.NET gives web developers speed and flexibility, but organisations remain responsible for building secure applications. This hands-on course covers authentication, cryptography and input validation, mapping to OWASP Top 10:2025.
As the .NET Framework remains a cornerstone for developing enterprise-grade web applications, securing them against increasingly sophisticated attacks is paramount.
This intensive course equips developers with the essential skills to identify and remediate vulnerabilities within a controlled environment. Aligning with the globally recognised OWASP Top 10:2025 standard, the curriculum bridges the gap between theory and practice. Participants will learn to integrate security seamlessly into the development process, ensuring that sensitive data is protected through robust coding practices and the effective use of .NET’s built-in security features.
The course also introduces the secure use of AI-assisted development and analysis tools within established secure coding practices.
This course aims to provide the knowledge and resources required to improve the security of Web applications developed using .NET, updated to align with OWASP Top 10:2025. This course is designed to educate developers on the skills necessary to build and deploy secure .NET applications following a Secure Software Development Lifecycle (SDL) process, including practical guidance on secure use of AI-assisted development tools.
The course is designed for:
It is recommended that participants to the Secure Coding in .Net course have completed the Web Application Security Essentials course.
The course is aligned with the OWASP Top 10 2025, a world-renowned reference document which describes the most critical web application security flaws.
The topics covered include:
The course combines theory and hands-on practical exercises. The participants learn to identify vulnerabilities in a purposely-developed .Net application and fix them using secure coding best practices. This provides an ideal ‘real-life’ opportunity to learn about these vulnerabilities and fix them in a safe environment.
SECCDNT-01 Secure Coding in .NET Core Course
Focuses on OWASP Top 10:2025 and practical defensive techniques in .NET. Prior C# and web application experience required.
SECCDNT-02 Secure Coding in .NET Advanced Course
Covers complex secure design patterns, secure SDLC integration, and advanced remediation approaches for OWASP Top 10:2025 risks. For senior developers, architects, and security leads.
SECCDNT-03 Secure Coding in .NET for PCI DSS Targeted training for teams building .NET applications in regulated environments, mapping OWASP Top 10:2025 risks to secure coding practices and real-world labs. Best for engineering teams handling sensitive data and audit requirements.
Senior Official ISC2 Authorised Instructor for CISSP, CCSP, CSSLP and SSCP
Fabio Cerullo, CISSP, CCSP, CSSLP, SSCP, is the Managing Director of Cycubix Ltd., where he leads cybersecurity consulting, compliance programs and professional training services for organisations across a wide range of industries. His work spans secure engineering, cloud security and guidance on major regulatory and certification requirements including ISO 27001, SOC2, FedRAMP, NIS2, PCI and GDPR.
He also serves as an ISC2 Senior Authorised Instructor, delivering advanced courses that help security and engineering teams build practical skills in cloud security, software security and information risk management. His cloud expertise is reinforced by his AWS Certified Solutions Architect and AWS Security Specialty certifications and hands-on experience advising organisations on secure architecture and cloud-native security practices.
He is an active contributor to the OWASP Foundation, regularly providing training, speaking at industry events and supporting community initiatives focused on modern application security. He volunteers as Google Summer of Code administrator, mentoring new students into the cybersecurity field and guiding them through their first contributions to open source security projects.
Originally from Argentina and now based in Ireland, he holds a master’s degree in computer engineering. His interests include emerging technologies, with a particular focus on AI risks and secure AI engineering. Outside of his professional work he enjoys spending time with his family, running outdoors, and actively supporting initiatives that aim to make high-quality cyber-security education accessible to a broader audience.
Fabio Cerullo, CISSP, CCSP, CSSLP, SSCP, is the Managing Director of Cycubix Ltd., where he leads cybersecurity consulting, compliance programs and professional training services for organisations across a wide range of industries. His work spans secure engineering, cloud security and guidance on major regulatory and certification requirements including ISO 27001, SOC2, FedRAMP, NIS2, PCI and GDPR.
He also serves as an ISC2 Senior Authorised Instructor, delivering advanced courses that help security and engineering teams build practical skills in cloud security, software security and information risk management. His cloud expertise is reinforced by his AWS Certified Solutions Architect and AWS Security Specialty certifications and hands-on experience advising organisations on secure architecture and cloud-native security practices.
He is an active contributor to the OWASP Foundation, regularly providing training, speaking at industry events and supporting community initiatives focused on modern application security. He volunteers as Google Summer of Code administrator, mentoring new students into the cybersecurity field and guiding them through their first contributions to open source security projects.
Originally from Argentina and now based in Ireland, he holds a master’s degree in computer engineering. His interests include emerging technologies, with a particular focus on AI risks and secure AI engineering. Outside of his professional work he enjoys spending time with his family, running outdoors, and actively supporting initiatives that aim to make high-quality cyber-security education accessible to a broader audience.
Java is used to develop full featured and very powerful corporate applications. To minimise the likelihood of security vulnerabilities caused by programmer error, Java developers must understand and adhere to best practices.
Learn to identify, analyse, and understand real-world web vulnerabilities. This hands-on course, aligned with the OWASP Top 10 2025, empowers professionals to spot and assess security risks—human or AI-generated—before they reach production.
Security must be an integral part of the development process and consider risks in a focused and efficient way. Including threat modeling in the application life cycle ensures that applications are developed with security built-in from inception.
The PCI DSS enhances the security of cardholder data. Applications handling payment information must be secure. This course equips developers with the skills to code defensively and meet the secure coding and application security requirements of PCI
