All courses
Resource hub
Featured resource
Tech Upskilling Playbook 2025
Tech Upskilling Playbook

Build future-ready tech teams and hit key business milestones with seven proven plays from industry leaders.

Learn more
Hamburger Icon
  • Path icon Learning Path
    • Libraries: This path is only available in the libraries listed. To access this path, purchase a license for the corresponding library.
  • Core Tech
    •

Secure Coding

11 Courses
6 Labs
26 Hours
Skill IQ

# Secure Coding Learning Path

Embark on an exciting journey to become a proficient, secure coder with our comprehensive learning path. This curriculum is designed to gradually build your knowledge and skills, preparing you for the challenges of writing secure code in today's complex digital landscape.

This learning path encompasses video courses, guided practical exercises, and hands-on content to ensure a holistic learning experience. You will master the concept of secure coding, starting with basic principles and then moving to more advanced applications in real-world scenarios.

You can learn more about web app pen-testing in the Web App Pen Testing

Get started

Content in this path

The OWASP Top 10

The OWASP Top 10 represents a broad consensus about the most critical security risks to web applications. The information provided by OWASP provides a valuable framework for developing secure code by highlighting the most critical risks and providing guidance on how to prevent them. In addition, it helps developers write secure code by raising awareness, providing education, and offering a methodology for managing and mitigating risks.

Course

OWASP Top 10: The Big Picture

  • by Hampton Paulk
  • 1h 24m
  • Oct 27, 2023
Course

OWASP Top 10: What's New

  • by Gavin JohnsonLynn
  • 1h 18m
  • Oct 11, 2024
Course

API Security with the OWASP API Security Top 10

  • by Gavin JohnsonLynn
  • 1h 59m
  • Aug 11, 2023

Understanding Common Vulnerabilities in Code

In this section, you will delve deeper into the mechanics and code behind the most common vulnerabilities. Understanding how the vulnerabilities are exploited in a general sense will arm you with the knowledge to identify the behavior in your code base. To better understand the impact of these exploits, there are hands-on labs included that cover some of the most commonly exploited vulnerabilities.

Course

Secure Coding: Identifying and Mitigating XML External Entity (XXE) Vulnerabilities

  • by Peter Mosmans
  • 1h
  • Dec 18, 2018
Course

Secure Coding: Preventing Broken Access Control

  • by Gavin JohnsonLynn
  • 1h 55m
  • Aug 07, 2020
Course

Secure Coding: Preventing Insecure Deserialization

  • by Peter Mosmans
  • 1h 2m
  • Jul 12, 2018
Course

Secure Coding: Preventing Insufficient Logging and Monitoring

  • by Peter Mosmans
  • 1h 23m
  • Aug 14, 2018
Course

Secure Coding: Preventing Sensitive Data Exposure

  • by Timothy Ghanim
  • 1h 23m
  • Nov 03, 2020
Course

Secure Coding: Using Components with Known Vulnerabilities

  • by Peter Mosmans
  • 1h 13m
  • Feb 22, 2019
Lab

Web Attacks: XSS

  • by Laurentiu Raducu
  • 30m
  • Aug 04, 2025
Lab

Web Attacks: Command Injection

  • by Riley Kidd
  • 1h 5m
  • Aug 04, 2025
Lab

Web Attacks: SQL Injection

  • by Gavin JohnsonLynn
  • 50m
  • Aug 04, 2025
Lab

Web Attacks: Automated Scanning with OWASP Zap

  • by Laurentiu Raducu
  • 55m
  • Aug 04, 2025
Lab

Retrieve Content Using Malicious XML External Entities (XXE)

  • by Riley Kidd
  • 30m
  • Aug 04, 2025
Lab

ASP.NET ViewState Deserialization Attack Chain

  • by Gavin JohnsonLynn
  • 1h 5m
  • Aug 04, 2025

Language Specific Best Practices

Learn the best practices and considerations that are specific to your technology stack.

Course

Secure Coding in ASP.NET Core

  • by Gavin JohnsonLynn
  • 4h 39m
  • Jan 23, 2024
Course

Secure Coding with C#

  • by Alexander Tushinsky
  • 3h 32m
  • Aug 12, 2024
Try this learning path for free
Access this learning path and other top-rated tech content with a free trial.
Free individual trial Free team trial
Have questions? Get them answered now.
Start a live chat
What You'll Learn
  • In this path, you will learn about the OWASP top 10, an industry-standard collection of knowledge around the most common and broadly applicable vulnerabilities. Then, leveraging that base knowledge, you will delve deeper into a technical understanding of the mechanics behind the code practices responsible for those vulnerabilities, with an opportunity to get hands-on practice. Lastly, best practices around secure coding in specific languages will enable you to apply your knowledge to your specific tech stack.
Prerequisites
  • Development experience and an interest in security. Or alternatively, security testing experience with an interest in the development concerns associated with common vulnerabilities.
Related topics
  • Web Application Firewalls
  • Security Monitoring
  • Web Application Pen Testing
  • Pen Testing
  • CI/CD
  • DevSecOps
  • Secure Development
Not sure where to start?
With over 500 assessments to choose from, you can see where your skills stand and receive adaptive learning recommendations to fill knowledge gaps in as little as 10 minutes.
Learn more

Learn with the best

Hampton Paulk
Hampton Paulk
Hampton is an old fart dev that dabbles in data and security, and now teaches full time here at PS. He is bound to teach you something - leading through example and subjective opinion. He is an acquired taste, sweet on the inside with a sour exterior. He also loves honest feedback, so don't hold back.
Gavin JohnsonLynn
Gavin JohnsonLynn
Gavin has 20 years’ experience writing software in regulated environments and for global organisations. The last five years of his development career were spent with a focus on security, becoming the security lead for a significant payments project at a FTSE 100 company. He has experience with languages from COBOL to .Net and many languages in between. Gavin's experience of secure development revealed a passion for security, leading him to become a speaker and blogger on the subject. He has held...
Peter Mosmans
Peter Mosmans
Peter started out in the nineties as software engineer working on internet banking applications for various European financial institutions. After developing, he moved to the role of defending and designing systems and networks for high-availability websites. Since 2004 he started specializing in breaking: pentesting complex and feature-rich web applications. Currently he leads a global team of highly skilled penetration testers as lead pentester. He is a contributor to several open-source penet...
Timothy Ghanim
Timothy Ghanim
Timothy is a software developer who's been around for some time now. He started playing with code at an early age and has picked up alot of expertise in many areas of software development on different platforms using many programming languages. He also is very well familiar with many associated technologies and development stacks and has run through the software development lifecycle many times so far. In the past decade, Timothy's focus was on software security, specifically on writing secure c...
Laurentiu Raducu
Laurentiu Raducu
It all began in highschool, when Laurentiu first started his path in the computer science journey. Initially he started with C++, and fell in love quickly with the prospect of learning to develop software. Thanks to his passion for chess, his first computer program was a console-based ASCII chess game developed in C++. After a while, during university, Laurentiu started to experiment with other OOP programming languages, like Java, Kotlin or Python. He started to play with different tech stacks ...
Riley Kidd
Riley Kidd
Riley has technical security consultancy experience – leading and building teams to deliver projects and outcomes for clients. He has created and facilitated technical trainings across secure coding, python for hackers, offensive operations, and Capture The Flag competitions. Riley has created technical educational content across YouTube, TCM Academy, and his personal Capture The Flag platform – 247CTF. Riley holds a number of certifications including OSCP, OSCE, OSED, OSWE, OSEP, CRTO, CRTL, C...
Alexander Tushinsky
Alexander Tushinsky
Alex has spent the past 30+ years working as a software developer, application architect, cybersecurity professional, and technical trainer. He is a lifelong learner and holds over 20 active certifications in IT. Alex is a Microsoft Certified Trainer and enjoys sharing his knowledge with others. He has taught at Rutgers University, Bergen Community College, County College of Morris, College of Southern Nevada, and UNLV. He holds a BS in Software Development and a Masters in Cybersecurity from We...

Join our learners and upskill
in leading technologies