Software development
Artificial Intelligence
Cloud
View all courses
Learn
Connect
Blog
Resource hub
Featured resource
2025 Tech Upskilling Playbook
Tech Upskilling Playbook

Build future-ready tech teams and hit key business milestones with seven proven plays from industry leaders.

Check it out
  • Learning Path
    • Libraries: This path is only available in the libraries listed. To access this path, purchase a license for the corresponding library.
  • Core Tech
    •

Secure Coding

11 Courses
6 Labs
26 Hours
Skill IQ

# Secure Coding Learning Path

Embark on an exciting journey to become a proficient, secure coder with our comprehensive learning path. This curriculum is designed to gradually build your knowledge and skills, preparing you for the challenges of writing secure code in today's complex digital landscape.

This learning path encompasses video courses, guided practical exercises, and hands-on content to ensure a holistic learning experience. You will master the concept of secure coding, starting with basic principles and then moving to more advanced applications in real-world scenarios.

You can learn more about web app pen-testing in the Web App Pen Testing

Get started
Content in this path
The OWASP Top 10

The OWASP Top 10 represents a broad consensus about the most critical security risks to web applications. The information provided by OWASP provides a valuable framework for developing secure code by highlighting the most critical risks and providing guidance on how to prevent them. In addition, it helps developers write secure code by raising awareness, providing education, and offering a methodology for managing and mitigating risks.

Course
OWASP Top 10: The Big Picture
  • by Hampton Paulk
  • 1h 24m
  • Oct 27, 2023
Course
OWASP Top 10: What's New
  • by Gavin Johnson-Lynn
  • 1h 18m
  • Oct 11, 2024
Course
API Security with the OWASP API Security Top 10
  • by Gavin Johnson-Lynn
  • 1h 59m
  • Aug 11, 2023
Understanding Common Vulnerabilities in Code

In this section, you will delve deeper into the mechanics and code behind the most common vulnerabilities. Understanding how the vulnerabilities are exploited in a general sense will arm you with the knowledge to identify the behavior in your code base. To better understand the impact of these exploits, there are hands-on labs included that cover some of the most commonly exploited vulnerabilities.

Course
Secure Coding: Identifying and Mitigating XML External Entity (XXE) Vulnerabilities
  • by Peter Mosmans
  • 1h
  • Dec 18, 2018
Course
Secure Coding: Preventing Broken Access Control
  • by Gavin Johnson-Lynn
  • 1h 55m
  • Aug 07, 2020
Course
Secure Coding: Preventing Insecure Deserialization
  • by Peter Mosmans
  • 1h 2m
  • Jul 12, 2018
Course
Secure Coding: Preventing Insufficient Logging and Monitoring
  • by Peter Mosmans
  • 1h 23m
  • Aug 14, 2018
Course
Secure Coding: Preventing Sensitive Data Exposure
  • by Timothy Ghanim
  • 1h 23m
  • Nov 03, 2020
Course
Secure Coding: Using Components with Known Vulnerabilities
  • by Peter Mosmans
  • 1h 13m
  • Feb 22, 2019
Lab
Web Attacks: XSS
  • by Laurentiu Raducu
  • 30m
  • Aug 04, 2025
Lab
Web Attacks: Command Injection
  • by Riley Kidd
  • 1h 5m
  • Aug 04, 2025
Lab
Web Attacks: SQL Injection
  • by Gavin Johnson-Lynn
  • 50m
  • Aug 04, 2025
Lab
Web Attacks: Automated Scanning with OWASP Zap
  • by Laurentiu Raducu
  • 55m
  • Aug 04, 2025
Lab
Retrieve Content Using Malicious XML External Entities (XXE)
  • by Riley Kidd
  • 30m
  • Aug 04, 2025
Lab
ASP.NET ViewState Deserialization Attack Chain
  • by Gavin Johnson-Lynn
  • 1h 5m
  • Aug 04, 2025
Language Specific Best Practices

Learn the best practices and considerations that are specific to your technology stack.

Course
Secure Coding in ASP.NET Core
  • by Gavin Johnson-Lynn
  • 4h 39m
  • Jan 23, 2024
Course
Secure Coding with C#
  • by Alexander Tushinsky
  • 3h 32m
  • Aug 12, 2024
Try this learning path for free
Access this learning path and other top-rated tech content with a free trial.
Free individual trial
Free team trial
What You'll Learn
  • In this path, you will learn about the OWASP top 10, an industry-standard collection of knowledge around the most common and broadly applicable vulnerabilities. Then, leveraging that base knowledge, you will delve deeper into a technical understanding of the mechanics behind the code practices responsible for those vulnerabilities, with an opportunity to get hands-on practice. Lastly, best practices around secure coding in specific languages will enable you to apply your knowledge to your specific tech stack.
Prerequisites
  • Development experience and an interest in security. Or alternatively, security testing experience with an interest in the development concerns associated with common vulnerabilities.
Related topics
  • Web Application Firewalls
  • Security Monitoring
  • Web Application Pen Testing
  • Pen Testing
  • CI/CD
  • DevSecOps
  • Secure Development
Not sure where to start?
With over 500 assessments to choose from, you can see where your skills stand and receive adaptive learning recommendations to fill knowledge gaps in as little as 10 minutes.
Learn more
Learn with the best
Hampton Paulk
Hampton Paulk
Hampton brings 25+ years of hands-on technology experience to every course he creates. His teaching philosophy is simple: meet learners where they are and make complex topics accessible. Whether breaking down emerging technologies, explaining foundational concepts, or exploring advanced implementations, he draws from decades of real-world experience building, breaking, and fixing systems. His approach combines practical insights with clear explanations, helping professionals at all levels gain t...
Gavin Johnson-Lynn
Gavin Johnson-Lynn
Gavin has 20 years’ experience writing software in regulated environments and for global organisations. The last five years of his development career were spent with a focus on security, becoming the security lead for a significant payments project at a FTSE 100 company. He has experience with languages from COBOL to .Net and many languages in between. Gavin's experience of secure development revealed a passion for security, leading him to become a speaker and blogger on the subject. He has held...
Peter Mosmans
Peter Mosmans
Peter started out in the nineties as software engineer working on internet banking applications for various European financial institutions. After developing, he moved to the role of defending and designing systems and networks for high-availability websites. Since 2004 he started specializing in breaking: pentesting complex and feature-rich web applications. Currently he leads a global team of highly skilled penetration testers as lead pentester. He is a contributor to several open-source penet...
Timothy Ghanim
Timothy Ghanim
Timothy is a software developer who's been around for some time now. He started playing with code at an early age and has picked up alot of expertise in many areas of software development on different platforms using many programming languages. He also is very well familiar with many associated technologies and development stacks and has run through the software development lifecycle many times so far. In the past decade, Timothy's focus was on software security, specifically on writing secure c...
Laurentiu Raducu
Laurentiu Raducu
It all began in highschool, when Laurentiu first started his path in the computer science journey. Initially he started with C++, and fell in love quickly with the prospect of learning to develop software. Thanks to his passion for chess, his first computer program was a console-based ASCII chess game developed in C++. After a while, during university, Laurentiu started to experiment with other OOP programming languages, like Java, Kotlin or Python. He started to play with different tech stacks ...
Riley Kidd
Riley Kidd
Riley has technical security consultancy experience – leading and building teams to deliver projects and outcomes for clients. He has created and facilitated technical trainings across secure coding, python for hackers, offensive operations, and Capture The Flag competitions. Riley has created technical educational content across YouTube, TCM Academy, and his personal Capture The Flag platform – 247CTF. Riley holds a number of certifications including OSCP, OSCE, OSED, OSWE, OSEP, CRTO, CRTL, C...
Alexander Tushinsky
Alexander Tushinsky
Alex has spent the past 30+ years working as a software developer, application architect, cybersecurity professional, and technical trainer. He is a lifelong learner and holds over 20 active certifications in IT. Alex is a Microsoft Certified Trainer and enjoys sharing his knowledge with others. He has taught at Rutgers University, Bergen Community College, County College of Morris, College of Southern Nevada, and UNLV. He holds a BS in Software Development and a Masters in Cybersecurity from We...

Get started with Pluralsight

View individual plans View team plans