Magento Security for Developers (On-Demand)

Magento Training Migration: Thank you for your interest in registering for a Magento U course during the Magento Training Migration period (June 26 – July 9). Please complete the Course Registration Inquiry Form to begin the process. Once you submit this form, a member of our Customer Engagement team will reach out to you with additional details. If you have any other questions, feel free to email

Course Overview

The goal of this course is to help you develop skills and knowledge needed to securely deploy Magento 2 projects. This course will familiarize you with security best practices to enable you to support your development team working with the Magento 2 platform.

With the rise of global fraud and data breaches, security has become highest priority for ecommerce platforms. Without the knowledge and implementation of security best practices and protocols, merchants and partners put themselves and their customers at risk for data breaches and payment fraud. Merchants can find themselves at heightened risk if they leave gaps in their platform security. Securing the environment and adopting best practices becomes compulsory to minimize the risk of fraud.

Learning Objectives

After completing this course you will be able to:

  • Understand how the ecommerce threat landscape is changing
  • Configure and deploy defensive coding
  • Operationalize security measures and best practices
  • Develop and maintain incident response best practices
  • Describe business impact with security measures

Target Audience

  • Magento Commerce Senior Developer with full stack development experience (frontend and backend)
  • Project Manager & Solution Specialist responsible for Magento Commerce projects


  • Required: Magento 2 Certified Associate Developer
  • Recommended: Magento 2 Certified Professional Developer Plus
  • Recommended: Magento 2 Certified Solution Specialist

Course Outline

UNIT 1. Introduction to Magento Security for Developers

1.1 Ecommerce Threat Landscape
1.2 Magento Security Best Practices Overview
1.3 Shared Responsibility Agreement
1.4 Compliance

UNIT 2. Secure Programming

2.1 OWASP Top 10
2.2 Beyond OWASP Top 10
2.3 Defensive PHP Coding
2.4 Magento Specific Secure Coding
2.5 Restricting Access in Magento
2.6 Testing Your Magento Site Security

UNIT 3. Operational Security

3.1 Magento ACLs & User Permissions
3.2 Logging & Monitoring
3.3 Evaluating Extension Vendors

UNIT 4. Incident Response

4.1 Introduction to Incident Response
4.2 Incident Response Planning

UNIT 5. Business Impact

5.1 Business Impact & Case Studies