Secure applications and websites play a big role in your overall security profile, and so must secure application development best practices.

With so many high-profile data security breaches, auditors and regulators are paying particularly close attention to the coding practices of your developers as they assess compliance with Payment Card Industry Data Security Standards (PCI DSS) and Sarbanes-Oxley (SOX).

MediaPRO’s Secure Application Development training is an engaging, interactive course that will increase awareness of secure coding practices, assist developers in improving application delivery, and allow you to meet industry and regulatory compliance requirements. The course is closely aligned with OWASP 2017 standards for application security. The intended audience includes architects, designers, developers, and IT risk managers.




Secure Application Coding Topics Include:

Security Principles Overview

  • Core Security Concepts
  • Secure Design Tenets
  • Industry Regulations, including PII, SOX, PCI DSS, PFI, and HIPAA
  • Relative Cost of Detection throughout the SDLC Threat Modeling
  • Risk Assessment through Qualitative Analysis


  • Common Authentication Methods
  • Client-Side SSL Certificates
  • Single Sign-On (SSO)
  • Re-Authentication
  • Password & Account Policies
  • Failing Closed & Failing Open
  • Specific Methods for Preventing Common Attacks
  • Design and Implementation Best Practices


  • Common Authorization Attacks
  • Authorization vs. Authentication
  • Principle of Least Privilege
  • Separation of Duties
  • Access-Control Methods
  • Design and Implementation Best Practices

Session Management

  • Cookies
  • Session Timeouts
  • Securing Against Common Attacks on Sessions
  • Proper Session Storage and Clearing Procedures
  • Design and Implementation Best Practices

Input / Output Handling

  • Validation Overview
  • Common Vulnerabilities and Exploits
  • Data Validation Strategies
  • Preventing Common Attacks
  • Database Access Control
  • Serialization
  • Design and Implementation Best Practices

Error Handling

  • Impacts of Improper Error Handling
  • Identifying Exploits
  • Detailed Error Messages
  • Centralized Exception Handling
  • Structured Error Handling
  • Error Logging
  • Design and Implementation Best Practices


  • Logging Purpose and Requirements
  • Centralized Logging
  • Log Security
  • Design and Implementation Best Practices


  • Hashing
  • Encryption
  • Digital Signatures
  • Certification Authorities
  • SSL & TLS
  • Digital Signatures
  • Securing Communications with HTTPS
  • Key Management
  • Design and Implementation Best Practices

Web Service Security

  • Web Service Protocols and Standards (SOAP and REST)
  • Common Web Service Languages and Frameworks
  • Web Service Vulnerabilities and Common Attacks
  • Message Signing and Encryption
  • Design and Implementation Best Practices

Secure Application Coding Course Features:

  • Meets PCI DSS 3.2 Requirements
  • Real-Life Examples and Applications
  • Professional Graphics and Voiceovers
  • SCORM Compliant


What MediaPRO solution is right for your business?

View TrainingPacks
Request a Demo

Take a closer look at the courses included in each TrainingPack

MediaPRO TrainingPack courses are interactive and engaging, with the right mix of humor and professionalism. You can use courses as-is, easily modify them, or quickly build your own from pre-built topics.

Check out the Courses
More Resources
Security Training and Awareness Survival Guide

Get our most popular resources bundled as a comprehensive guide for those responsible for running security awareness training programs.

Free Toolkit: Staying Secure While Working from Home

Keep security top of mind while your employees are working remotely with our free toolkit. No kidding. Really free.

10 Steps to A Successful Simulated Phishing Program

This guide walks through the steps to take to establish a simulated phishing program and provides phishing program ideas.