Last line of Defense - The Top 20 PLC Security Coding practices are out now

Tuesday, Jun 15, 2021, Budapest, Hungary

Today is the release of the 2021 Top 20 PLC Secure Coding Practices initiative launched by ISA Global Security Alliance and will now be hosted in collaboration with Admeritia. Honoring this critical milestone, Scademy has developed a course that gives an overview of PLC security based on the Top 20 PLC Secure Coding Practices List, explained with examples that can occur anytime in real life.

To download the document, please check the PLC Security Top 20 List website.

To check our latest released course based on these findings, check our latest CL-PLC course outline.

PLCs play a significant role in the world today. They are used in office buildings, factories, and even in power plants to automate tasks previously done by relays. While compromised PLC in an office building usually does not mean a severe threat to the employees, PLC in a nuclear power plant that an attacker has overtaken can cause a blackout in a city or even human casulties.

"The PLC can be the last line of defense, the last man standing before you have a physical impact."

Sarah Fluchs, one of the lead authors of the new PLC Security Top 20 List

This is just one of the comments that emphasize how PLC security did not get enough focus. Therefore this project aims to change this and can serve as a stopgap for developers.

"We at SCADEMY Secure Coding Academy decided to support this initiative and to develop hands-on training material addressing the Top 20 Secure PLC Coding Practices."

Zoltan Hornak, SCADEMY’s CEO and founder

With Scademy’s PLC Secure Software Development course, participants attending this training will understand basic concepts of security, get insight into PLC Input Validation or PLC Access Control and Integrity Check, among other practices.

Secure Coding Academy’s security expertise dates back to 1999 when SEARCH Laboratory was established as an IT security research group at the Budapest University of Technology and Economics. In 2008 we launched the Secure Coding Academy – later split to a separate company, SCADEMY Ltd – to educate corporate software engineers to secure coding practices. Today, SCADEMY trainers have trained in over 35 countries with over 4000 attendees around the globe and keep continuing to motivate secure coders. You can find the complete training portfolio in our course catalog.

For further information, visit our website or e-mail us at

SCADEMY runs a blog called Security Drops, which holds strictly technical content for developers.