted vs commercial API — data security trade-offs
  • Building a sensible AI policy for engineering teams

8. AI for Security: Code Review, Static Analysis, Threat Detection

  • Using AI for automated code review and vulnerability detection
  • AI-assisted Static Application Security Testing (SAST)
  • Anomaly detection in production logs using AI models
  • Practical workflow: PR review + CI/CD + AI security gate

9. Incident Response, Logging & Audit Trails

  • What counts as a security incident and how to classify it
  • Useful logging vs logging that leaks sensitive data
  • Incident response plan: who, when, and how to report
  • 72-hour breach notification obligation under UU PDP and GDPR

10. Certification Exam

  • 10–20 multiple-choice questions covering all course material
  • Minimum passing score: 80%
  • Official certificate issued to participants who pass

Try a Practice Test

Five sample questions mirroring the certification exam. The real exam contains 10–20 questions, and participants must score at least 80% to pass.

1. You receive a username input and place it directly into a SQL query. What is the biggest risk?

2. Your team wants to use Copilot to speed up coding. Which is the safest practice?

3. You accidentally commit a .env file containing the production database password to a public GitHub repository. What is the correct first step?

4. To store user passwords in your database, which method is correct?

5. An npm library you depend on announces a critical RCE vulnerability. What is the first step?

Pricing

Per participant. Includes training material, certificate, and the final exam.

Small Group

Rp 4.000.000

per participant · 1–10 participants

  • ✓ Complete training material
  • ✓ Official certificate upon passing
  • ✓ Bilingual delivery (English & Indonesian)
  • ✓ Final certification exam
Save 50%

Large Group

Rp 2.000.000

per participant · more than 10 participants

  • ✓ Complete training material
  • ✓ Official certificate upon passing
  • ✓ Bilingual delivery (English & Indonesian)
  • ✓ Final certification exam

Clients & References

A few of the companies we have worked with in Indonesia.

PT Cahaya Mentari

Bali, Indonesia

balifixer.com

Service platform for property repair and maintenance in Bali.

The training was highly practical — our developers were applying secure coding the very next sprint. The safe-AI material was especially relevant to how we work today.

Engineering Team, PT Cahaya Mentari

PT. Alam Megah Berkilau

Indonesia

networksolution.id

Network and IT infrastructure solutions provider for businesses across Indonesia.

Bahirul understands the real challenges Indonesian developers face. The bilingual approach made the material easy to follow without losing important technical precision.

Lead Developer, PT. Alam Megah Berkilau

Ready to level up your development team's security?

Reach out on WhatsApp for scheduling, group sizes, and tailored requirements.

Contact Bahirul (Bali)Contact German Team

Organized by Desent Solutions GmbH (Germany) in partnership with Bahirul R. in Bali.