Hands-on OWASP Top 10 2025 Secure Coding for Node.js. Learn to prevent, detect and remediate modern vulnerabilities, strengthen resilience, and support ISO 27001 and PCI DSS compliance. Includes how AI-assisted tooling can help support secure develop
This course equips Node.js developers and security professionals with the practical skills to prevent, detect, and fix common vulnerabilities. With a focus on the OWASP Top 10 2025, participants learn secure coding techniques tailored to the Node.js environment, including modern attack vectors, supply-chain risks, and API-centric threats.
Through theory and hands-on labs, the course helps reduce risk, improve resilience, and support compliance with industry standards and regulations such as ISO 27001, PCI DSS, and OWASP ASVS. Participants also explore how AI-assisted tooling can help support secure development.
Ideal for teams looking to embed security into their development workflows.
This course covers the following topics:
1. Node.js Security Fundamentals and Threat Landscape (OWASP Top 10 2025)
2. Broken Access Control and Authorisation Failures (A01:2025)
3. Security Misconfiguration Across Code, Frameworks, and Cloud (A02:2025)
4. Software Supply Chain Failures and Dependency Risk (A03:2025)
5. Cryptographic Failures and Sensitive Data Exposure (A04:2025)
6. Injection and Interpreter Abuse (SQL, NoSQL, Command, Template) (A05:2025)
7. Insecure Design and Business Logic Flaws (A06:2025)
8. Identification, Authentication, and Session Management Failures (A07:2025)
9. Software and Data Integrity Failures (CI/CD, Deserialisation, Trust Boundaries) (A08:2025)
10. Security Logging and Alerting Failures (A09:2025)
11. Mishandling of Exceptional Conditions (A10:2025)
12. Secure Deployment, Automation, and AI-Assisted Secure Coding Practices
Instructor-led, delivered online or in person. Combines theory with practical lab work targeting real-world vulnerabilities in Node.js.
SECCNJS-01 Coding in NodeJS Core Course
Focuses on OWASP Top 10 2025 categories and practical defensive techniques. For developers with working knowledge of Node.js and JavaScript.
SECCNJS-02 Coding in Node JS Advanced Course
Covers complex secure design patterns, supply-chain and CI/CD risks, automation, and secure SDLC integration.
SECCNJS-03 Coding in Node JS for PCI DSS
Targeted training for teams building NodeJS applications in PCI DSS environments, covering key compliance requirements through secure coding practices and real-world labs. Perfect for developers working with cardholder data or payment systems.
Senior Official ISC2 Authorised Instructor for CISSP, CCSP, CSSLP and SSCP
Fabio Cerullo, CISSP, CCSP, CSSLP, SSCP, is the Managing Director of Cycubix Ltd., where he leads cybersecurity consulting, compliance programs and professional training services for organisations across a wide range of industries. His work spans secure engineering, cloud security and guidance on major regulatory and certification requirements including ISO 27001, SOC2, FedRAMP, NIS2, PCI and GDPR.
He also serves as an ISC2 Senior Authorised Instructor, delivering advanced courses that help security and engineering teams build practical skills in cloud security, software security and information risk management. His cloud expertise is reinforced by his AWS Certified Solutions Architect and AWS Security Specialty certifications and hands-on experience advising organisations on secure architecture and cloud-native security practices.
He is an active contributor to the OWASP Foundation, regularly providing training, speaking at industry events and supporting community initiatives focused on modern application security. He volunteers as Google Summer of Code administrator, mentoring new students into the cybersecurity field and guiding them through their first contributions to open source security projects.
Originally from Argentina and now based in Ireland, he holds a master’s degree in computer engineering. His interests include emerging technologies, with a particular focus on AI risks and secure AI engineering. Outside of his professional work he enjoys spending time with his family, running outdoors, and actively supporting initiatives that aim to make high-quality cyber-security education accessible to a broader audience.
Fabio Cerullo, CISSP, CCSP, CSSLP, SSCP, is the Managing Director of Cycubix Ltd., where he leads cybersecurity consulting, compliance programs and professional training services for organisations across a wide range of industries. His work spans secure engineering, cloud security and guidance on major regulatory and certification requirements including ISO 27001, SOC2, FedRAMP, NIS2, PCI and GDPR.
He also serves as an ISC2 Senior Authorised Instructor, delivering advanced courses that help security and engineering teams build practical skills in cloud security, software security and information risk management. His cloud expertise is reinforced by his AWS Certified Solutions Architect and AWS Security Specialty certifications and hands-on experience advising organisations on secure architecture and cloud-native security practices.
He is an active contributor to the OWASP Foundation, regularly providing training, speaking at industry events and supporting community initiatives focused on modern application security. He volunteers as Google Summer of Code administrator, mentoring new students into the cybersecurity field and guiding them through their first contributions to open source security projects.
Originally from Argentina and now based in Ireland, he holds a master’s degree in computer engineering. His interests include emerging technologies, with a particular focus on AI risks and secure AI engineering. Outside of his professional work he enjoys spending time with his family, running outdoors, and actively supporting initiatives that aim to make high-quality cyber-security education accessible to a broader audience.
Learn to identify, analyse, and understand real-world web vulnerabilities. This hands-on course, aligned with the OWASP Top 10 2025, empowers professionals to spot and assess security risks—human or AI-generated—before they reach production.
The PCI DSS enhances the security of cardholder data. Applications handling payment information must be secure. This course equips developers with the skills to code defensively and meet the secure coding and application security requirements of PCI
Hands-on training that teaches teams to securely develop and deploy AI and LLM applications. Learn how to prevent prompt injection, data leakage, and other critical risks from the OWASP Top 10 for LLMs.
Security must be an integral part of the development process and consider risks in a focused and efficient way. Including threat modeling in the application life cycle ensures that applications are developed with security built-in from inception.
