Average Rating: 0.00/10
(# Rating Votes: 0 | Rate This Course | Contribute a Review )
Short Description:
This two-day workshop provides an overview of application security and it’s impact on the entire development lifecycle, from requirements gathering and design through testing and maintenance. Principles and elements of secure architecture and coding are closely examined and tied directly to the vulnerabilities they prevent or mitigate.
Full Description:
This two-day workshop provides an overview of application security and it’s impact on the entire development lifecycle, from requirements gathering and design through testing and maintenance. Principles and elements of secure architecture and coding are closely examined and tied directly to the vulnerabilities they prevent or mitigate. Hands-on lab exercises are offered each day to examine common application exploits, testing techniques, and tool demonstrations. Material is independent of specific platforms and languages, and provides an excellent foundation in application security for developers, product managers and security team members.
Benefits
Participants learn how to:
Address security in the design of an application
Identify assets, threats, and countermeasures
Validate input appropriately
Identify tools and techniques for secure implementation
Optimize the testing phase to identify vulnerabilities
Prevent application resource and information leakage
Who Should Attend
All members of the development team, including architects, developers, and product managers. Familiarity with basic programming concepts enhances the understanding of content on the second day.
Course Format and Schedule
This two-day course has both lecture and lab components. Course hours are 9:00 AM to 5:00 PM.
Topics Covered
Day 1: Secure Architecture Principles
Overview of Security Principles
Structural Security
Principle of Least Privilege
Input Validation and Output Sanitation
Tools Lab
Introduction to Netcat and @stake Webproxy
Elements of a Secure Design
Authentication and Authorization
Data Confidentiality and Integrity
Nonrepudiation, Auditing, and Availability
Introduction to Threat Modeling
Security During the Design Phase
Privileges and Privilege Boundaries
Prioritizing and Focusing Security Appropriately
Session and State Management
Implications of a Stateless Protocol
Common Errors and Best Practices
Session Management Lab
Weak Session Identifiers
Stealing Cookies (Cross-site Scripting)
Day 2: Secure Coding Principles
Common Coding Errors
Stack and Heap Overflows
Format String Vulnerabilities
Race Conditions
Buffer Overflows Lab
Flow Redirection via Stack Overflow
Avoiding Buffer Overflows
Handling Input and Output Securely
Paralyzing Attackers via Input Validation
Blinding Attackers via Output Sanitation
Tools (Hands-on)
Static and Dynamic Analysis and Protection
Security Testing
Risk Management
Managing Security as Risk
Penetration Testing Overview and Lab
URL Encoding Vulnerability
SQL Injection
Ensuring Secure Deployment and Maintenance
Installation, Configuration, and Management
Duration:
2 Days
Price:
$1,700
Submitted by: admin
Hits: 0
@stake's Application Security Principles Course Web Page
|
