Build secure Node.js apps by mastering real-world OWASP Top 10 threats. This hands-on course gives developers and security pros the skills to prevent exploits, reduce risk, and support compliance with ISO 27001, PCI DSS, and more.
This course equips Node.js developers and security professionals with the practical skills to prevent, detect, and fix common vulnerabilities. With a focus on the OWASP Top 10 2021, participants learn secure coding techniques tailored to the Node.js environment. Through theory and labs, the course helps reduce risk, improve resilience, and support compliance with ISO 27001, PCI DSS, and OWASP ASVS. Ideal for teams looking to embed security into their development workflows.
This course covers the following topics:
1. Node.js Security Fundamentals
2. Broken Access Controls
3. Cryptographic Failures
4. Injection Vulnerabilities
5. Insecure Design
6. Security Misconfiguration
7. Vulnerable and Outdated Components
8. Identification and Authentication Failures
9. Software and Data Integrity Failures
10. Security Logging and Monitoring
11. Server-Side Request Forgery (SSRF)
12. Secure Deployment Practices
Instructor-led, delivered online or in person. Combines theory with practical lab work targeting real-world vulnerabilities in Node.js.
SECCNJS-01 Coding in NodeJS Core Course
Focuses on OWASP Top 10 and practical defensive techniques. For developers with working knowledge of Node.js and JavaScript.
SECCNJS-02 Coding in Node JS Advanced Course
Covers complex secure design patterns, automation, and secure SDLC integration.
SECCNJS-03 Coding in Node JS for PCI DSS
Targeted training for teams building NodeJS applications in PCI DSS environments, covering key compliance requirements through secure coding practices and real-world labs. Perfect for developers working with cardholder data or payment systems.
Senior Official ISC2 Authorised Instructor for CISSP, CCSP, CSSLP and SSCP
Fabio Cerullo, CISSP, CCSP, CSSLP, SSCP, is the Managing Director of Cycubix Ltd., where he leads cybersecurity consulting, compliance programs and professional training services for organisations across a wide range of industries. His work spans secure engineering, cloud security and guidance on major regulatory and certification requirements including ISO 27001, SOC2, FedRAMP, NIS2, PCI and GDPR.
He also serves as an ISC2 Senior Authorised Instructor, delivering advanced courses that help security and engineering teams build practical skills in cloud security, software security and information risk management. His cloud expertise is reinforced by his AWS Certified Solutions Architect and AWS Security Specialty certifications and hands-on experience advising organisations on secure architecture and cloud-native security practices.
He is an active contributor to the OWASP Foundation, regularly providing training, speaking at industry events and supporting community initiatives focused on modern application security. He volunteers as Google Summer of Code administrator, mentoring new students into the cybersecurity field and guiding them through their first contributions to open source security projects.
Originally from Argentina and now based in Ireland, he holds a master’s degree in computer engineering. His interests include emerging technologies, with a particular focus on AI risks and secure AI engineering. Outside of his professional work he enjoys spending time with his family, running outdoors, and actively supporting initiatives that aim to make high-quality cyber-security education accessible to a broader audience.
Fabio Cerullo, CISSP, CCSP, CSSLP, SSCP, is the Managing Director of Cycubix Ltd., where he leads cybersecurity consulting, compliance programs and professional training services for organisations across a wide range of industries. His work spans secure engineering, cloud security and guidance on major regulatory and certification requirements including ISO 27001, SOC2, FedRAMP, NIS2, PCI and GDPR.
He also serves as an ISC2 Senior Authorised Instructor, delivering advanced courses that help security and engineering teams build practical skills in cloud security, software security and information risk management. His cloud expertise is reinforced by his AWS Certified Solutions Architect and AWS Security Specialty certifications and hands-on experience advising organisations on secure architecture and cloud-native security practices.
He is an active contributor to the OWASP Foundation, regularly providing training, speaking at industry events and supporting community initiatives focused on modern application security. He volunteers as Google Summer of Code administrator, mentoring new students into the cybersecurity field and guiding them through their first contributions to open source security projects.
Originally from Argentina and now based in Ireland, he holds a master’s degree in computer engineering. His interests include emerging technologies, with a particular focus on AI risks and secure AI engineering. Outside of his professional work he enjoys spending time with his family, running outdoors, and actively supporting initiatives that aim to make high-quality cyber-security education accessible to a broader audience.
Learn to identify, analyse, and understand real-world web vulnerabilities. This hands-on course, aligned with the OWASP Top 10 2025, empowers professionals to spot and assess security risks—human or AI-generated—before they reach production.
The PCI DSS enhances the security of cardholder data. Applications handling payment information must be secure. This course equips developers with the skills to code defensively and meet the secure coding and application security requirements of PCI
Hands-on training that teaches teams to securely develop and deploy AI and LLM applications. Learn how to prevent prompt injection, data leakage, and other critical risks from the OWASP Top 10 for LLMs.
Security must be an integral part of the development process and consider risks in a focused and efficient way. Including threat modeling in the application life cycle ensures that applications are developed with security built-in from inception.
