Learn Secure Coding Fundamentals

This path describes common development mistakes, how they can be exploited and possible mitigations.

14 courses // 93 videos // 11 hours of training

Free training week — 1,400+ on-demand courses and hands-on labs

Secure Coding Fundamentals training

Most software vulnerabilities are caused by the same few development mistakes. This path describes these vulnerabilities and how to recognize them in code, demonstrates how they are exploited by attackers (including real-world case studies of vulnerable applications in production), and describes ways by which the vulnerabilities can be mitigated.

Learning path components

Secure Coding Fundamentals Project

Apply the hacker mindset to application security by solving the multiple challenges included in this project. You’ll need to identify vulnerabilities in the provided applications and code samples and discover how those vulnerabilities could be exploited by an attacker. See for yourself how security errors in code can lead to compromised credentials, SQL injections, and buffer overflow and Cross-Site Scripting (XSS) attacks.

Number of questions: 5

Secure Coding Fundamentals Skill Assessment

See how your Secure Coding Fundamentals skills stack up against other professionals in your field.

Number of questions: 20

Python Code Security Cyber Range

Gain practical experience and develop your secure Python coding skills through 10 hands-on labs in the Python Code Security Cyber Range.

10 labs
2 hours of training

Introduction to Secure Coding Fundamentals

This course introduces the need for secure coding and the tools used in this learning path.

2 videos
7 minutes of training

Buffer Overflows

This course introduces the buffer overflow vulnerability, its exploitation and possible mitigations.

7 videos
51 minutes of training

Integer Overflows and Underflows

This course introduces integer overflow and underflow vulnerabilities, their exploitation and possible mitigations.

7 videos
53 minutes of training

Race Conditions

This course introduces race conditions, their exploitation and possible mitigations.

7 videos
50 minutes of training

Format String Vulnerabilities

This course introduces format string vulnerabilities, their exploitation and possible mitigations.

7 videos
34 minutes of training

Command Injection

This course introduces command injection vulnerabilities, their exploitation and possible mitigations.

7 videos
40 minutes of training

Least Privilege

This course introduces the principle of least privilege and its importance in secure coding.

7 videos
33 minutes of training

Credential Management

This course describes how poor credential management can make an application vulnerable to attack, how it can be exploited and how to manage credentials properly.

7 videos
61 minutes of training

Cryptography

This course discusses how the poor use of cryptography can leave an application vulnerable to attack and how it can be exploited, as well as potential mitigations.

7 videos
40 minutes of training

SQL Injection

This course introduces SQL injection vulnerabilities, their exploitation and possible mitigations.

7 videos
44 minutes of training

Cross-Site Scripting

This course introduces cross-site scripting vulnerabilities, their exploitation and possible mitigations.

7 videos
31 minutes of training

Cross-Site Request Forgery

This course introduces cross-site request forgery vulnerabilities, their exploitation and possible mitigations.

7 videos
23 minutes of training

Poor HTTP Usage

This course describes how poor use of HTTP and HTML can be exploited, as well as possible mitigations.

7 videos
43 minutes of training

Error Handling

This course describes how poor error handling can be exploited and possible mitigations for this problem.

7 videos
27 minutes of training

What you’ll learn.

Common vulnerabilities, such as buffer overflows and SQL injections
How poor credential management, crytpography use and HTTP use are exploited
Mitigating those vulnerabilities through secure code

Who is this for?

This skill path is designed for:

Software engineers
Application and web developers
Project managers
Anyone interested in learning about secure coding

Meet the author

Howard Poston

Howard Poston is a cybersecurity researcher with a background in blockchain, cryptography and malware analysis. He has a master's degree in Cyber Operations from the Air Force Institute of Technology and two years of experience in cybersecurity research and development at Sandia National Labs. He currently works as a freelance consultant providing training and content creation for cyber and blockchain security. He can be reached by email at [email protected] or via his website at https://www.howardposton.com.

Learn More

Python Code Security Cyber Range

This cyber range helps you develop your knowledge in finding and remediating vulnerabilities in Python code. You’ll build and reinforce your skills as you progress through labs covering a wide range of Python code security topics, including using Bandit, PyT and other tools to find common security issues in Python code, perform taint and control flow analysis, and recognize vulnerabilities that can lead to common application attacks, such as cross-site scripting or XPath injection. You will also practice identifying supply chain vulnerabilities, unsafe deserialization and other risks.

Explore Cyber Range

You're in good company

Infosec Skills is a very good place for building technical acumen and engineering development knowledge. It enables us to provide training to the entire team on relevant topics.

Comcast Business

Romy Ricafort, West Division Senior Director of Sales Engineering

Comparing Infosec to other vendors is like comparing apples to oranges. My instructor was hands-down the best I've had.

FireEye, Inc.

James Coyle , Senior U.S. Public Sector Channel Sales Engineer

I knew Infosec could tell me what to expect on the exam and what topics to focus on most.

Tennenbaum Capital Partners

Julian Tang, Chief Information Officer

See More Case Studies

Plans & pricing

Infosec Skills Personal

$299 / year

Buy Now 7-Day Free Trial

190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
100s of hands-on labs in cloud-hosted cyber ranges
Custom certification practice exams (e.g., CISSP, Security+)
Skill assessments
Infosec peer community support

Infosec Skills Teams

$799 per license / year

Book a Meeting Free Team Trial

Team administration and reporting
Dedicated client success manager
Single sign-on (SSO)

Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
Integrations via API

Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
190+ role-guided learning paths and assessments (e.g., Incident Response)
100s of hands-on labs in cloud-hosted cyber ranges
Create and assign custom learning paths
Custom certification practice exams (e.g., CISSP, CISA)
Optional upgrade: Guarantee team certification with live boot camps