IT Security C&T
Facebook
Twitter
Google
Youtube
Linkedin
Bookmark and Share
  change font size تصغير الخط تكبير الخط print
Home » IT Security C&T Training Courses »

Applications Security Foundation

Applications Security Foundation

Course Overview

 This course covers the secure coding essential topics that are relevant to a large number of web application developers. It will teach students concepts of secure programming and involves looking at a specific piece of code, identifying a security flaw, and implementing a fix for that flaw. In this course you will watch demos of real word attacks and how to prevent them, and gain confidence in the journey to improving the security of your applications.

Upon Completion

  • Students will get knowledge in:
  •  Web Application Security.
  • Common Web Application Risks.
  • Demo Web Application Penetration
  • Data Validation
  • Authentication.
  • Session Management.
  • Secure SDLC.

 Course Content

 Module 1: Introduction to Software Security

  • Course overview.
  • Course objectives.
  • Introduction.
  • Why care about software security.
  • Application threats.
  • Common vulnerabilities.
  • Definitions of software security.
  • Secure coding fundamentals.

Module 2: Common Web Application Risks (OWASP Top 10)

· A1 - Injection.

  1.  SQL Injection.
  2.  OS/Command Injection.
  3.  LDAP Injection.

· A2 - Broken Authentication and Session Management.

  1.  A3 - Cross-Site Scripting (XSS).
  2.  A4 - Insecure Direct Object References.
  3.  A5 - Security Misconfiguration.
  4.  A6 - Sensitive Data Exposure.
  5.  Data at Rest.
  6.  Data in Transit.
  7.  A7 - Missing Function Level Access Control .

Module 3: Demo Web Application Penetration

  • Videos.
  • Vulnerability penetration demo.

 Module 4: Data Validation

  • Input validation.
  • Server vs. Client side validation.
  • Whitelisting vs. blacklisting
  • Output encoding and escaping
  • Parameterized queries
  • Using frameworks and APIs
  • Microsoft Web Protection Library
  • Java Regex.
  • OWASP ESAPI validators.

Module 5: Authentication

  • Basic vs. forms based Authentication.
  • Authentication Policies.
  • Authorization and permissions.

 

Module 6: Session Management

  • Protecting session IDs.
  • Session Hijacking.
  • Session Fixation.

 

Module 7: Secure SDLC

  • Overview.
  • Secure software development lifecycle.
  • A Secure Process.
  • Manager’s point of view.
  • Developer’s point of view.
  • Consumer expectations.
  • Business responsibility.
  • Phases of development lifecycle.

Course Title:  Secure Coding Essentials

Duration: 3 days, 24 Hrs

Class Format Options: Instructor-Led Training/Classroom

Who Should Attend: Developers looking to extend their knowledge in secure coding.

Prerequisites:

  • Knowledge of a Programming language (JAVA, .NET, PHP).
  • Knowledge of Web technology.
  • Knowledge of Database Management Systems. (Oracle, MySQL, MSSQL)

 Exam Cost :  50 USD via IT Security C&T

 Type of Certificate Obtained Secure Coding Essentials

 

 

 

Menu

Site By