Secure Programming Foundation course

Register nowBook as incompany

What will you learn?

  • 9Understand the role of the programmer within the scope of the SDLC
  • 9The most important types of coding mistakes that lead to insecure software, and how they are exploited by attackers
  • 9How to analyse code and identify the most common mistakes that lead to security problems
  • 9How to verify the security of code


  • 2 course days
  • 8 hours of self study
  • €1.395,- excluding VAT

Your trainers

Tim Hemel
Secure Software Specialist &
Security Consultant

About Tim

While working as a security researcher, Tim Hemel discovered that few programmers learned to write safe software as part of their education. To fill this gap, he developed a Safe Programming course, focusing on developing the right mindset rather than remembering details that are out of date after three months.

He now assists software development teams from iComply in making secure software. He uses the Framework Secure Software, which he co-developed to structure security in software during construction and to be able to test it at any time.

Jochen den Ouden
Ethical Hacker

About Jochen

As a cyber security specialist, Jochen den Ouden believes that information security is only possible in an interaction between people, technology and organization. These three links are inextricably linked. He is a Certified Ethical Hacker and provides training in privacy and hacking, as well as hacking companies on an ethical basis to make them aware of their level of information security. Before becoming an independent entrepreneur, he taught computer science at Stenden University.

About the Secure Programming Foundation course

Secure Programming Foundation offers an intensive hands-on introduction to secure software development. In this course, you will learn what common programming errors can lead to software vulnerabilities, how these errors are exploited by attackers, and how you can prevent the software flaws that enable cyberattacks. Through a structured approach, based on the Framework Secure Software, you will learn the basic skills for developing secure applications


Experience with at the minimum one programming language is expected to participate in the hands -on exercises.

Intended audiences:

  • Developers that have limited knowledge of secure programming or need an update of their knowledge
  • Professionals that need to interact with secure programmers, but are not a programmer themselves (i.e. those who need to speak the language of secure programmers, but do not have to produce the code themselves)
  • Those with an interest in secure coding in general

Classroom training or Online Live?

  • Classroom Training: You’re our guest and threated as such

When you take our Classroom Training you are our guest, and that’s how we’ll threat you! You’ll train in an inspiring training environment handpicked based on the highest quality standards. All trainings include a delicious lunch, when you register to your training you can indicate any dietary requirements that we should consider.

  • Online Live Training: Prepare, train and certify from the comfort of your home or work

For those of you preferring an online experience, we offer Online Live Training through the SECO – Institute Online Learning Platform based on BigBlueButton, a secure platform specifically designed for Online Training that requires collaboration and (hands on) exercises. Course materials are delivered via a designated Student Portal prior to your training. For the SECO – Institute trainings, the examination is also conducted online via a certified Proctor. Everything you need to prepare, train and certify from the comfort of your home or work.

* Our classroom trainings are delivered in Dutch or English, depending on the composition of the student group
* Our Online Live Trainings are delivered either in Dutch or in English. Make sure that you register for the right class!

The following is included:

  • 2 days of training from a senior instructor that will practice what he/ she preaches
  • Official SECO–Institute course materials
  • Practice exam
  • Secure Programming Foundation exam
  • “S-SPF” digital Acclaim badge when you pass the exam
  • 1- year free SECO Membership

Why Seco Institute?

 SECO- Institute courses are very hands on oriented and aimed at gaining actionable knowlegde and skills. We only work with freelance, senior instructors that guided many customers in their efforts to reach a secure development practice. Their unique blend of in-depth security expertise with a strong development background enables you to not just understand the risks but how to actually produce secure code. SECO- Institute instructors have gone through a scrutinous accreditation process, where they’re tested on domain expertise as well as communication- and presentation skills. When not consulting or teaching, you will find them presenting on international cybersecurity conferences and supporting non- profit community driven projects, sharing their knowledge and expertise for the greater good.

The course covers the following subjects:

The fundamentals of secure software

  • Introduction to Secure Software Development Life Cycle
  • Principle of threat modelling
  • Development models related to secure programming (Agile,DevOps, etc.)
  • Development models specific to secure programming (BSIMM,OWASP ASVS, Mitre SEG security paragraphs, DevOpS CI/CD…)

Overview of the security aspects in software

  • Intro to SECO’s Secure Application Testing Framework
  • Practical examples of pitfalls and remediations
  • The importance of layering and isolation
  • The mentality of security

Common mistakes & code verification techniques

  • More in-depth common scenario’s, like authentication/session management, input handling, secure use of external dependencies, tamper-proof logging
  • Treatment of code verification

About the Exam

The Secure Programming Foundation course is the first level of the SECO-Institute Secure Software Track. At this moment, the Practitioner and Expert level courses are still in development. The exam is included in your training fee but governed and carried out by the SECO – Institute. Upon successful completion, you will receive the S-SPF certification title and a digital badge.

Exam information

  • Exam language: English
  • Type of exam: online exam (you must reserve this exam yourself)
  • Type of questions: 40 multiple choice questions
  • Exam time: 60 minutes

About the certificate

Secure Programming Foundation equips you with the knowledge and skills you need to lay the foundations of a career as a secure software developer, software engineer or software auditor.

By passing the SPF certification exam and earning a SECO-Secure Programming Foundation (S-SPF) certificate, you demonstrate your ability to:

  • Understand the importance of security in the software lifecycle and the logic behind industry-approved secure development principles;
  • Understand web application attack surfaces and trust boundaries;
  • Understand the workings of HTTP requests and header injection;
  • Understand password authentication vulnerabilities and effective countermeasures;
  • Understand the security implications of session management and identify effective countermeasures against session fixation;
  • Identify countermeasures against cross-site request forgery (CSRF) and clickjacking attacks;
  • Identify countermeasures against injection attacks;
  • Identify countermeasures against buffer overflows;
  • Identify countermeasures against cross-site scripting (XSS);
  • Identify countermeasures against file upload attacks;
  • Identify countermeasures against character encoding vulnerabilities;
  • Understand privilege escalation and list relevant mitigation techniques;
  • Secure products by hardening and vulnerability scanning;
  • Understand how to prevent side-channel attacks;
  • Understand how to prevent DoS attacks;
  • Understand the importance of good error handling practices;
  • Understand the security risks involved in logging;
  • Understand symmetric and asymmetric cryptography, Man-in-the-Middle attacks, and the pitfalls in SSL/TLS and HTTPS certificates.
  • Explain how security requirements can/should be identified;
  • Perform simple threat modelling exercises and identify security requirements for a system.

What are the benefits of an S-SPF certificate?

An S-SPF certificate demonstrates that you have a solid understanding of common software vulnerabilities and best-practice countermeasures. If you are considering a career in secure software development or software auditing, these competences are essential to get you started.

Practical Information

  • Course times: 9 am to approximately 4:30 pm. The coffee is ready at 8:30.
  • Lunch is included and consists of a buffet with, among other things, fresh sandwiches. Do you have allergies or dietary requirements? Please communicate this in time.
  • Training location:
    Quinten Matsijslei 25
    2018 Antwerp
  • By participating in a course or training you agree with our terms and conditions

Register now

Book as incompany or stay up to date