Learn Secure Coding Fundamentals

This path describes common development mistakes, how they can be exploited and possible mitigations.

14 courses // 93 videos // 11 hours of training

Free training week — 700+ on-demand courses and hands-on labs

Secure Coding Fundamentals training

Most software vulnerabilities are caused by the same few development mistakes. This path describes these vulnerabilities and how to recognize them in code, demonstrates how they are exploited by attackers (including real-world case studies of vulnerable applications in production), and describes ways by which the vulnerabilities can be mitigated.

Learning path components

Secure Coding Fundamentals Project

Apply the hacker mindset to application security by solving the multiple challenges included in this project. You’ll need to identify vulnerabilities in the provided applications and code samples and discover how those vulnerabilities could be exploited by an attacker. See for yourself how security errors in code can lead to compromised credentials, SQL injections, and buffer overflow and Cross-Site Scripting (XSS) attacks.

Number of questions: 5

Secure Coding Fundamentals Skill Assessment

See how your Secure Coding Fundamentals skills stack up against other professionals in your field.

Number of questions: 20

Python Code Security Cyber Range

Gain practical experience and develop your secure Python coding skills through 10 hands-on labs in the Python Code Security Cyber Range.

10 labs
2 hours of training

Introduction to Secure Coding Fundamentals

This course introduces the need for secure coding and the tools used in this learning path.

2 videos
7 minutes of training

Buffer Overflows

This course introduces the buffer overflow vulnerability, its exploitation and possible mitigations.

7 videos
51 minutes of training

Integer Overflows and Underflows

This course introduces integer overflow and underflow vulnerabilities, their exploitation and possible mitigations.

7 videos
53 minutes of training

Race Conditions

This course introduces race conditions, their exploitation and possible mitigations.

7 videos
50 minutes of training

Format String Vulnerabilities

This course introduces format string vulnerabilities, their exploitation and possible mitigations.

7 videos
34 minutes of training

Command Injection

This course introduces command injection vulnerabilities, their exploitation and possible mitigations.

7 videos
40 minutes of training

Least Privilege

This course introduces the principle of least privilege and its importance in secure coding.

7 videos
33 minutes of training

Credential Management

This course describes how poor credential management can make an application vulnerable to attack, how it can be exploited and how to manage credentials properly.

7 videos
61 minutes of training

Cryptography

This course discusses how the poor use of cryptography can leave an application vulnerable to attack and how it can be exploited, as well as potential mitigations.

7 videos
40 minutes of training

SQL Injection

This course introduces SQL injection vulnerabilities, their exploitation and possible mitigations.

7 videos
44 minutes of training

Cross-Site Scripting

This course introduces cross-site scripting vulnerabilities, their exploitation and possible mitigations.

7 videos
31 minutes of training

Cross-Site Request Forgery

This course introduces cross-site request forgery vulnerabilities, their exploitation and possible mitigations.

7 videos
23 minutes of training

Poor HTTP Usage

This course describes how poor use of HTTP and HTML can be exploited, as well as possible mitigations.

7 videos
43 minutes of training

Error Handling

This course describes how poor error handling can be exploited and possible mitigations for this problem.

7 videos
27 minutes of training

What you’ll learn.

Common vulnerabilities, such as buffer overflows and SQL injections
How poor credential management, crytpography use and HTTP use are exploited
Mitigating those vulnerabilities through secure code

Who is this for?

This skill path is designed for:

Software engineers
Application and web developers
Project managers
Anyone interested in learning about secure coding

Meet the author

Howard Poston

Howard Poston is a cybersecurity researcher with a background in blockchain, cryptography and malware analysis. He has a master's degree in Cyber Operations from the Air Force Institute of Technology and two years of experience in cybersecurity research and development at Sandia National Labs. He currently works as a freelance consultant providing training and content creation for cyber and blockchain security. He can be reached by email at [email protected] or via his website at https://www.howardposton.com.

Learn More

Python Code Security Cyber Range

This cyber range helps you develop your knowledge in finding and remediating vulnerabilities in Python code. You’ll build and reinforce your skills as you progress through labs covering a wide range of Python code security topics, including using Bandit, PyT and other tools to find common security issues in Python code, perform taint and control flow analysis, and recognize vulnerabilities that can lead to common application attacks, such as cross-site scripting or XPath injection. You will also practice identifying supply chain vulnerabilities, unsafe deserialization and other risks.

Explore Cyber Range

You're in good company

Infosec Skills is a very good place for building technical acumen and engineering development knowledge. It enables us to provide training to the entire team on relevant topics.

Comcast Business

Romy Ricafort, West Division Senior Director of Sales Engineering

Comparing Infosec to other vendors is like comparing apples to oranges. My instructor was hands-down the best I've had.

FireEye, Inc.

James Coyle , Senior U.S. Public Sector Channel Sales Engineer

I knew Infosec could tell me what to expect on the exam and what topics to focus on most.

Tennenbaum Capital Partners

Julian Tang, Chief Information Officer

See more case studies

Train on your schedule

Personal

Personal pricing or Teams pricing

Teams

Infosec Skills subscription

Monthly

Monthly pricing or Annually pricing

Annually

$34 / month

Buy Now 7-Day Free Trial

$299 / year

Buy Now 7-Day Free Trial

80+ role-based learning paths (Ethical Hacking, Threat Hunting, etc.)
100s of hands-on labs in cloud-hosted cyber ranges
Custom certification practice exams (CISSP, Security+, etc.)
Skill assessments
Infosec peer community support
Create custom learning paths from 100s of courses

Infosec Skills live boot camp

Request a quote for pricing

Request Quote Browse Boot Camps

Exam Pass Guarantee

If you don’t pass your exam on the first attempt, you'll get a second attempt for free. Includes the ability to re-sit the course for free for up to one year.
100% Satisfaction Guarantee

If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.
Live, instructor-led training (available in-person or online)
90 day extended access to recordings of daily lessons
Certification exam voucher
Learn by doing with hundreds of additional hands-on courses and labs

Infosec Skills subscription

Annual

$599 per learner / year

Request Quote Free Team Trial

Team administration and reporting
Transferable licenses
80+ role-based learning paths (Ethical Hacking, Threat Hunting, etc.)
100s of hands-on labs in cloud-hosted cyber ranges
Custom certification practice exams (CISSP, Security+, etc.)
Skill assessments
Create and assign custom learning paths
Dedicated client success manager

Infosec Skills live boot camp

Request a quote for pricing

Request Quote Browse Boot Camps

Team boot camp administration and reporting
Exam Pass Guarantee

If you don’t pass your exam on the first attempt, you'll get a second attempt for free. Includes the ability to re-sit the course for free for up to one year.
100% Satisfaction Guarantee

If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.
Knowledge Transfer Guarantee

If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.
Certification exam vouchers
Live, instructor-led training (available onsite, in-person or online)
90 days extended access to recordings of daily lessons
Build your team's skills with hundreds of additional hands-on courses and labs

Award-winning training that you can trust

Best Software - Highest Satisfaction

Infosec Skills

Best IT Security-related Training Program

Infosec Skills

Best Cybersecurity Education Provider & Best Security Education Platform

Infosec Skills

Most Innovative Product - Cybersecurity Training for Infosec Professionals

Infosec Skills

Global Excellence - Cyber Security Education & Training

Infosec Skills

Exceptional learning experiences powered by LX Labs cyber expertise

Infosec Skills courses and labs are powered by LX Labs — our elite team of cyber SMEs, learning specialists and community of top-ranked security instructors, published authors and sought-after industry leaders. We rigorously vet all Infosec Skills training resources to guarantee they meet certification and compliance requirements and align with recognized guidelines like the NICE Cybersecurity Workforce Framework.

Meet LX Labs

Infosec Named a Leader in Security Awareness & Training

Read the Forrester Wave to learn what sets Infosec apart and the latest training program trends.