Skill Up Card - Course Bundles

Save up to €4,145 per delegate.

skill up card image - Nexus Human

Cyber Secure Coder (CSC)

4.6 out of 5 rating

Jump to dates


3 Days

18 CPD hours

About this course

This course is designed for software developers, testers, and architects who design and develop software in various programming languages and platforms, including desktop, web, cloud, and mobile, and who want to improve their ability to deliver software that is of high quality, particularly regarding security and privacy. This course is also designed for students who are seeking the CertNexus Cyber Secure Coder (CSC) Exam CSC-210 certification.


Employ best practices in software development to develop secure software. Identify the need for security in your software projects. Eliminate vulnerabilities within software. Use a Security by Design approach to design a secure architecture for your software. Implement common protections to protect users and data. Apply various testing methods to find and correct security defects in your software. Maintain deployed software to ensure ongoing security.


The stakes for software security are very high, and yet many development teams deal with software security only after the code has been developed and the software is being prepared for delivery. As with any aspect of software quality, to ensure successful implementation, security and privacy issues should be managed throughout the entire software development lifecycle. This course presents an approach for dealing with security and privacy throughout the entire software development lifecycle. You will learn about vulnerabilities that undermine security, and how to identify and remediate them in your own projects. You will learn general strategies for dealing with security defects and misconfiguration, how to design software to deal with the human element in security, and how to incorporate security into all phases of development.


This course presents secure programming concepts that apply to many different types of software development projects. Although this course uses Python©, HTML, and JavaScript© to demonstrate various programming concepts, you do not need to have experience in these languages to benefit from this course. However, you should have some programming experience, whether it be developing desktop, mobile, web, or cloud applications.

1 - Identify Security Requirements and Expectations
  • Security Throughout the Development Process
  • Business Requirements
  • Standards and Compliance Requirements
  • User Impact
  • User Expectations
  • Platform Requirements
  • Consequences of Not Meeting Security Requirements
  • Guidelines for Identifying Security Requirements and Expectations
  • Identifying Security Requirements and Expectations
  • Topic B: Identify Factors That Undermine Software Security
  • Three Ps of Software Security
  • Software Security Terminology
  • Identifying Factors That Undermine Security
  • Topic C: Find Vulnerabilities in Your Software
  • Builders and Breakers
  • Hacking
  • Phases of an Attack
  • Common Attack Patterns
  • Case Study: Protecting Against a Password Attack
  • Guidelines for Identifying Software Security Vulnerabilities
  • Identifying Vulnerabilities in an Application
  • Cracking a Password Hash
  • Fixing a Password Hash Vulnerability
  • Topic D: Gather Intelligence on Vulnerabilities and Exploits
  • Vulnerability Intelligence
  • Exploits
  • Guidelines for Researching Vulnerabilities and Exploits
  • Identifying Sources for Vulnerability Intelligence
2 - Handling Vulnerabilities
  • Topic A: Handle Vulnerabilities Due to Software Defects and Misconfiguration
  • Software Defects
  • Causes of Software Defects
  • Guidelines for Preventing Security Defects
  • Preventing Security Defects
  • Problems in ThirdParty Code
  • Problems in Standard Libraries
  • Dependencies
  • Encryption Validation
  • Security of Host Systems and Service Providers
  • Guidelines for Using ThirdParty Code and Services
  • Host Platform Configuration
  • Hypervisor Vulnerabilities
  • Guidelines for Managing Vulnerabilities in External Hosts and Services
  • Identifying Vulnerabilities in a Software Project
  • Examining the Project Files
  • Error Messaging
  • Error Handling
  • FailSafe
  • Failure Recovery
  • Guidelines for Secure Error Handling
  • Identifying Software Defects and Misconfiguration
  • Topic B: Handle Vulnerabilities Due to Human Factors
  • The Human Element in Software Security
  • Vulnerabilities Attributed to the Human Element
  • Social Engineering Attacks
  • User Input
  • Input Validation
  • Security Policy Enforcement
  • Guidelines for Managing People Risks
  • Managing People Risks
  • Topic C: Handle Vulnerabilities Due to Process Shortcomings
  • Development Process Approaches
  • Building Security In
  • The CIA Triad
  • Requirements Phase
  • Design Phase
  • Development Phase
  • Testing Phase
  • Security Testing Tools
  • Deployment Phase
  • Maintenance Phase
  • Development Process Security
  • Guidelines for Software Development Processes
  • Managing Software Development Process Risks
3 - Designing for Security
  • Topic A: Apply General Principles for Secure Design
  • Security in the Design Phase
  • Security by Obscurity vs. Security by Design
  • OWASP Security Design Principles
  • Minimize Attack Surface Area
  • Establish Secure Defaults
  • Least Privilege
  • Least Common Mechanism
  • Defense in Depth
  • Fail Securely
  • Don't Trust Services
  • Separation of Duties
  • Security by Obscurity
  • Keep Security Simple
  • Fix Security Issues Correctly
  • Software Design Patterns
  • Security Patterns
  • Modular Design
  • Benefits of Modular Design
  • The Balance Between Defense in Depth and Simplicity
  • Guidelines for Avoiding Common Design Mistakes
  • Avoiding Common Security Design Flaws
  • Topic B: Design Software to Counter Specific Threats
  • The Risk Equation
  • Threat Modeling
  • Benefits of Threat Modeling
  • Step 1: Define General Security Objectives and Scope
  • Tooling and Documentation
  • Assets
  • Step 2: Decompose the Software
  • Trust Levels
  • Entry and Exit Points
  • External Dependencies
  • Data Flow Diagrams
  • Diagramming Symbols
  • Diagramming the Catalog Application
  • Step 3: Identify and Rank Threats
  • Misuse Cases
  • Security Zones
  • Strategies for Ranking Threats
  • Risk Response Strategies
  • Severity
  • Risks Outside Your Control
  • Guidelines for Identifying and Ranking Threats
  • Step 4: Counter Each Threat
  • Countermeasures
  • Identifying Threats and Countermeasures
4 - Developing Secure Code
  • Topic A: Follow Best Practices for Secure Coding
  • Development Documentation and Deliverables
  • Application and Data Integrity
  • Common General Programming Errors
  • Insecure Deserialization
  • Guidelines for Secure Coding
  • Researching Your Secure Coding Checklist
  • Buffer Overrun Defects
  • Buffer Overflows
  • Guidelines to Prevent Buffer Overflow Defects
  • Buffer Overreads
  • Guidelines to Prevent Buffer Overread Defects
  • Integer Overflows
  • Guidelines to Prevent Integer Overflow Defects
  • Uncontrolled Format Strings
  • Insecure Output Encoding
  • XXE Attacks
  • Guidelines to Prevent Uncontrolled Format String Defects
  • Race Condition
  • Impact of Race Conditions on Threading/Multiprocessing
  • Guidelines to Prevent Race Condition Defects
  • Performing a MemoryBased Attack
  • Topic B: Prevent Platform Vulnerabilities
  • OWASP Top Ten Platform Vulnerabilities
  • Authentication
  • Authorization
  • Broken Authentication
  • Guidelines to Prevent Web Vulnerability Defects
  • Guidelines to Prevent Mobile App Vulnerability Defects
  • Guidelines to Prevent Internet of Things Vulnerability Defects
  • Desktop Application Vulnerabilities
  • DLL Injection
  • Shellcode Injection
  • Debugger Security
  • Differences Among Desktop Platforms
  • Managed vs. Unmanaged
  • Desktop Application Attack Vectors
  • Development Tool and Project Configuration
  • Guidelines to Prevent Desktop Application Vulnerabilities
  • Finding Common Web Vulnerabilities
  • Topic C: Prevent Privacy Vulnerabilities
  • Privacy Vulnerability Defects
  • Privacy by Design
  • Data Anonymization
  • Guidelines to Prevent Privacy Vulnerability Defects
  • Handling Privacy Defects
5 - Implementing Common Protections
  • Topic A: Limit Access Using Login and User Roles
  • Web Sessions
  • Secure Session Management
  • Methods for Passing Session IDs
  • Access Control
  • Guidelines for Secure Session Management
  • User Provisioning
  • Password Recovery
  • Account Lockouts
  • Guidelines for Secure Password Management
  • Handling Authentication and Authorization Defects
  • Topic B: Protect Data in Transit and At Rest
  • Encryption
  • Uses for Encryption
  • Cryptographic Lifecycle
  • Symmetric Encryption
  • Asymmetric Encryption
  • Hashing
  • Digital Signatures
  • Digital Signature Nonrepudiation
  • Digital Certificates
  • PKI
  • PKI Components
  • The PKI Process
  • Key Management
  • Key Management Factors
  • Certificate Revocation
  • Guidelines for Protecting Data in Transit and at Rest
  • Protecting Data in Transit and at Rest
  • Topic C: Implement Error Handling and Logging
  • Error Handling
  • Uses for Error Handling
  • Error Messaging
  • Logging
  • Guidelines for Implementing Error Handling and Logging
  • Reviewing Error Handling
  • Improving Error Handling
  • Topic D: Protect Sensitive Data and Functions
  • Sensitive Data
  • Output Restrictions
  • Function Level Access Control
  • Case Study: CrossSite Scripting Defect
  • Guidelines for Protecting Sensitive Data and Functions
  • Protecting Sensitive Data and Functions
  • Staging a Persisted XSS Attack on an Administrator Function
  • Topic E: Protect Database Access
  • Case Study: SQL Injection Defect
  • Query Parameterization
  • Database Connection Credential Protection
  • Guidelines for Protecting Database Access
  • Protecting Database Access
6 - Testing Software Security
  • Topic A: Perform Security Testing
  • The Role of Testing
  • Phases of Software Testing
  • Development Testing
  • Unit Testing
  • Integration Testing
  • Documentation and Deliverables for Testing
  • Manual Inspection and Code Review
  • Code Review Strategies
  • Guidelines for Security Testing
  • Performing Manual Inspection and Review
  • Topic B: Analyze Code to find Security Problems
  • Static Code Analysis
  • Strategies for Using Static Analysis
  • Dynamic Code Analysis
  • Guidelines for Code Analysis
  • Performing Code Analysis
  • Topic C: Use Automated Testing Tools to Find Security Problems
Additional course details:

Nexus Humans Cyber Secure Coder (CSC) training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward.

This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts.

Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success.

While we feel this is the best course for the Cyber Secure Coder (CSC) course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you.

Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Training Insurance Included!

When you organise training, we understand that there is a risk that some people may fall ill, become unavailable. To mitigate the risk we include training insurance for each delegate enrolled on our public schedule, they are welcome to sit on the same Public class within 6 months at no charge, if the case arises.

What people say about us

Global Schedule

GTR = Guarenteed to Run

04 Jun 24 Enquire Book
14:00 - 22:00Live Online GTR2,085
25 Nov 24 Enquire Book
14:00 - 22:00Live Online GTR2,085

Find out more about this course

Interested in alternative dates? Would like to book a private session of this course for your company? Or for any other queries please simply fill out the form below.