Secure Coding with the OWASP Top 10: Practical Defence for Developers

Introduction

This half-day, hands-on course helps developers understand how attackers think and how to write code that stops them. Using real-world examples from the OWASP Top 10, threat modelling, and secure coding patterns, this session gives developers the confidence to prevent the most common web vulnerabilities in their own code.

Why this course matters

The majority of issues we uncover in web application pentests, injection flaws, broken access controls, and insecure file handling stem from the same root causes. Developers who understand these attack paths and learn to avoid them can dramatically reduce security bugs and technical debt.

Topics covered

• Threat-modelling made painless: Data-flow diagrams, STRIDE vs. attack trees; integrating the exercise into sprint planning.
• OWASP Top 10 - Real-world walkthrough: Hands-on examples: Injection, SSRF & Broken Access Controls
• Secure coding techniques (language-agnostic): Parameterised queries and query builders, Input validation and output encoding techniques, content-security-policy starter set & safe file handling.
• Developer-friendly checklists and tooling: Simple resources to apply security across the SDLC.

Key Take-away

• From this course, you will:
• Gain a deeper understanding of modern web application vulnerabilities
• Learn ready-to-use secure coding practices for real-world projects
• Use lightweight checklists to apply security consistently across the SDLC
• Discover practical tools to integrate security into everyday development workflows

Who should attend

Software engineers, QA testers, tech leads, and anyone writing, testing, or reviewing code for web applications.

Delivery

Live online delivery

Contact us for face-to-face / private sessions.

Facilitators

Neil Richardson – Co-Founder & Managing Director | Cyber Alchemy

Neil has 15+ years of experience in cybersecurity, split between academia and strategic advisory roles. A former senior lecturer and now a fractional CISO to scale-ups, Neil specialises in aligning security with growth, helping companies protect funding rounds, launch securely, and simplify compliance. His experience includes 200+ strategic engagements and hands-on DevSecOps implementation for clients across fintech and medtech. A former Cyber Scheme Team Leader and CREST tester, Neil brings senior-level clarity to every course, making secure development something teams actually want to do.

Luke Hill – Co-Founder & Director | Cyber Alchemy

Luke brings eight years of security experience across offensive testing, compliance, and operations, with a focus on infrastructure, cloud, and OT security. He’s assessed everything from medical devices to fintech platforms and is an expert in identifying misconfigurations, attack paths, and hardening gaps across complex environments. Holding AZ-500 and Cyber Scheme Team Member certifications, Luke’s training style is clear, pragmatic, and full of real-world war stories. He also leads weekly hacking labs for university students and contributes to bug bounty and security research projects.

Ali Malik – Co-Founder & Director | Cyber Alchemy

Ali brings over a decade of experience in cybersecurity, paired with eight years in software engineering, making him a rare hybrid who understands what secure development actually looks like in the real world. He’s a specialist in offensive security, DevSecOps, and secure software delivery in regulated industries like MedTech and EdTech. Holding Cyber Scheme Team Leader and ISO 27001 Lead Auditor certifications, Ali regularly advises on integrating security seamlessly into the development lifecycle. Beyond consultancy, he mentors students, leads Capture The Flag competitions, and keeps Cyber Alchemy at the cutting edge of secure development practices.