Post on 26-Jan-2021
transcript
Writing Secure Code – SS201
This technical course covers a wide range of application security topics in a programming language agnostic format. During this hands-on course, students will examine actual code, tools, and other resources that help them understand how hackers think, the techniques they use to attack their applications and the best countermeasures they can use to mitigate the risk of those attacks.
Target Audience § Software Developers § Technical Leads
Course Requirements & Prerequisites § Software Secured’s Application Security Fundamentals – SS201 § Intermediate to expert understanding of the web as well as the HTTP protocol. § Intermediate to expert experience with web development technologies such as HTML, CSS, JavaScript, SQL, etc § Students are required to bring their own laptops with a minimum of 4 GB RAM installed. § VMware Workstation / Fusion / VirtualBox installed. § At least 60 GB HD free § Wired Network Support § USB 2.0/3.0 Support
Writing Secure Code SS-201
“My entire development had taken software security training from Sherif. The training provided very practical guidance on how to write secured software catered in the programming language we requested. We had already made some changes
based on what we learned.” Tongfeng Zhang - CIRA 1 Day Course
Writing Secure Code – SS201
Course Contents § Introduction § Attacking & Securing Data Storages:
o SQL Injection o Parameterization o Secure Stored Proc Usage
§ Attacking & Securing OS Calls o Path manipulation o Secure File Upload o Command Injection o Secure OS system calls
§ Attacking & Securing User Input o Exploiting and mitigating cross-site scripting attacks. o Whitelisting vs. blacklisting
§ Attacking & Securing Authentication and Authorization o Designing secure authentication process o Designing secure authorization process
§ Attacking & Securing the software security supply chain § Exploiting & Preventing cross-site request forgery using the synchronizer pattern § Attacking & Securing direct object reference using indirect reference maps § Implementing secure cryptography § Securing the transport layer § Securing redirect and forwards § Conclusion and closeout remarks