Overview • Learning Objectives • Course Modules • Labs • Getting Started

Learn to use AI-powered development tools like Windsurf, Claude Code, and Gemini CLI while protecting sensitive data, credentials, and proprietary information. This course teaches you secure prompting techniques, privacy-conscious workflows, and how to identify and fix security vulnerabilities without exposing your production systems.

By the end of this course, you will be able to:

• Understand privacy risks when using AI development tools
• Configure AI tools with security-first settings
• Use secure prompting techniques to protect sensitive data
• Identify and fix security vulnerabilities (SQL injection, file uploads, etc.)
• Implement automated security scanning with local tools
• Set up GitHub Advanced Security and Dependabot
• Make informed decisions about AI tool usage in production environments

1.1 Understanding Privacy Risks

• What happens to your data when you use AI services
• Types of sensitive data (credentials, PII, proprietary code)
• Real-world incidents (GitHub Copilot prompt injection)
• Compliance implications (GDPR, CCPA)

1.2 Claude Code Setup and Security

• Installing Claude Code CLI
• Configuring .claude/settings.json for file access control
• Testing security boundaries
• Version controlling security policies

1.3 Windsurf IDE for Secure Development

• Installing and configuring Windsurf
• Using Cascade AI for security scanning
• AI-assisted code refactoring
• Multi-model security analysis

1.4 Secure Prompting Principles

• Pattern-based vs. specific code queries
• Code sanitization techniques
• Progressive disclosure strategies
• Defense-in-depth approaches

2.1 SQL Injection Prevention

• Understanding SQL injection attacks
• Using AI to analyze vulnerability patterns
• Implementing parameterized queries
• Input validation and security testing

2.2 Secure File Handling

• File upload vulnerabilities
• Path traversal prevention
• MIME type validation
• Secure file storage patterns

2.3 HTTP Security Headers and Container Scanning

• Essential security headers (CSP, HSTS, etc.)
• CORS configuration
• Local container scanning with Grype
• Privacy-conscious security testing

2.4 GitHub Advanced Security

• Dependabot for dependency updates
• CodeQL code scanning
• Secret scanning and push protection
• Automated security workflows

Complete hands-on labs for each module:

• Lab 1.1: Privacy-Conscious Development Foundations
• Lab 1.2: Setting Up Claude Code
• Lab 1.3: Setting Up Windsurf IDE
• Lab 1.4: Secure Prompting and AI Tool Safety
• Lab 2.1: SQL Injection Prevention
• Lab 2.2: Secure File Handling
• Lab 2.3: HTTP Security Headers and Container Scanning
• Lab 2.4: GitHub Advanced Security

See the complete labs guide for detailed instructions.

• Don't paste API keys, passwords, or tokens into AI tools
• Use environment variables in examples
• Sanitize code before requesting AI assistance

❌ Bad: "Review my auth code: [paste production code with DB credentials]"

✅ Good: "What security issues exist in this authentication pattern:

SELECT * FROM users WHERE username='USER_INPUT' AND password='USER_INPUT'
```"

### 3. Configure Tool Permissions
```json
{
  "permissions": {
    "deny": [".env", "secrets/**", "**/*.key"],
    "allow": ["src/**", "tests/**", "docs/**"]
  }
}

• Tool configuration (deny lists, permissions)
• Prompting discipline (sanitize, use patterns)
• Code review (human verification)
• Automated scanning (Grype, CodeQL, Dependabot)
• Monitoring (track what's shared)

• Windsurf - AI-powered IDE with Cascade AI
• Claude Code - CLI with strong privacy features
• Gemini CLI - Google's CLI tool

• Grype - Local container vulnerability scanning
• Git - Version control
• Docker - For container scanning labs
• Node.js 18+ or Python 3.8+ - For code examples

• GitHub account (for GHAS labs)
• VS Code or preferred IDE
• Browser DevTools

git clone https://github.com/paiml/windsurf.git
cd windsurf

Option A: Windsurf (Recommended)

# Download from https://windsurf.com
# Install for your platform
# Open and sign in

Option B: Claude Code

npm install -g claude-code
claude --version

Option C: Gemini CLI

npm install -g @google/generative-ai-cli
# Configure API key

cd labs
cat module1/lab01/README.md

By completing this course, you will:

• ✅ Configure AI tools with security-first settings
• ✅ Master secure prompting techniques
• ✅ Identify and fix SQL injection vulnerabilities
• ✅ Implement secure file upload handling
• ✅ Configure HTTP security headers
• ✅ Scan containers locally with Grype
• ✅ Set up automated security workflows with GitHub
• ✅ Make informed decisions about AI tool usage

After finishing all labs, you will be able to:

1. Use AI tools securely without exposing sensitive data
2. Apply secure prompting patterns effectively
3. Identify common vulnerabilities (SQL injection, file upload, XSS, etc.)
4. Implement automated security scanning
5. Train others on privacy-conscious development practices

• OWASP Top 10
• OWASP Cheat Sheets
• CWE Top 25
• NIST Secure Software Development Framework

• Windsurf Documentation
• Claude Code Documentation
• Gemini CLI Documentation

• Grype Documentation
• GitHub Advanced Security
• Dependabot
• CodeQL

Found an issue or have an improvement?

1. Report Issues: GitHub Issues
2. Suggest Improvements: Pull requests welcome
3. Share Feedback: What worked? What didn't?

MIT License - See LICENSE for details

• Course Author: Liam Parker (paiml.com)
• Organization: Pragmatic AI Labs (PAIML)
• Platform: LinkedIn Learning
• Tools: Windsurf, Claude (Anthropic), Gemini (Google)
• Quality Standards: pmat

Ready to start? Jump into Module 1, Lab 1 and learn about privacy-conscious development! 🔒