Through theory and hands-on labs, this course empowers developers and security professionals to build secure Ruby applications. Aligned with the OWASP Top 10, participants learn to prevent, detect, and fix common vulnerabilities.
Secure Coding in Ruby is a practical, hands-on course designed to help developers, team leads, and security professionals build secure and resilient Ruby applications without compromising performance or functionality.
With a strong emphasis on real-world vulnerabilities identified in the OWASP Top 10, this course focuses on actionable techniques to mitigate some of the most critical security challenges facing modern web applications.
Ruby applications, while developer-friendly, are not immune to security flaws. This course bridges the gap between development and security, empowering participants to write secure code, spot risks early, and defend their applications against common threats.
Through a combination of theoretical instruction and immersive hands-on labs, you will learn to integrate secure coding practices directly into your development lifecycle.
By the end of the course, you will not only understand the technical mechanics of each vulnerability but also know how to design and develop Ruby applications that are secure by default—ensuring protection from the ground up.
This course is designed to deliver practical value to your team:
• This course offers practical, real-world defense strategies.
• Learn to think like an attacker and defend like a pro.
• Increase your codebase’s security resilience.
• Perfect for developers, security engineers, and team leads looking to integrate security into their workflows.
• Identify and remediate OWASP Top 10 vulnerabilities in Ruby applications
• Implement secure coding practices to prevent common security flaws
• Use Ruby libraries and frameworks securely using best practices
• Conduct secure design reviews and apply defensive programming techniques
• Manage dependencies and avoid supply chain risks
• Design secure authentication and access control
• Build logging and monitoring strategies for early threat detection
• Ruby developers looking to enhance application security
• Application security engineers securing Ruby codebases
• Development team leads embedding security into workflows
• DevOps professionals deploying secure Ruby environments
• Security enthusiasts with basic Ruby knowledge
Basic understanding of web security principles is recommended (not mandatory). Prior coding experience in Ruby is required.
Training your development teams in secure software design and coding techniques brings significant long-term benefits to your organisation:
• Increased trust: Maintain the confidence of your customers and partners by reducing risk exposure.
• Reduced costs and increased efficiency: Minimise rework and avoiding the significant costs associated with fixing security flaws post-deployment.
• Regulatory compliance: Stay compliant with industry standards (e.g., OWASP, ISO 27001, PCI DSS).
1. Introduction to Secure Coding in Ruby
2. Broken Access Control
3. Cryptographic Failures
4. Injection Vulnerabilities
5. Insecure Design
6. Security Misconfiguration
7. Vulnerable and Outdated Components
8. Identification and Authentication Failures
9. Software and Data Integrity Failures
10. Security Logging and Monitoring Failures
11. Server-Side Request Forgery (SSRF)
12. Secure Coding Lifecycle
Instructor-led training delivered either live online or in-person. The course blends theory with intensive hands-on exercises, where participants write, identify, and fix insecure Ruby code using a dedicated lab environment.
• Live instructor-led sessions (online or in-person)
• Downloadable slides and course materials
• Access to a dedicated lab environment
• Programming-language specific labs: Ruby
• Certificate of Completion
• Option to customise content for organisational objectives
SECCDRB-01 Secure Coding in Ruby Core Course
Focuses on OWASP Top 10 and practical defensive techniques. Prior Ruby experience required.
SECCDRB-02 Secure Coding in Ruby Advanced Course
Covers complex secure design patterns, automation, and secure SDLC integration. For senior devs and security leads.
SECCDRB-03 Secure Coding in Ruby for PCI DSS
Targeted training for teams building Ruby applications in PCI DSS environments, covering key compliance requirements through secure coding practices and real-world labs. Perfect for developers working with cardholder data or payment systems.
Senior Official ISC2 Authorised Instructor for CISSP, CCSP, CSSLP and SSCP
Fabio Cerullo, CISSP, CCSP, CSSLP, SSCP, is the Managing Director of Cycubix Ltd., where he leads cybersecurity consulting, compliance programs and professional training services for organisations across a wide range of industries. His work spans secure engineering, cloud security and guidance on major regulatory and certification requirements including ISO 27001, SOC2, FedRAMP, NIS2, PCI and GDPR.
He also serves as an ISC2 Senior Authorised Instructor, delivering advanced courses that help security and engineering teams build practical skills in cloud security, software security and information risk management. His cloud expertise is reinforced by his AWS Certified Solutions Architect and AWS Security Specialty certifications and hands-on experience advising organisations on secure architecture and cloud-native security practices.
He is an active contributor to the OWASP Foundation, regularly providing training, speaking at industry events and supporting community initiatives focused on modern application security. He volunteers as Google Summer of Code administrator, mentoring new students into the cybersecurity field and guiding them through their first contributions to open source security projects.
Originally from Argentina and now based in Ireland, he holds a master’s degree in computer engineering. His interests include emerging technologies, with a particular focus on AI risks and secure AI engineering. Outside of his professional work he enjoys spending time with his family, running outdoors, and actively supporting initiatives that aim to make high-quality cyber-security education accessible to a broader audience.
Fabio Cerullo, CISSP, CCSP, CSSLP, SSCP, is the Managing Director of Cycubix Ltd., where he leads cybersecurity consulting, compliance programs and professional training services for organisations across a wide range of industries. His work spans secure engineering, cloud security and guidance on major regulatory and certification requirements including ISO 27001, SOC2, FedRAMP, NIS2, PCI and GDPR.
He also serves as an ISC2 Senior Authorised Instructor, delivering advanced courses that help security and engineering teams build practical skills in cloud security, software security and information risk management. His cloud expertise is reinforced by his AWS Certified Solutions Architect and AWS Security Specialty certifications and hands-on experience advising organisations on secure architecture and cloud-native security practices.
He is an active contributor to the OWASP Foundation, regularly providing training, speaking at industry events and supporting community initiatives focused on modern application security. He volunteers as Google Summer of Code administrator, mentoring new students into the cybersecurity field and guiding them through their first contributions to open source security projects.
Originally from Argentina and now based in Ireland, he holds a master’s degree in computer engineering. His interests include emerging technologies, with a particular focus on AI risks and secure AI engineering. Outside of his professional work he enjoys spending time with his family, running outdoors, and actively supporting initiatives that aim to make high-quality cyber-security education accessible to a broader audience.
The PCI DSS enhances the security of cardholder data. Applications handling payment information must be secure. This course equips developers with the skills to code defensively and meet the secure coding and application security requirements of PCI
Security must be an integral part of the development process and consider risks in a focused and efficient way. Including threat modeling in the application life cycle ensures that applications are developed with security built-in from inception.
Learn to identify, analyse, and understand real-world web vulnerabilities. This hands-on course, aligned with the OWASP Top 10 2025, empowers professionals to spot and assess security risks—human or AI-generated—before they reach production.
Hands-on training that teaches teams to securely develop and deploy AI and LLM applications. Learn how to prevent prompt injection, data leakage, and other critical risks from the OWASP Top 10 for LLMs.
