Secure Programming Foundation 2 Days Training in Detroit, MI

Course Description:

This course teaches you the basic principles of secure programming. The course is aimed at every programmer or software developer who develops any application in any programming language.

Course Topics:

Secure Programming Awareness

●      Why Secure Coding + EXERCISE

Introduction to Secure Programming

●      What is security?

●      Security jargon + EXERCISE

●      Threats

●      STRIDE Method + EXERCISE

●      Attack surface and Trust zones

●      Web applications + DEMO

●      HTTP Requests

●      HTTP Responses + EXERCISE

●      HTTP Header injections + EXERCISE

●      Browser Security Model + EXERCISE

●      Current state of web security

Authentication and Session Management

●      Authentication + DEMO, EXERCISE

●      Password storage + EXERCISE

●      Managing lost passwords

●      Sessions and cookies + DEMOS

●      Cross-Site Request Forgery + EXERCISE

●      Clickjacking

Handling Input

●      Injection Attacks

●      Subsystems and data flows

●      User input & Trust + EXERCISE

●      SQL injection + DEMOS, EXERCISES

●      Input validation + EXERCISES

●      Buffer overflows + DEMO, EXERCISE

●      Cross-site Scripting (XSS) Attacks + DEMOS, EXERCISES

●      File Uploads + EXERCISES

●      Encoding + DEMO

●      Second order injections

Authorization

●      Checks

●      Session Poisoning + EXERCISE

●      Race conditions

Configuration, Error Handling, Logging

●      3rd Party components

●      Configuration and hardening + DEMO

●      Information Leaks

●      Reduce attack surface

●      Side channel attacks

●      Error handling

●      Denial of Service + EXERCISE

●      Logging

Cryptography

●      Man in the Middle attack

●      Trusted 3rd party

●      Threats

●      General guidelines

Secure Software Engineering

●      Assessment + EXERCISE

●      SDLC and Security

●      Requirements

●      Threat modeling + EXERCISE

●      Secure design

●      STRIDE per element

●      Architecture analysis + EXERCISE

●      Secure coding + DEMO

●      Security testing 

Learning Goals:

●      Understanding the various issues of insecure software

●      Understanding how software vulnerabilities come into existence, how an attacker can exploit these, and what measures to take to counter this

●      Understanding how to integrate security in the requirements, designing, coding and testing phases of the software building process 

Course Agenda:

Day 1

●      Introduction

●      Secure Programing Awareness

●      Introduction to Secure Programming

●      Authentication and Session Management

●      Handling Input (1)

Day 2

●      Handling Input (2)

●      Authorization

●      Configuration, Error Handling, Logging

●      Cryptography

●      Secure Software Engineering 

Who can Attend?

All software developers, lead programmers and software architects. This course is programming language agnostic, so every developer can attend this course.