This two-day course is for people who want to understand the technical controls used to prevent software vulnerabilities.
It focuses on common insecure coding practices and examines how these can be addressed to make secure applications.
It is much less expensive to build secure software than to correct security issues after the software has been completed or deal with the costs that may be associated with a security breach.
Securing critical software resources is more important than ever as the focus of attackers has steadily moved to the application layer.
Building secure software requires an understanding of security principles and the goal of software security is to maintain the confidentiality, integrity and availability of information resources in order to enable successful business operations.
During the course, you will have access to a specifically created controlled environment to demonstrate the main areas of vulnerability and mitigation strategies.
Target Audience:
- Penetration Testers
- Professional Software Developers
- Software Architects
- Software Security Auditors
- Security Managers
Learning Objectives
- You will learn about the vulnerabilities that arise from insecure coding and the array of hacking techniques that many attackers use to disrupt the way an application’s programming/business logic work
- You will find out how to take a ‘defence in depth’ approach and ensure you consider all the security issues that may arise while developing applications
- You will gain an understanding of the most important principles in secure coding and apply your new knowledge with examples and exercises in Java
- You will learn about the Security Development Lifecycle (SDL), a software development process that will help you build more secure software and address security compliance requirements while reducing development cost.
Pre-Requisites
Rather than attempt to cover all languages on one course we focus on the important principles. A basic understanding of web application coding is preferable, ideally in Java (as examples and exercises are in Java), however the course has been developed to
be language agnostic
Course Content
a. Disclaimer
b. Trends & Metrics
c. Lab Environment
2. Core Security Concepts
a. Confidentiality, Integrity, Availability
b. Authentication and Authorisation
c. Accounting
d. Non-repudiation
e. Privacy
f. Data Anonymisation
g. User Consent
h. Disposition
i. Test Data Management
3. Secure Development Lifecycle
a. Waterfall vs Agile
b. Microsoft SDLC
c. TouchPoints
d. CLASP
e. Comparison
4. Security Design Principles
a. Least Privilege
b. Separation of Duties
c. Defence in Depth
d. Fail Safe
e. Economy of Mechanism
f. Complete Mediation
g. Open Design
h. Least Common Mechanism
i. Psychological Acceptability
j. Weakest Link
k. Leveraging Existing Components
5. Secure Development Principles
a. Input Validation
b. Canonicalisation
c. Output Encoding
d. Error Handling
e. Authentication & Authorisation
f. Auditing & Logging
g. Session Management
h. Secure Communications
i. Secure Resource Access
j. Secure Storage
k. Cryptography
6. Best Practices
7. Conclusion
Online Courses
You may prefer an online course if you are looking for a flexible and cost-effective solution. Online courses allow you to study at your own pace, at a time that suits you.
We have the following eLearning options available:
