Writing Secure Code - Software Secured | Application security … · 2019. 11. 18. · Writing...

Date post:	26-Jan-2021
Category:	Documents
Upload:	others
View:	2 times
Download:	0 times

Download Report this document

Share this document with a friend

Embed Size (px):

Writing Secure Code – SS201 This technical course covers a wide range of application security topics in a programming language agnostic format. During this hands- on course, students will examine actual code, tools, and other resources that help them understand how hackers think, the techniques they use to attack their applications and the best countermeasures they can use to mitigate the risk of those attacks. Target Audience § Software Developers § Technical Leads Course Requirements & Prerequisites § Software Secured’s Application Security Fundamentals – SS201 § Intermediate to expert understanding of the web as well as the HTTP protocol. § Intermediate to expert experience with web development technologies such as HTML, CSS, JavaScript, SQL, etc § Students are required to bring their own laptops with a minimum of 4 GB RAM installed. § VMware Workstation / Fusion / VirtualBox installed. § At least 60 GB HD free § Wired Network Support § USB 2.0/3.0 Support Writing Secure Code SS-201 “My entire development had taken software security training from Sherif. The training provided very practical guidance on how to write secured software catered in the programming language we requested. We had already made some changes based on what we learned.” Tongfeng Zhang - CIRA 1 Day Course

Transcript

Writing Secure Code – SS201

This technical course covers a wide range of application security topics in a programming language agnostic format. During this hands-on course, students will examine actual code, tools, and other resources that help them understand how hackers think, the techniques they use to attack their applications and the best countermeasures they can use to mitigate the risk of those attacks.

Target Audience § Software Developers § Technical Leads

Course Requirements & Prerequisites § Software Secured’s Application Security Fundamentals – SS201 § Intermediate to expert understanding of the web as well as the HTTP protocol. § Intermediate to expert experience with web development technologies such as HTML, CSS, JavaScript, SQL, etc § Students are required to bring their own laptops with a minimum of 4 GB RAM installed. § VMware Workstation / Fusion / VirtualBox installed. § At least 60 GB HD free § Wired Network Support § USB 2.0/3.0 Support

Writing Secure Code SS-201

“My entire development had taken software security training from Sherif. The training provided very practical guidance on how to write secured software catered in the programming language we requested. We had already made some changes

based on what we learned.” Tongfeng Zhang - CIRA 1 Day Course
Writing Secure Code – SS201

Course Contents § Introduction § Attacking & Securing Data Storages:

o SQL Injection o Parameterization o Secure Stored Proc Usage

§ Attacking & Securing OS Calls o Path manipulation o Secure File Upload o Command Injection o Secure OS system calls

§ Attacking & Securing User Input o Exploiting and mitigating cross-site scripting attacks. o Whitelisting vs. blacklisting

§ Attacking & Securing Authentication and Authorization o Designing secure authentication process o Designing secure authorization process

§ Attacking & Securing the software security supply chain § Exploiting & Preventing cross-site request forgery using the synchronizer pattern § Attacking & Securing direct object reference using indirect reference maps § Implementing secure cryptography § Securing the transport layer § Securing redirect and forwards § Conclusion and closeout remarks