Learn Secure Coding Fundamentals

This path describes common development mistakes, how they can be exploited and possible mitigations.

Get started

14 courses  //   93 videos  //   11 hours of training

Free training week — 700+ on-demand courses and hands-on labs

Start Learning

Secure Coding Fundamentals training

Most software vulnerabilities are caused by the same few development mistakes. This path describes these vulnerabilities and how to recognize them in code, demonstrates how they are exploited by attackers (including real-world case studies of vulnerable applications in production), and describes ways by which the vulnerabilities can be mitigated.

Learning path components

Secure Coding Fundamentals Project
Practice Exam
Secure Coding Fundamentals Project

Secure Coding Fundamentals Project

Apply the hacker mindset to application security by solving the multiple challenges included in this project. You’ll need to identify vulnerabilities in the provided applications and code samples and discover how those vulnerabilities could be exploited by an attacker. See for yourself how security errors in code can lead to compromised credentials, SQL injections, and buffer overflow and Cross-Site Scripting (XSS) attacks.

Number of questions: 5
Secure Coding Fundamentals Skill Assessment
Assessment
Secure Coding Fundamentals Skill Assessment

Secure Coding Fundamentals Skill Assessment

See how your Secure Coding Fundamentals skills stack up against other professionals in your field.

Number of questions: 20
Python Code Security Cyber Range
Cyber Range
Python Code Security Cyber Range

Python Code Security Cyber Range

Gain practical experience and develop your secure Python coding skills through 10 hands-on labs in the Python Code Security Cyber Range.

10 labs
2 hours of training
Introduction to Secure Coding Fundamentals
Course
Introduction to Secure Coding Fundamentals

Introduction to Secure Coding Fundamentals

This course introduces the need for secure coding and the tools used in this learning path.

2 videos
7 minutes of training
Buffer Overflows
Course
Buffer Overflows

Buffer Overflows

This course introduces the buffer overflow vulnerability, its exploitation and possible mitigations.

7 videos
51 minutes of training
Integer Overflows and Underflows
Course
Integer Overflows and Underflows

Integer Overflows and Underflows

This course introduces integer overflow and underflow vulnerabilities, their exploitation and possible mitigations.

7 videos
53 minutes of training
Race Conditions
Course
Race Conditions

Race Conditions

This course introduces race conditions, their exploitation and possible mitigations.

7 videos
50 minutes of training
Format String Vulnerabilities
Course
Format String Vulnerabilities

Format String Vulnerabilities

This course introduces format string vulnerabilities, their exploitation and possible mitigations.

7 videos
34 minutes of training
Command Injection
Course
Command Injection

Command Injection

This course introduces command injection vulnerabilities, their exploitation and possible mitigations.

7 videos
40 minutes of training
Least Privilege
Course
Least Privilege

Least Privilege

This course introduces the principle of least privilege and its importance in secure coding.

7 videos
33 minutes of training
Credential Management
Course
Credential Management

Credential Management

This course describes how poor credential management can make an application vulnerable to attack, how it can be exploited and how to manage credentials properly.

7 videos
61 minutes of training
Cryptography
Course
Cryptography

Cryptography

This course discusses how the poor use of cryptography can leave an application vulnerable to attack and how it can be exploited, as well as potential mitigations.

7 videos
40 minutes of training
SQL Injection
Course
SQL Injection

SQL Injection

This course introduces SQL injection vulnerabilities, their exploitation and possible mitigations.

7 videos
44 minutes of training
Cross-Site Scripting
Course
Cross-Site Scripting

Cross-Site Scripting

This course introduces cross-site scripting vulnerabilities, their exploitation and possible mitigations.

7 videos
31 minutes of training
Cross-Site Request Forgery
Course
Cross-Site Request Forgery

Cross-Site Request Forgery

This course introduces cross-site request forgery vulnerabilities, their exploitation and possible mitigations.

7 videos
23 minutes of training
Poor HTTP Usage
Course
Poor HTTP Usage

Poor HTTP Usage

This course describes how poor use of HTTP and HTML can be exploited, as well as possible mitigations.

7 videos
43 minutes of training
Error Handling
Course
Error Handling

Error Handling

This course describes how poor error handling can be exploited and possible mitigations for this problem.

7 videos
27 minutes of training
 

What you’ll learn.

  • Common vulnerabilities, such as buffer overflows and SQL injections
  • How poor credential management, crytpography use and HTTP use are exploited
  • Mitigating those vulnerabilities through secure code

Who is this for?

This skill path is designed for:

  • Software engineers
  • Application and web developers
  • Project managers
  • Anyone interested in learning about secure coding

Meet the author

Howard Poston

Howard Poston is a cybersecurity researcher with a background in blockchain, cryptography and malware analysis. He has a master's degree in Cyber Operations from the Air Force Institute of Technology and two years of experience in cybersecurity research and development at Sandia National Labs. He currently works as a freelance consultant providing training and content creation for cyber and blockchain security. He can be reached by email at [email protected] or via his website at https://www.howardposton.com.

Learn More

Python Code Security Cyber Range

This cyber range helps you develop your knowledge in finding and remediating vulnerabilities in Python code. You’ll build and reinforce your skills as you progress through labs covering a wide range of Python code security topics, including using Bandit, PyT and other tools to find common security issues in Python code, perform taint and control flow analysis, and recognize vulnerabilities that can lead to common application attacks, such as cross-site scripting or XPath injection. You will also practice identifying supply chain vulnerabilities, unsafe deserialization and other risks.

Explore Cyber Range
 

You're in good company

Infosec Skills is a very good place for building technical acumen and engineering development knowledge. It enables us to provide training to the entire team on relevant topics.

Comcast Business

Romy Ricafort, West Division Senior Director of Sales Engineering

Comparing Infosec to other vendors is like comparing apples to oranges. My instructor was hands-down the best I've had.

FireEye, Inc.

James Coyle , Senior U.S. Public Sector Channel Sales Engineer

I knew Infosec could tell me what to expect on the exam and what topics to focus on most.

Tennenbaum Capital Partners

Julian Tang, Chief Information Officer
See More Case Studies

Train on your schedule

Personal
Teams

Infosec Skills subscription

Monthly
Annually

$34 / month

Buy Now 7-Day Free Trial

$299 / year

Buy Now 7-Day Free Trial
  • 80+ role-based learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support
  • Create custom learning paths from 100s of courses

Infosec Skills live boot camp

Request a quote for pricing

 

Request Quote Browse Boot Camps
  • Exam Pass Guarantee
    If you don’t pass your exam on the first attempt, you'll get a second attempt for free. Includes the ability to re-sit the course for free for up to one year.
  • 100% Satisfaction Guarantee
    If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.
  • Live, instructor-led training (in-person or live online)
  • 90 day extended access to recordings of daily lessons
  • Certification exam voucher
  • Learn by doing with hundreds of additional hands-on courses and labs

Infosec Skills subscription

Annual

$599 per learner / year

Request Quote Free Team Trial
  • Team administration and reporting
  • Transferable licenses
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • API access
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 80+ role-based learning paths (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Skill assessments
  • Create and assign custom learning paths
  • Dedicated client success manager

Infosec Skills live boot camp

Request a quote for pricing

 

Request Quote Browse Boot Camps
  • Team boot camp administration and reporting
  • Exam Pass Guarantee
    If you don’t pass your exam on the first attempt, you'll get a second attempt for free. Includes the ability to re-sit the course for free for up to one year.
  • 100% Satisfaction Guarantee
    If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.
  • Knowledge Transfer Guarantee
    If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.
  • Certification exam vouchers
  • Live, instructor-led training (onsite, in-person or live online)
  • 90 days extended access to recordings of daily lessons
  • Build your team's skills with hundreds of additional hands-on courses and labs

Award-winning training that you can trust

Ranked #52 in Top 100 Global Software Sellers

Ranked #52 in Top 100 Global Software Sellers

Infosec

Best IT Security-related Training Program

Best IT Security-related Training Program

Infosec Skills

Best Cybersecurity Education Provider & Best Security Education Platform

Best Cybersecurity Education Provider & Best Security Education Platform

Infosec Skills

Most Innovative Product - Cybersecurity Training for Infosec Professionals

Most Innovative Product - Cybersecurity Training for Infosec Professionals

Infosec Skills

Global Excellence - Cyber Security Education & Training

Global Excellence - Cyber Security Education & Training

Infosec Skills

Exceptional learning experiences powered by LX Labs cyber expertise

Infosec Skills courses and labs are powered by LX Labs — our elite team of cyber SMEs, learning specialists and community of top-ranked security instructors, published authors and sought-after industry leaders. We rigorously vet all Infosec Skills training resources to guarantee they meet certification and compliance requirements and align with recognized guidelines like the NICE Workforce Framework for Cybersecurity.

Meet LX Labs
LX Labs

Infosec Named a Leader in Security Awareness & Training

Read the Forrester Wave to learn what sets Infosec apart and the latest training program trends.

Get the report