COURSE DESCRIPTION:This course teaches you the basic principles of
secure programming. The course is aimed at every programmer or
software developer who develops any application in any programming
language.
COURSE TOPICS:
SECURE PROGRAMMING AWARENESS
? Why Secure Coding + EXERCISE
INTRODUCTION TO SECURE PROGRAMMING
? What is security?
? Security jargon + EXERCISE
? Threats
? STRIDE Method + EXERCISE
? Attack surface and Trust zones
? Web applications + DEMO
? HTTP Requests
? HTTP Responses + EXERCISE
? HTTP Header injections + EXERCISE
? Browser Security Model + EXERCISE
? Current state of web security
AUTHENTICATION AND SESSION MANAGEMENT
? Authentication + DEMO, EXERCISE
? Password storage + EXERCISE
? Managing lost passwords
? Sessions and cookies + DEMOS
? Cross-Site Request Forgery + EXERCISE
? Clickjacking
HANDLING INPUT
? Injection Attacks
? Subsystems and data flows
? User input & Trust + EXERCISE
? SQL injection + DEMOS, EXERCISES
? Input validation + EXERCISES
? Buffer overflows + DEMO, EXERCISE
? Cross-site Scripting (XSS) Attacks + DEMOS, EXERCISES
? File Uploads + EXERCISES
? Encoding + DEMO
? Second order injections
AUTHORIZATION
? Checks
? Session Poisoning + EXERCISE
? Race conditions
CONFIGURATION, ERROR HANDLING, LOGGING
? 3rd Party components
? Configuration and hardening + DEMO
? Information Leaks
? Reduce attack surface
? Side channel attacks
? Error handling
? Denial of Service + EXERCISE
? Logging
CRYPTOGRAPHY
? Man in the Middle attack
? Trusted 3rd party
? Threats
? General guidelines
SECURE SOFTWARE ENGINEERING
? Assessment + EXERCISE
? SDLC and Security
? Requirements
? Threat modeling + EXERCISE
? Secure design
? STRIDE per element
? Architecture analysis + EXERCISE
? Secure coding + DEMO
? Security testing
LEARNING GOALS:
? Understanding the various issues of insecure software
? Understanding how software vulnerabilities come into
existence, how an attacker can exploit these, and what measures to
take to counter this
? Understanding how to integrate security in the
requirements, designing, coding and testing phases of the software
building process
COURSE AGENDA:
DAY 1
? Introduction
? Secure Programing Awareness
? Introduction to Secure Programming
? Authentication and Session Management
? Handling Input (1)
DAY 2
? Handling Input (2)
? Authorization
? Configuration, Error Handling, Logging
? Cryptography
? Secure Software Engineering
WHO CAN ATTEND?
All software developers, lead programmers and software architects.
This course is programming language agnostic, so every developer can
attend this course.
418
Views
22/07/2020 Last update
Regus - Minnesota, Minneapolis - AT&T Tower
100 901 S Marquette Ave Suite 1500, Minneapolis, 55402, MN, US