Build secure Node.js apps by mastering real-world OWASP Top 10 threats. This hands-on course gives developers and security pros the skills to prevent exploits, reduce risk, and support compliance with ISO 27001, PCI DSS, and more.
This course equips Node.js developers and security professionals with the practical skills to prevent, detect, and fix common vulnerabilities. With a focus on the OWASP Top 10 2021, participants learn secure coding techniques tailored to the Node.js environment. Through theory and labs, the course helps reduce risk, improve resilience, and support compliance with ISO 27001, PCI DSS, and OWASP ASVS. Ideal for teams looking to embed security into their development workflows.
This course covers the following topics:
1. Node.js Security Fundamentals
2. Broken Access Controls
3. Cryptographic Failures
4. Injection Vulnerabilities
5. Insecure Design
6. Security Misconfiguration
7. Vulnerable and Outdated Components
8. Identification and Authentication Failures
9. Software and Data Integrity Failures
10. Security Logging and Monitoring
11. Server-Side Request Forgery (SSRF)
12. Secure Deployment Practices
Instructor-led, delivered online or in person. Combines theory with practical lab work targeting real-world vulnerabilities in Node.js.
SECCNJS-01 Coding in NodeJS Core Course
Focuses on OWASP Top 10 and practical defensive techniques. For developers with working knowledge of Node.js and JavaScript.
SECCNJS-02 Coding in Node JS Advanced Course
Covers complex secure design patterns, automation, and secure SDLC integration.
SECCNJS-03 Coding in Node JS for PCI DSS
Targeted training for teams building NodeJS applications in PCI DSS environments, covering key compliance requirements through secure coding practices and real-world labs. Perfect for developers working with cardholder data or payment systems.
Senior Official ISC2 Authorised Instructor for CISSP, CCSP, CSSLP and SSCP
Fabio Cerullo is the Managing Director of Cycubix. He has extensive experience in understanding and addressing the challenges of cybersecurity from over two decades working in and with organisations across a diverse range of industries – from financial services to government departments, technology and manufacturing.
Fabio Cerullo is a Senior Authorised Instructor for ISC2,the global leader in information security education and certification. Fabio has delivered training to thousands of IT and security professionals world wide in cyber, cloud, and application security. As a member of ISC2 and OWASP organisations, Fabio helps individuals and organisations strengthen their application security posture and build fruitful relationships with governments, industry and educational institutions.
Fabio is a regular speaker and delivers training at events organised by leading Cybersecurity associations including OWASP and ISC2. He holds a Msc in Computer Engineering from UCA and the SSCP, CISSP, CSSLP & CCSP certifications from ISC2.
Fabio Cerullo is the Managing Director of Cycubix. He has extensive experience in understanding and addressing the challenges of cybersecurity from over two decades working in and with organisations across a diverse range of industries – from financial services to government departments, technology and manufacturing.
Fabio Cerullo is a Senior Authorised Instructor for ISC2,the global leader in information security education and certification. Fabio has delivered training to thousands of IT and security professionals world wide in cyber, cloud, and application security. As a member of ISC2 and OWASP organisations, Fabio helps individuals and organisations strengthen their application security posture and build fruitful relationships with governments, industry and educational institutions.
Fabio is a regular speaker and delivers training at events organised by leading Cybersecurity associations including OWASP and ISC2. He holds a Msc in Computer Engineering from UCA and the SSCP, CISSP, CSSLP & CCSP certifications from ISC2.
Web applications drive business success by streamlining operations and enhancing customer experience. Yet, without understanding and addressing vulnerabilities, organisations risk exposing critical data, disrupting operations, and damaging reputation
The PCI DSS enhances the security of cardholder data. Applications handling payment information must be secure. This course equips developers with the skills to code defensively and meet the secure coding and application security requirements of PCI
As LLMs power chatbots, developer tools, and customer platforms, they bring new security risks like prompt injection and data leakage. This full-day workshop trains engineers and AppSec professionals to design, build, and test secure LLM applications
Security must be an integral part of the development process and consider risks in a focused and efficient way. Including threat modeling in the application life cycle ensures that applications are developed with security built-in from inception.
