Training Course | Security by Design

Gain an understanding of how to write code that is more secure by adopting great software engineering practices.

Security by Design is an essential training course for any software engineer wanting to develop their skills in secure coding. Delegates will learn directly from industry leaders in a course outline that keeps up-to-date with modern development practices.

Course Information

Duration: 2 days

Location: Virtual | Classroom

Skill Level: Intermediate

Learning Outcomes

Course delegates will complete the course having gained the following knowledge.

  • Design patterns that lead to more secure code
  • Architectural patterns that more secure systems
  • How to test your system from a security perspective
  • Anti-patterns

Course Outline

Throughout the duration of the two-day course, delegates will be armed with the ability to identify security issues much earlier in the development cycle, thus saving cost and removing business critical bugs before they appear in the wild.

Hugely interesting course and eye opening to understand all the vulnerabilities that exist. Even though we have security reps within the company this would make you think there is a need for specially trained staff whose sole focus is that.

Course Attendee


Delegates will complete training in the following modules.

1. Code Patterns
  • Data structures: Immutability and managing state, avoiding shared mutable state, domain primitives, and avoiding collections that can grow infinitely.
  • Contracts and validation: Escaping inputs, and validation options built into commonly used frameworks.
  • Failure handling: Avoid logging sensitive info in logs and information exposure (system internals, passwords, exception safety, etc.).
  • Preventing common vulnerabilities: SQL & noSQL injection.
2. Architectural Patterns
  • Managing user data and logs
  • Avoid logging PII
  • Secrets management / vaults
  • Circuit breakers, retries and timeouts
  • Using Caches to enable graceful degradation
  • Principle of least privilege
  • Zero trust security
  • CSRF tokens
  • Protocols (REST, HTTPS, Binary)
  • Avoiding defaults e.g. commonly used headers that expose server information
3. Testing your Design
  • How to validate that software is secure.
  • Boundary testing
  • Input and validation testing
  • Load testing
  • Exploratory testing
  • Automated security testing (Pipelines, security policy as code, SAST, DAST)
    Benefits of penetration testing


Delegates should be comfortable writing code in any high-level language e.g. Java, Kotlin, C# and should also have a good understanding of engineering best practices.

Further Learning

Looking to continue on your learning path? The following courses are ideal as follow-on courses to Security by Design.

Need help?

Email Us
email hidden; JavaScript is required

Or send us a quick message

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.