| No. | Date | Lecture Topic | VOTD | Lecturer |
| 1 | 06.04.22 | Intro | CSRF | Bodden |
| 2 | 13.04.22 | Requirements, Misuse & Abuse Cases | SQL Injection | Bodden |
| 3 | 20.04.22 | System Design / Threat Modeling | XSS | Venkatesh |
| 4 | 27.04.22 | Risk Management & Test Planning | Log overflow, Path traversal | Schott |
| 5 | 04.05.22 | Defensive Coding / Pitfalls | Confused deputy | Bodden |
| 6 | 11.05.22 | Correct usage of security mechanisms / Applied Crypto | Hardcoded credentials, Hashing without salt | Bodden |
| 7 | 18.05.22 | Applied Crypto (continued) | Embedded DTDs, Poor PRNGs | Schott |
| 8 | 25.05.22 | Code Inspection | OS command injection, Uncontrolled format string | Bodden |
| 9 | 01.06.22 | Vulnerability Assessment | Cache poisoning | Bodden |
| ---- | ----- | End of 4CP-Course | ----- | ----- |
| 10 | 08.06.22 | Deployment | Race condition / time of check, time of use | Bodden |
| 11 | 15.06.22 | Insider Threats | TBA | Bodden |
| 12 | 22.06.22 | Usability | TBA | Bodden |
| 13 | 29.06.22 | TBA | | |
| 14 | 06.07.22 | Professional trainings in Secure Software Engineering | - | Dziwok |
| 15 | 13.07.22 | Recap | | Bodden |
