Certified Secure Developer (CSD) - Software Developers & Application Security Engineers

Duration: 5 Days

Modes: In-Person, Live Online, On-Site

Security starts in the code. This 100% hands-on programme teaches developers to write secure applications by first understanding how attackers exploit them. From OWASP Top 10 to secure architecture design, you learn to build defences into every line of code, not bolt them on afterwards.

Speak to a Training Advisor

Course Objectives

Understand common application security vulnerabilities and how attackers exploit them

Learn secure coding practices across web applications, APIs, and mobile platforms

Master the OWASP Top 10 vulnerabilities through hands-on exploitation and remediation

Understand secure software development lifecycle (SSDLC) integration

Learn input validation, output encoding, authentication, and session management best practices

Understand secure API design and common API security pitfalls

Learn to use static and dynamic application security testing (SAST/DAST) tools

Understand secure DevOps practices and security automation in CI/CD pipelines

Expected Outcomes

Write secure code that resists common attack vectors across web and mobile platforms

Identify and remediate OWASP Top 10 vulnerabilities in existing applications

Implement robust authentication, authorisation, and session management controls

Design and build secure APIs that prevent injection, broken access control, and data exposure

Integrate security testing into CI/CD pipelines using SAST and DAST tools

Perform secure code reviews and identify security flaws in third-party libraries

Apply threat modelling techniques during application design

Advise development teams on secure architecture and coding standards

Training Modules

1. Application Security Fundamentals

1. The cost of insecure code: real-world breach case studies
2. Attack lifecycle targeting applications
3. OWASP Top 10 overview and current threat landscape
4. Secure Software Development Lifecycle (SSDLC) integration
5. Threat modelling for application design

2. Injection Attacks and Prevention

1. SQL Injection: exploitation and defence
2. NoSQL Injection techniques
3. Command Injection and OS-level exploitation
4. LDAP Injection
5. Parameterised queries, prepared statements, and input validation
6. Hands-on exploitation and remediation labs

3. Authentication, Session Management, and Access Control

1. Broken authentication vulnerabilities and exploitation
2. Secure password storage (hashing, salting, key stretching)
3. Session management best practices
4. Broken access control: IDOR, privilege escalation, forced browsing
5. OAuth 2.0 and JWT security considerations
6. Hands-on labs

4. Cross-Site Attacks and Client-Side Security

1. Cross-Site Scripting (XSS): Stored, Reflected, DOM-based
2. Cross-Site Request Forgery (CSRF)
3. Content Security Policy (CSP) and security headers
4. Output encoding and input sanitisation techniques
5. Hands-on exploitation and defence labs

5. Secure API Development

1. API security fundamentals and common vulnerabilities
2. OWASP API Security Top 10
3. Authentication and authorisation in APIs
4. Rate limiting, input validation, and error handling
5. API gateway security and monitoring
6. Hands-on API exploitation and hardening labs

6. Security Testing and DevSecOps

1. Static Application Security Testing (SAST) tools and techniques
2. Dynamic Application Security Testing (DAST) tools and techniques
3. Software Composition Analysis (SCA) for third-party libraries
4. Integrating security testing into CI/CD pipelines
5. Secure code review methodology
6. Hands-on security testing labs

7. Secure Architecture and Advanced Topics

1. Secure architecture design patterns
2. Cryptography for developers: encryption, hashing, digital signatures
3. Secure file upload and download handling
4. Security logging and monitoring for applications
5. Mobile application security considerations

Certification & Accreditation

Certification Path 1: GlobalACE Certification

The GlobalACE certification is designed to align with internationally recognised Knowledge, Skills, and Attitudes (KSA) standards for Information Security Professionals. Candidates are assessed through a combination of multiple choice questions, practical assessments, assignments, and case studies. Examinations are conducted at authorised centres across participating member countries, and successful candidates are eligible to apply as Associate or Professional Members under the GlobalACE framework, recognised in 64+ countries.

Certification Path 2: CyberKnights Certification

The CyberKnights certification is conducted through the KALAM platform, a purpose-built cybersecurity examination and skills validation system. Candidates take a 25-question MCQ exam within 60 minutes, with a pass mark of 70%. Exam fees are inclusive in the course fees. All certified candidates receive complimentary membership access to the KALAM Cybersecurity Collaboration and Community Skills Validation Platform, giving them access to an active community of security professionals.

Frequently Asked Questions

Which programming languages does the course cover?

The secure coding principles taught are language-agnostic, but hands-on labs primarily use web technologies (JavaScript, Python, SQL). The techniques and patterns you learn apply to any language or framework.

Is this course only for web developers?

While the primary focus is web application security, the programme also covers API security, mobile security considerations, and secure architecture principles that apply across all development platforms.

Do I need security experience to attend?

No. The course is designed for developers who want to build security into their coding practices. It starts with understanding how attacks work before teaching you how to defend against them in code.

How does this help our organisation meet PDPA requirements?

Secure coding practices directly support PDPA compliance by preventing data breaches at the application layer. The programme covers secure data handling, encryption, access controls, and security logging that are essential for protecting personal data.

Can this be delivered for our entire development team?

Yes. We offer private on-site delivery where labs and code examples can be tailored to your organisation's technology stack, coding standards, and specific application security challenges.

Does the course cover secure CI/CD pipeline practices?

Yes. Module 6 covers integrating SAST, DAST, and SCA tools into CI/CD pipelines, enabling your team to catch security issues before code reaches production.

Ready to get started?

Train your team. Strengthen your defence.

Fill in the form and our training advisors will get back to you within 24 hours with a tailored programme recommendation for your team.

20,000+ professionals trained across enterprise and government sectors

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.