Through theory and hands-on labs, this course empowers developers and security professionals to build secure Ruby applications. Aligned with the OWASP Top 10, participants learn to prevent, detect, and fix common vulnerabilities.
Secure Coding in Ruby is a practical, hands-on course designed to help developers, team leads, and security professionals build secure and resilient Ruby applications without compromising performance or functionality.
With a strong emphasis on real-world vulnerabilities identified in the OWASP Top 10, this course focuses on actionable techniques to mitigate some of the most critical security challenges facing modern web applications.
Ruby applications, while developer-friendly, are not immune to security flaws. This course bridges the gap between development and security, empowering participants to write secure code, spot risks early, and defend their applications against common threats.
Through a combination of theoretical instruction and immersive hands-on labs, you will learn to integrate secure coding practices directly into your development lifecycle.
By the end of the course, you will not only understand the technical mechanics of each vulnerability but also know how to design and develop Ruby applications that are secure by default—ensuring protection from the ground up.
This course is designed to deliver practical value to your team:
• This course offers practical, real-world defense strategies.
• Learn to think like an attacker and defend like a pro.
• Increase your codebase’s security resilience.
• Perfect for developers, security engineers, and team leads looking to integrate security into their workflows.
• Identify and remediate OWASP Top 10 vulnerabilities in Ruby applications
• Implement secure coding practices to prevent common security flaws
• Use Ruby libraries and frameworks securely using best practices
• Conduct secure design reviews and apply defensive programming techniques
• Manage dependencies and avoid supply chain risks
• Design secure authentication and access control
• Build logging and monitoring strategies for early threat detection
• Ruby developers looking to enhance application security
• Application security engineers securing Ruby codebases
• Development team leads embedding security into workflows
• DevOps professionals deploying secure Ruby environments
• Security enthusiasts with basic Ruby knowledge
Basic understanding of web security principles is recommended (not mandatory). Prior coding experience in Ruby is required.
Training your development teams in secure software design and coding techniques brings significant long-term benefits to your organisation:
• Increased trust: Maintain the confidence of your customers and partners by reducing risk exposure.
• Reduced costs and increased efficiency: Minimise rework and avoiding the significant costs associated with fixing security flaws post-deployment.
• Regulatory compliance: Stay compliant with industry standards (e.g., OWASP, ISO 27001, PCI DSS).
1. Introduction to Secure Coding in Ruby
2. Broken Access Control
3. Cryptographic Failures
4. Injection Vulnerabilities
5. Insecure Design
6. Security Misconfiguration
7. Vulnerable and Outdated Components
8. Identification and Authentication Failures
9. Software and Data Integrity Failures
10. Security Logging and Monitoring Failures
11. Server-Side Request Forgery (SSRF)
12. Secure Coding Lifecycle
Instructor-led training delivered either live online or in-person. The course blends theory with intensive hands-on exercises, where participants write, identify, and fix insecure Ruby code using a dedicated lab environment.
• Live instructor-led sessions (online or in-person)
• Downloadable slides and course materials
• Access to a dedicated lab environment
• Programming-language specific labs: Ruby
• Certificate of Completion
• Option to customise content for organisational objectives
SECCDRB-01 Coding in Ruby Core Course
Focuses on OWASP Top 10 and practical defensive techniques. Prior Ruby experience required.
SECCDRB-02 Coding in Ruby Advanced Course
Covers complex secure design patterns, automation, and secure SDLC integration. For senior devs and security leads.
SECCDRB-03 Coding in Ruby for PCI DSS
Targeted training for teams building Ruby applications in PCI DSS environments, covering key compliance requirements through secure coding practices and real-world labs. Perfect for developers working with cardholder data or payment systems.
Senior Official ISC2 Authorised Instructor for CISSP, CCSP, CSSLP and SSCP
Fabio Cerullo is the Managing Director of Cycubix. He has extensive experience in understanding and addressing the challenges of cybersecurity from over two decades working in and with organisations across a diverse range of industries – from financial services to government departments, technology and manufacturing.
Fabio Cerullo is a Senior Authorised Instructor for ISC2,the global leader in information security education and certification. Fabio has delivered training to thousands of IT and security professionals world wide in cyber, cloud, and application security. As a member of ISC2 and OWASP organisations, Fabio helps individuals and organisations strengthen their application security posture and build fruitful relationships with governments, industry and educational institutions.
Fabio is a regular speaker and delivers training at events organised by leading Cybersecurity associations including OWASP and ISC2. He holds a Msc in Computer Engineering from UCA and the SSCP, CISSP, CSSLP & CCSP certifications from ISC2.
Fabio Cerullo is the Managing Director of Cycubix. He has extensive experience in understanding and addressing the challenges of cybersecurity from over two decades working in and with organisations across a diverse range of industries – from financial services to government departments, technology and manufacturing.
Fabio Cerullo is a Senior Authorised Instructor for ISC2,the global leader in information security education and certification. Fabio has delivered training to thousands of IT and security professionals world wide in cyber, cloud, and application security. As a member of ISC2 and OWASP organisations, Fabio helps individuals and organisations strengthen their application security posture and build fruitful relationships with governments, industry and educational institutions.
Fabio is a regular speaker and delivers training at events organised by leading Cybersecurity associations including OWASP and ISC2. He holds a Msc in Computer Engineering from UCA and the SSCP, CISSP, CSSLP & CCSP certifications from ISC2.
The PCI DSS enhances the security of cardholder data. Applications handling payment information must be secure. This course equips developers with the skills to code defensively and meet the secure coding and application security requirements of PCI
Security must be an integral part of the development process and consider risks in a focused and efficient way. Including threat modeling in the application life cycle ensures that applications are developed with security built-in from inception.
Web applications drive business success by streamlining operations and enhancing customer experience. Yet, without understanding and addressing vulnerabilities, organisations risk exposing critical data, disrupting operations, and damaging reputation
As LLMs power chatbots, developer tools, and customer platforms, they bring new security risks like prompt injection and data leakage. This full-day workshop trains engineers and AppSec professionals to design, build, and test secure LLM applications
