RCSD (Reflare Certified Secure Developer)

Trainees must apply each video lesson’s attack or defence technique in a live VM setting to move through the program.

Bypassing traditional exams and multiple-choice tests, RCSD delivers practical learning and hands-on experience in crafting secure code.

Runs in the Cloud

You don't need to install anything. All lessons and challenges run entirely on Reflare's cloud infrastructure.

This means you can scale to any number of trainees without the concern of ongoing maintenance costs, client-side infrastructure, plug-ins or applications.


Pain Free Launch

You can add your trainees, set your completion dates, and leave the rest to us.

Your developers can take the program at a time that best suits their workflow. Whether on-site, travelling, or remote, the deployment and the completion of RCSD only require an internet connection and a web browser.

Go Live

Work Ready Skills

We know developers can only write secure code if they understand how weaknesses are abused.

RCSD uses concise, easy-to-follow video lessons that teach both the practical attack and defence techniques for common web vulnerabilities.

The developer must then demonstrate that they can translate this understanding into practice in the real world.


Hands-on Testing

After each lesson, Reflare boots a VM (virtual machine) that contains a proprietary challenge.

To advance to the next lesson, the trainee must successfully either attack or defend the system against the taught vulnerability, proving their comprehension, retention, and practical application of the skill taught.


Track Progress

We take care of trainee commencement, tracking and deadline reminders.

Your easy-to-use admin interface allows you to track the progress of group and individual developers, onboard new team members, pull performance reports, and access completion certificates for compliance audits, all at the click of a button.

Reflare Certified Secure Developer

Hands-on capability development with live VM challenges

Reflare Certified Secure Developer (RCSD)
Lesson 1
Introduction and How-To
Lesson 2
Input Validation - Cross-Site Scripting (XSS)
Lesson 3
Client Side Input Validation
Lesson 4
Input Validation - SQL Injection (SQLi)
Lesson 5
Input Validation - Command Injection (CMDi)
Lesson 6
Input Validation - File Uploads
Lesson 7
Input Validation - Remote File Inclusion (RFI)
Lesson 8
Forced Browsing
Lesson 9
Directory Traversal
Lesson 10
Lesson 11
Session Management
Lesson 12
Lesson 13
Sniffing, MITM and SSL
Lesson 14
Open Redirects
Lesson 15
Cross-Site Request Forgery (CSRF)
Lesson 16
Information Leakage
Lesson 17
Browser Security Measures
Lesson 18
Simple Scanner Usage
Lesson 19
XPath Injection
Lesson 20
Buffer Overflows
Lesson 21
Secure Cryptographic Storage
Lesson 22
Encrypted Databases
Lesson 23
Lesson 24
Environment Separation
Lesson 25
Closing Thoughts
Minimum time commitment to complete RCSD training: 4 hours.