SECO – Secure Programming Foundation 2 Days Training in Tampa, FL

Course Description:

The Secure Programming Foundation course is the first level of the SECO – Secure Software certification track.

This introductory course covers the basic concepts of secure programming. The course offers an ideal mix of theory and practice, where practical examples are illuminated with case studies.
 

Learning Goals:

The aim of the course is to enable candidates to apply security principles in design and code, detect security problems in software and explain the causes of these problems.

In more detail, candidates should be able to:

●      Understand the importance of security in the software life cycle and the logic behind security principles

●      Define basic security terms, e.g. STRIDE, attack surface, trust boundaries, password salting, authentication, authorisation, hardening, cryptography

●      Understand web application attack surfaces and trust boundaries

●      Explain the workings of HTTP requests and header injection

●      List password authentication vulnerabilities and relevant countermeasures

●      Summarise the security implications of session management and list relevant countermeasures against session fixation

●      Identify countermeasures against cross-site request forgery (CSRF) and clickjacking attacks

●      Identify and explain countermeasures against injection attacks

●      Identify and explain countermeasures against buffer overflows

●      Identify and explain countermeasures against cross-site scripting (XSS)

●      Identify and explain countermeasures against file upload attacks

●      Identify and explain countermeasures against character encoding vulnerabilities

●      Understand privilege escalation and list relevant mitigation techniques

●      Explain how to secure products by hardening and vulnerability scanning

●      Summarise how to prevent side channel attacks

●      Summarise how to prevent DoS attacks

●      Understand the importance of good error handling practices

●      Understand the security risks involved in logging

●      Understand symmetric and asymmetric cryptography, Man-in-the-Middle attacks and the pitfalls in SSL/TLS and HTTPS certificates

●      Explain how security requirements can/should be identified

●      Perform simple threat modelling exercises and identify security requirements for a system

Course Agenda:

The course covers eight areas of attention

 ●      Module 1: Secure Programming Awareness

●      Module 2: Security from a Technical Point of View

●      Module 3: Authentication and Session Management

●      Module 4: Handling Input

●      Module 5: Authorisation

●      Module 6: Configuration, Error Handling and Logging

●      Module 7: Cryptography

●      Module 8: Secure Software Engineering

Who can Attend?

Novice or experienced programmers or software developers whose primary activities include

 ●      developing software,

●      testing or auditing software,

●      facilitating software development