Your Personal Laboratory

What makes our training experience unique is that you get access to a fully functional, isolated lab environment — the test system of “Dubius Payment Ltd.”. This fictitious payment service provider offers merchants a credit card transaction gateway for handling online payments. For a first impression, we’ve included a short excerpt from the REST API documentation.

After a penetration test uncovered several critical vulnerabilities in the payment gateway, it’s now your turn: as the newly appointed lead developer, your mission is to review the application’s source code and eliminate all identified security flaws. Practical, hands-on work is at the core of this course. We’ve prepared multiple vulnerability sets — each containing ten unique flaws — and one of them will be randomly assigned to you when your lab session begins.

The lab is entirely yours — no shared environments. You’ll have 20 days of unrestricted access, with the flexibility to train whenever it suits you. The laboratory remains available around the clock, allowing you to practice, test, and improve at your own pace.

Process

Getting started with your Secure Coding Training Lab is simple and flexible. After purchasing the course, you can choose your preferred programming language and freely schedule the start of your lab access to fit your availability.

Once your lab session begins, you’ll receive access to all lab materials and documentation, including the source code of the vulnerable application and setup instructions. Your goal is to identify and fix the security vulnerabilities within your assigned lab environment.

For the first successfully fixed vulnerability, you will automatically receive a Proof of Participation in PDF format — confirming your progress and hands-on achievements.

If you manage to fix at least 8 out of the 10 vulnerabilities, you will be awarded the Binsec Academy Certified Secure Coding Professional (BACSCP) certificate, recognizing your practical skills and successful completion of the lab challenge.

Confirmation of Participation

After you have successfully fixed a vulnerability for the first time, you will automatically receive a PDF file that confirms your participation.

BACSCP (Binsec Academy Certified Secure Coding Professional)

The BASCP certificate will be available for direct download as a PDF once you have successfully fixed at least eight out of ten vulnerabilities by the end of your lab period. Please note that all functional validation checks must have passed in your last commit.

DieBASCP-Zertifizierungweist gegenüber Dritten nach, dass du in der Lage bist:

• Identify and remediate the most common vulnerabilities in web applications
• Develop secure software in accordance with OWASP and PCI DSS principles
• Perform structured and methodical secure code reviews

Personal and Technical Requirements

You need a computer running Windows, macOS, or Linux, along with good programming skills in one of the supported languages. You should also be familiar with Git as a version control tool — basic commands such as git clone, git commit, and git push are sufficient. You can work with any code editor or IDE of your choice.

To connect to the lab environment, you’ll need the open-source software OpenVPN. If you’re operating behind a firewall that restricts outbound traffic (e.g., in a corporate network), you may need to allow the corresponding TCP port. The required port number and configuration file will be provided to you after purchase. For technical reasons, the lab connection does not use OpenVPN’s default port.

You should also have a good command of English, as all course materials, code comments, and documentation are provided exclusively in English.