0345 4506120

Certified Secure Coding for Software Developers (CSCSD)

Course Details

Name Certified Secure Coding for Software Developers (CSCSD)
Start Date:
Working Days:
£1097.00 +vat
Course ID:


This two-day course is for people who want to understand the technical controls used to prevent software vulnerabilities. It focuses on common insecure coding practices and examines how these can be addressed to make secure applications.

It is much less expensive to build secure software than to correct security issues after the software has been completed or deal with the costs that may be associated with a security breach. Securing critical software resources is more important than ever as the focus of attackers has steadily moved to the application layer.

Building secure software requires an understanding of security principles and the goal of software security is to maintain the confidentiality, integrity and availability of information resources in order to enable successful business operations.

During the course, you will have access to a specifically created controlled environment to demonstrate the main areas of vulnerability and mitigation strategies.


This course is for people who want to learn secure coding, including:

  • Penetration testers
  • Professional software developers
  • Software architects
  • Software security auditors

Learning Objectives


  • You will learn about the vulnerabilities that arise from insecure coding and the array of hacking techniques that many attackers use to disrupt the way an application’s programming/business logic work
  • You will find out how to take a ‘defence in depth’ approach and ensure you consider all the security issues that may arise while developing applications
  • You will gain an understanding of the most important principles in secure coding and apply your new knowledge with examples and exercises in Java
  • You will learn about the Security Development Lifecycle (SDL), a software development process that will help you build more secure software and address security compliance requirements while reducing development cost.

With this course, you will:

  • Have access to a purpose built controlled environment specifically created to demonstrate the main areas of vulnerability and the key mitigation strategies
  • Get the chance to practise techniques to address common insecure coding practices
  • Build your skills and confidence in coding secure applications


Rather than attempt to cover all languages on one course we focus on the important principles. A basic understanding of web application coding is preferable, ideally in Java (as examples and exercises are in Java), however the course has been developed to be language agnostic.

Course Content

1. Introduction
a. Disclaimer
b. Trends & Metrics
c. Lab Environment

2. Core Security Concepts
a. Confidentiality, Integrity,
b. Authentication and Authorisation
c. Accounting
d. Non-repudiation
e. Privacy
f. Data Anonymisation
g. User Consent
h. Disposition
i. Test Data Management

3. Secure Development Lifecycle
a. Waterfall vs Agile
b. Microsoft SDLC
c. TouchPoints
e. Comparison

4. Security Design Principles
a. Least Privilege
b. Separation of Duties
c. Defence in Depth
d. Fail Safe
e. Economy of Mechanism
f. Complete Mediation
g. Open Design
h. Least Common Mechanism
i. Psychological Acceptability
j. Weakest Link
k. Leveraging Existing Components

5. Secure Development Principles
a. Input Validation
b. Canonicalisation
c. Output Encoding
d. Error Handling
e. Authentication & Authorisation
f. Auditing & Logging
g. Session Management
h. Secure Communications
i. Secure Resource Access
j. Secure Storage
k. Cryptography

6. Best Practices

7. Conclusion

Cambridge Technology Centre


At the Cambridge Development Centre (CDC), our trainers use purpose-built facilities to create the right environment in which to provide ‘hands-on’ training.

Using the latest equipment and techniques are just some of the benefits of studying at CDC; others include:

  • Free lunch and coffees throughout your course
  • Air-conditioned training rooms in well-lit, spacious surroundings
  • Free on-site car parking with no restrictions for private car users





Directions by Car


From the M11

Take junction 10 off the M11, and head for Royston on the A505. Continue along the A505 heading for Royston and pass a service area on the left. Take the second right after the service area (signposted for Melbourn). Continue for approximately two miles (this will take you into the village). At the traffic lights, turn left. Continue through the village, and take the left past The Dolphin Pub into Back Lane. PA Consulting Group is on the right.


From the A10

Turn right off the A10 (if travelling north), or left (if travelling south) north of Royston, signposted for ‘Melbourn Village and Industrial Area’. Take the first right into Back Lane and the Industrial Area. PA is on the right.


From Cambridge

Take the A10 southbound, signposted for Trumpington. Once through the village of Harston, follow the third sign directed towards Melbourn, which will also read ‘Industrial Area’. Take the first right into Back Lane. PA Consulting Group is on the right.


Directions by Public Transport


From Royston Station

There are two trains leaving every hour for Royston Station from London King’s Cross Station. The taxi journey from the station takes 10 minutes.



Ample parking is available at the front of the building. Two car parks are located on either side of the main driveway into the PA site. Turn into the park on the left, and proceed straight ahead. Visitor car parking is located at the bottom of the steps which lead to reception.


Those delegates successfully passing the exam at the end of the course will be awarded the Certified Secure Coding for Software Developers (CSCSD) qualification.

Our Customers Include