Build secure and resilient Ruby applications with confidence.
This course is designed to deliver practical value to your team:
• This course offers practical, real-world defense strategies.
• Learn to think like an attacker and defend like a pro.
• Increase your codebase’s security resilience.
• Perfect for developers, security engineers, and team leads looking to integrate security into their workflows.
Training your development teams in secure software design and coding techniques brings significant long-term benefits to your organisation:
• Increased trust: Maintain the confidence of your customers and partners by reducing risk exposure.
• Reduced costs and increased efficiency: Minimise rework and avoiding the significant costs associated with fixing security flaws post-deployment.
• Regulatory compliance: Stay compliant with industry standards (e.g., OWASP, ISO 27001, PCI DSS).
Secure Coding in Ruby is a practical, hands-on course designed to help developers, team leads, and security professionals build secure and resilient Ruby applications without compromising performance or functionality.
With a strong emphasis on real-world vulnerabilities identified in the OWASP Top 10, this course focuses on actionable techniques to mitigate some of the most critical security challenges facing modern web applications.
Ruby applications, while developer-friendly, are not immune to security flaws. This course bridges the gap between development and security, empowering participants to write secure code, spot risks early, and defend their applications against common threats.
Through a combination of theoretical instruction and immersive hands-on labs, you will learn to integrate secure coding practices directly into your development lifecycle.
By the end of the course, you will not only understand the technical mechanics of each vulnerability but also know how to design and develop Ruby applications that are secure by default—ensuring protection from the ground up.
• Ruby developers looking to enhance application security
• Application security engineers securing Ruby codebases
• Development team leads embedding security into workflows
• DevOps professionals deploying secure Ruby environments
• Security enthusiasts with basic Ruby knowledge
Basic understanding of web security principles is recommended (not mandatory). Prior coding experience in Ruby is required.
• Live instructor-led sessions (online or in-person)
• Downloadable slides and course materials
• Access to a dedicated lab environment
• Programming-language specific labs: Ruby
• Certificate of Completion
• Option to customise content for organisational objectives
Senior Official ISC2 Authorised Instructor for CISSP, CCSP, CSSLP and SSCP
Fabio Cerullo is the Managing Director of Cycubix. He has extensive experience in understanding and addressing the challenges of cybersecurity from over two decades working in and with organisations across a diverse range of industries – from financial services to government departments, technology and manufacturing.
Fabio Cerullo is a Senior Authorised Instructor for ISC2,the global leader in information security education and certification. Fabio has delivered training to thousands of IT and security professionals world wide in cyber, cloud, and application security. As a member of ISC2 and OWASP organisations, Fabio helps individuals and organisations strengthen their application security posture and build fruitful relationships with governments, industry and educational institutions.
Fabio is a regular speaker and delivers training at events organised by leading Cybersecurity associations including OWASP and ISC2. He holds a Msc in Computer Engineering from UCA and the SSCP, CISSP, CSSLP & CCSP certifications from ISC2.
Fabio Cerullo is the Managing Director of Cycubix. He has extensive experience in understanding and addressing the challenges of cybersecurity from over two decades working in and with organisations across a diverse range of industries – from financial services to government departments, technology and manufacturing.
Fabio Cerullo is a Senior Authorised Instructor for ISC2,the global leader in information security education and certification. Fabio has delivered training to thousands of IT and security professionals world wide in cyber, cloud, and application security. As a member of ISC2 and OWASP organisations, Fabio helps individuals and organisations strengthen their application security posture and build fruitful relationships with governments, industry and educational institutions.
Fabio is a regular speaker and delivers training at events organised by leading Cybersecurity associations including OWASP and ISC2. He holds a Msc in Computer Engineering from UCA and the SSCP, CISSP, CSSLP & CCSP certifications from ISC2.
The Payment Card Industry Data Security Standard (PCI DSS) enhances cardholder data security. Applications that process card data must be secure. Specific knowledge and skills helps developers to code defensively and meet the secure coding and application security standards required by PCI DSS.
Security must be an integral part of the development process and consider risks in a focused and efficient way. Including threat modeling in the application life cycle ensures that applications are developed with security built-in from inception.
Web applications play a key role in the success of an organisation – from streamlining business processes to creating online interactions that ensure a positive customer experience. However, web applications do allow access to critical and confidential resources. But without understanding web application vulnerabilities and addressing them, organisations risk their data, their operations and their reputation.
As LLMs become embedded in everything from chatbots to internal dev tools and customer-facing platforms, they introduce a new class of security risks—prompt injection, data leakage, unintended behavior, and more. This full-day workshop teaches engineers and AppSec professionals how to design, build, and test LLM applications with security in mind.
