.NET provides unprecedented flexibility and productivity to web application developers. Application developers are responsible for understanding the limitations of .NET and adopting best practices to ensure that their code is secure.
.NET provides unprecedented flexibility and productivity to web application developers. Many applications allow access to critical and confidential resources and this has made them popular targets for attack. Application developers are responsible for understanding the limitations of .NET and adopting best practices to ensure that their code is secure.
This course aims to provide the knowledge and resources required to improve the security of Web applications developed using .NET. This course is designed to educate developers on the skills necessary to build and deploy secure .NET applications following a Secure Development Lifecycle (SDL) process.
It is recommended that participants on the Web Application Secure Coding in .Net have completed the Web Application Security Essentials course. Please see Related Training at the end of this page.
The course is designed for:
• Software Developers
• Quality Assurance professionals
• System Architects
• Information Security Professionals
The course is aligned with the OWASP Top 10, a world-renowned reference document which describes the most critical web application security flaws.
The topics covered include:
The course combines theory and hands-on practical exercises. The participants learn to identify vulnerabilities in a purposely-developed .Net application and fix them using secure coding best practices. This provides an ideal ‘real-life’ opportunity to exploit these vulnerabilities using different open source tools and techniques in a safe environment.
Senior Official ISC2 Authorised Instructor for CISSP, CCSP, CSSLP and SSCP
Fabio Cerullo, CISSP, CCSP, CSSLP, SSCP, is the Managing Director of Cycubix Ltd., where he leads cybersecurity consulting, compliance programs and professional training services for organisations across a wide range of industries. His work spans secure engineering, cloud security and guidance on major regulatory and certification requirements including ISO 27001, SOC2, FedRAMP, NIS2, PCI and GDPR.
He also serves as an ISC2 Senior Authorised Instructor, delivering advanced courses that help security and engineering teams build practical skills in cloud security, software security and information risk management. His cloud expertise is reinforced by his AWS Certified Solutions Architect and AWS Security Specialty certifications and hands-on experience advising organisations on secure architecture and cloud-native security practices.
He is an active contributor to the OWASP Foundation, regularly providing training, speaking at industry events and supporting community initiatives focused on modern application security. He volunteers as Google Summer of Code administrator, mentoring new students into the cybersecurity field and guiding them through their first contributions to open source security projects.
Originally from Argentina and now based in Ireland, he holds a master’s degree in computer engineering. His interests include emerging technologies, with a particular focus on AI risks and secure AI engineering. Outside of his professional work he enjoys spending time with his family, running outdoors, and actively supporting initiatives that aim to make high-quality cyber-security education accessible to a broader audience.
Fabio Cerullo, CISSP, CCSP, CSSLP, SSCP, is the Managing Director of Cycubix Ltd., where he leads cybersecurity consulting, compliance programs and professional training services for organisations across a wide range of industries. His work spans secure engineering, cloud security and guidance on major regulatory and certification requirements including ISO 27001, SOC2, FedRAMP, NIS2, PCI and GDPR.
He also serves as an ISC2 Senior Authorised Instructor, delivering advanced courses that help security and engineering teams build practical skills in cloud security, software security and information risk management. His cloud expertise is reinforced by his AWS Certified Solutions Architect and AWS Security Specialty certifications and hands-on experience advising organisations on secure architecture and cloud-native security practices.
He is an active contributor to the OWASP Foundation, regularly providing training, speaking at industry events and supporting community initiatives focused on modern application security. He volunteers as Google Summer of Code administrator, mentoring new students into the cybersecurity field and guiding them through their first contributions to open source security projects.
Originally from Argentina and now based in Ireland, he holds a master’s degree in computer engineering. His interests include emerging technologies, with a particular focus on AI risks and secure AI engineering. Outside of his professional work he enjoys spending time with his family, running outdoors, and actively supporting initiatives that aim to make high-quality cyber-security education accessible to a broader audience.
Java is used to develop full featured and very powerful corporate applications. To minimise the likelihood of security vulnerabilities caused by programmer error, Java developers must understand and adhere to best practices.
Learn to identify, analyse, and understand real-world web vulnerabilities. This hands-on course, aligned with the OWASP Top 10 2025, empowers professionals to spot and assess security risks—human or AI-generated—before they reach production.
Security must be an integral part of the development process and consider risks in a focused and efficient way. Including threat modeling in the application life cycle ensures that applications are developed with security built-in from inception.
The PCI DSS enhances the security of cardholder data. Applications handling payment information must be secure. This course equips developers with the skills to code defensively and meet the secure coding and application security requirements of PCI
