[email protected] +44 (0)20 7917 9527
Book your demo
Back
Products new

Products

Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Cyber Security eLearning

Engage And Educate Employees To Be The First Line Of Defence

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Content Library

Explore Our Award-Winning Elearning Library, Tailored For Every Department

Cyber Police Departmental Cyber Security Training
Incident Management

Take Control Of Internal Incidents And Remediate What Matters

Back
Industry

Industries

Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 


Financial Services

Creating A First Line Of Defence For Financial Service Organisations

Governments

A Go-To Security Awareness Solution For Governments

Enterprises

A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives

Back
Resources

Resources

From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Blog News Room
Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

Back
About

About

With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes

MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Cyber Security Awareness
Phishing & Ransomware
eLearning
Policy Management
Compliance
Privacy, GDPR & CCPA
GRC

Secure Coding Practices in Software Development

Secure coding

about the author

James MacKay

James MacKay

James MacKay is the COO of MetaCompliance and a recognised security awareness training expert. James has a deep understanding of delivering effective Security Awareness Training and is committed to helping organisations keep their staff safe online, secure their digital assets and protect their corporate reputation. 

In 2020, MetaCompliance released our series of Secure Coding titles based on the OWASP Top 10.

OWASP (Open Web Application Security Project) is a non-profit foundation that works to improve the security of software.

Their Top 10 is a standard awareness document which represents a broad consensus about the most critical security risks to web applications.

Open Web Application Security Project (OWASP) 

In 2021, OWASP released their updated Top 10 list of threats. This current list is based on an expanded number of Common Weakness Enumerators (CWE’s), which are part of a system for categorising software weaknesses and vulnerabilities.

The main difference this time around is that OWASP has created their list from a root-cause perspective, as opposed to a combination of root-cause and symptom. This means that some topics which found their own place in the 2017 Top 10 have now been integrated into other overarching threats, whilst still remaining relevant as an issue for developers. For example, Cross-Site Scripting now finds itself as a symptom of SQL Injection and not a separate threat.

The 2021 Top 10 also defines the need for a fundamental shift in how software is designed, and as a result, Insecure Design now finds itself as a main threat in the list. This new addition to the Top 10 takes into account the increasing risks to application security by ensuring that solid advice exists for integrating security concepts at each stage of the Software Development Lifecycle.

Secure Coding eLearning Series 

Similar to our previous iteration, our Secure Coding series seeks to distil the information collated by OWASP into a format which can be easily digested by anyone who needs to be aware of application security issues.

This time around, we’ve done something radically different with the content. Each topic in the Top 10 has its own dedicated module which covers:

  • Defining the threat
  • Understanding how to identify the threat
  • How to check your application for vulnerabilities
  • Mitigating the risk from the identified threat

For each topic, there is a robust assessment which takes into account the importance of the risk to your organisation, by rigorously examining your learner’s knowledge of the Top 10 threat.

The topics covered are:

  • What is Secure Coding?
  • Broken Access Control
  • Cryptographic Failures
  • SQL Injection
  • Insecure Design
  • Security Misconfiguration
  • Vulnerable and Outdated Components
  • Identification and Authentication Failures
  • Software and Data Integrity Failures
  • Security Logging and Monitoring Failures
  • Server-Side Request Forgery

you might enjoy reading these

Request A Demo

Request a free demo today and see how our world-class cyber Security Awareness Training could benefit your organisation.

The demo only takes 30 minutes of your time and you don’t need to install any software.