The main objective of the training is to enable developers to find vulnerabilities in their code by covering the what, why and how of code auditing. We show why compliance with code standards (e.g. MISRA-C, CERT-C) is not equivalent to secure code development, and how compliant code may still have vulnerabilities. For each of the vulnerability classes presented during the training we discuss their potential impact on the system, and mitigation strategies. The training is highly practical, with many examples from well-known open source projects.