Course Description:
This course teaches you the basic principles of secure programming. The course is aimed at every programmer or software developer who develops any application in any programming language.
Course Topics:
Secure Programming Awareness
●      Why Secure Coding + EXERCISE
Introduction to Secure Programming
●      What is security?
●      Security jargon + EXERCISE
●      Threats
●      STRIDE Method + EXERCISE
●      Attack surface and Trust zones
●      Web applications + DEMO
●      HTTP Requests
●      HTTP Responses + EXERCISE
●      HTTP Header injections + EXERCISE
●      Browser Security Model + EXERCISE
●      Current state of web security
Authentication and Session Management
●      Authentication + DEMO, EXERCISE
●      Password storage + EXERCISE
●      Managing lost passwords
●      Sessions and cookies + DEMOS
●      Cross-Site Request Forgery + EXERCISE
●      Clickjacking
Handling Input
●      Injection Attacks
●      Subsystems and data flows
●      User input & Trust + EXERCISE
●      SQL injection + DEMOS, EXERCISES
●      Input validation + EXERCISES
●      Buffer overflows + DEMO, EXERCISE
●      Cross-site Scripting (XSS) Attacks + DEMOS, EXERCISES
●      File Uploads + EXERCISES
●      Encoding + DEMO
●      Second order injections
Authorization
●      Checks
●      Session Poisoning + EXERCISE
●      Race conditions
Configuration, Error Handling, Logging
●      3rd Party components
●      Configuration and hardening + DEMO
●      Information Leaks
●      Reduce attack surface
●      Side channel attacks
●      Error handling
●      Denial of Service + EXERCISE
●      Logging
Cryptography
●      Man in the Middle attack
●      Trusted 3rd party
●      Threats
●      General guidelines
Secure Software Engineering
●      Assessment + EXERCISE
●      SDLC and Security
●      Requirements
●      Threat modeling + EXERCISE
●      Secure design
●      STRIDE per element
●      Architecture analysis + EXERCISE
●      Secure coding + DEMO
●      Security testing
Learning Goals:
●      Understanding the various issues of insecure software
●      Understanding how software vulnerabilities come into existence, how an attacker can exploit these, and what measures to take to counter this
●      Understanding how to integrate security in the requirements, designing, coding and testing phases of the software building process
Course Agenda:
Day 1
●      Introduction
●      Secure Programing Awareness
●      Introduction to Secure Programming
●      Authentication and Session Management
●      Handling Input (1)
Day 2
●      Handling Input (2)
●      Authorization
●      Configuration, Error Handling, Logging
●      Cryptography
●      Secure Software Engineering
Who can Attend?
All software developers, lead programmers and software architects. This course is programming language agnostic, so every developer can attend this course.

Related

---