Secure Programming Foundation

755.00  excl. VAT

Course Code: 0004804100

Duration: 3 days;

Delivery dates: TBA;

Instructor: TBA;

Certificate: Yes, upon completion;

Location: TBA.

Description

About

This course teaches you the basic principles of secure programming. The course is aimed at every programmer or software developer who develops any application in any programming language.

Audience

All software developers, lead programmers and software architects. This course is programming language agnostic, so every developer can attend this course.

Prerequisites

Participants need to have hands-on experience in programming and preferably have a basic knowledge of more than one programming language. Affinity with web technology is a plus.

Course Materials

SECURITY ACADEMIE.  0004804100

Course Outline

Secure Programming Awareness

  • Why Secure Coding + EXERCISE

Introduction to Secure Programming

  • What is security?
  • Security jargon + EXERCISE
  • Threats
  • STRIDE Method + EXERCISE
  • Attack surface and Trust zones
  • Web applications + DEMO
  • HTTP Requests
  • HTTP Responses + EXERCISE
  • HTTP Header injections + EXERCISE
  • Browser Security Model + EXERCISE
  • Current state of web security

Authentication and Session Management

  • Authentication + DEMO, EXERCISE
  • Password storage + EXERCISE
  • Managing lost passwords
  • Sessions and cookies + DEMOS
  • Cross-Site Request Forgery + EXERCISE
  • Clickjacking

Handling Input

  • Injection Attacks
  • Subsystems and data flows
  • User input & Trust + EXERCISE
  • SQL injection + DEMOS, EXERCISES
  • Input validation + EXERCISES
  • Buffer overflows + DEMO, EXERCISE
  • Cross-site Scripting (XSS) Attacks + DEMOS, EXERCISES
  • File Uploads + EXERCISES
  • Encoding + DEMO
  • Second order injections

Authorization

  • Checks
  • Session Poisoning + EXERCISE
  • Race conditions

Configuration, Error Handling, Logging

  • 3rd Party components
  • Configuration and hardening + DEMO
  • Information Leaks
  • Reduce attack surface
  • Side channel attacks
  • Error handling
  • Denial of Service + EXERCISE
  • Logging

Cryptography

  • Man in the Middle attack
  • Trusted 3rd party
  • Threats
  • General guidelines

Secure Software Engineering

  • Assessment + EXERCISE
  • SDLC and Security
  • Requirements
  • Threat modeling + EXERCISE
  • Secure design
  • STRIDE per element
  • Architecture analysis + EXERCISE
  • Secure coding + DEMO
  • Security testing