COURSE DESCRIPTION:The Secure Programming Foundation course is the
first level of the SECO – Secure Software certification track.
This introductory course covers the basic concepts of SECURE
PROGRAMMING. The course offers an ideal mix of theory and practice,
where practical examples are illuminated with case studies.
LEARNING GOALS:
The aim of the course is to enable candidates to apply security
principles in design and code, detect security problems in software
and explain the causes of these problems.
IN MORE DETAIL, CANDIDATES SHOULD BE ABLE TO:
● Understand the importance of security in the software
life cycle and the logic behind security principles
● Define basic security terms, e.g. STRIDE, attack surface,
trust boundaries, password salting, authentication, authorisation,
hardening, cryptography
● Understand web application attack surfaces and trust
boundaries
● Explain the workings of HTTP requests and header
injection
● List password authentication vulnerabilities and relevant
countermeasures
● Summarise the security implications of session management
and list relevant countermeasures against session fixation
● Identify countermeasures against cross-site request
forgery (CSRF) and clickjacking attacks
● Identify and explain countermeasures against injection
attacks
● Identify and explain countermeasures against buffer
overflows
● Identify and explain countermeasures against cross-site
scripting (XSS)
● Identify and explain countermeasures against file upload
attacks
● Identify and explain countermeasures against character
encoding vulnerabilities
● Understand privilege escalation and list relevant
mitigation techniques
● Explain how to secure products by hardening and
vulnerability scanning
● Summarise how to prevent side channel attacks
● Summarise how to prevent DoS attacks
● Understand the importance of good error handling
practices
● Understand the security risks involved in logging
● Understand symmetric and asymmetric cryptography,
Man-in-the-Middle attacks and the pitfalls in SSL/TLS and HTTPS
certificates
● Explain how security requirements can/should be
identified
● Perform simple threat modelling exercises and identify
security requirements for a system
COURSE AGENDA:
THE COURSE COVERS EIGHT AREAS OF ATTENTION
● Module 1: Secure Programming Awareness
● Module 2: Security from a Technical Point of View
● Module 3: Authentication and Session Management
● Module 4: Handling Input
● Module 5: Authorisation
● Module 6: Configuration, Error Handling and Logging
● Module 7: Cryptography
● Module 8: SECURE SOFTWARE ENGINEERING
WHO CAN ATTEND?
Novice or experienced programmers or software developers whose primary
activities include
● developing software,
● testing or auditing software,
● facilitating software development
culture
sports
1426
Views
29/01/2020 Last update