Secure Programming Foundation 2 Days Training in Minneapolis, MN

COURSE DESCRIPTION:This course teaches you the basic principles of secure programming. The course is aimed at every programmer or software developer who develops any application in any programming language. COURSE TOPICS: SECURE PROGRAMMING AWARENESS ?      Why Secure Coding + EXERCISE INTRODUCTION TO SECURE PROGRAMMING ?      What is security? ?      Security jargon + EXERCISE ?      Threats ?      STRIDE Method + EXERCISE ?      Attack surface and Trust zones ?      Web applications + DEMO ?      HTTP Requests ?      HTTP Responses + EXERCISE ?      HTTP Header injections + EXERCISE ?      Browser Security Model + EXERCISE ?      Current state of web security AUTHENTICATION AND SESSION MANAGEMENT ?      Authentication + DEMO, EXERCISE ?      Password storage + EXERCISE ?      Managing lost passwords ?      Sessions and cookies + DEMOS ?      Cross-Site Request Forgery + EXERCISE ?      Clickjacking HANDLING INPUT ?      Injection Attacks ?      Subsystems and data flows ?      User input & Trust + EXERCISE ?      SQL injection + DEMOS, EXERCISES ?      Input validation + EXERCISES ?      Buffer overflows + DEMO, EXERCISE ?      Cross-site Scripting (XSS) Attacks + DEMOS, EXERCISES ?      File Uploads + EXERCISES ?      Encoding + DEMO ?      Second order injections AUTHORIZATION ?      Checks ?      Session Poisoning + EXERCISE ?      Race conditions CONFIGURATION, ERROR HANDLING, LOGGING ?      3rd Party components ?      Configuration and hardening + DEMO ?      Information Leaks ?      Reduce attack surface ?      Side channel attacks ?      Error handling ?      Denial of Service + EXERCISE ?      Logging CRYPTOGRAPHY ?      Man in the Middle attack ?      Trusted 3rd party ?      Threats ?      General guidelines SECURE SOFTWARE ENGINEERING ?      Assessment + EXERCISE ?      SDLC and Security ?      Requirements ?      Threat modeling + EXERCISE ?      Secure design ?      STRIDE per element ?      Architecture analysis + EXERCISE ?      Secure coding + DEMO ?      Security testing  LEARNING GOALS: ?      Understanding the various issues of insecure software ?      Understanding how software vulnerabilities come into existence, how an attacker can exploit these, and what measures to take to counter this ?      Understanding how to integrate security in the requirements, designing, coding and testing phases of the software building process  COURSE AGENDA: DAY 1 ?      Introduction ?      Secure Programing Awareness ?      Introduction to Secure Programming ?      Authentication and Session Management ?      Handling Input (1) DAY 2 ?      Handling Input (2) ?      Authorization ?      Configuration, Error Handling, Logging ?      Cryptography ?      Secure Software Engineering  WHO CAN ATTEND? All software developers, lead programmers and software architects. This course is programming language agnostic, so every developer can attend this course.