Average Rating: 0.00/10
(# Rating Votes: 0 | Rate This Course | Contribute a Review )
Short Description:
A course designed to address security problems in application code during the development cycle to prevent security flaws from creeping into applications.
Full Description:
The security industry has already moved to the next level in the “arms-race” between hackers and corporations. Most companies have locked down their Internet hosts at the network and host level by blocking network born attacks with firewalls and keeping hosts patched from vulnerabilities. As it has become more difficult to attack corporations using published vulnerabilities, many skilled hackers are switching to attacking web vulnerabilities in applications. Flaws in the design and implementation of application software have fallen through the cracks of the security reviews of most companies, and this is where hackers are focusing their efforts.
In response to this shift in the arms-race, Foundstone has provided application security assessments for numerous corporations over the past few years and have identified common security flaws in many applications. More importantly, we have formulated countermeasures to defend against these types of attacks. The result is Secure Coding, a course designed to address security problems in application code during the development cycle to prevent security flaws from creeping into applications.
This course qualifies for up to 24 hours of CPE for CISSP/SSCP and 21 hours of CE for CISA/CISM holders.
What You Will Learn?
As a security professional, you will learn how to design and implement secure applications by getting first-hand knowledge of the best and most current security practices used in designing applications. Common security pitfalls are identified and are shown how to be avoided while building applications, including details about buffer overflow exploits, cross-site scripting, SQL injection, and input validation attacks. Also, you will learn about available automated tools that can be used to help audit secure programming.
Why Do We Teach This?
By designing security into an application, most attacks can be thwarted. Corporations should take a proactive stance against attacks and this course is specifically designed as a countermeasure to possible threats.
Who Teaches the Class?
Instructors for this course are Foundstone's management team and training staff. Collectively, they have performed hundreds of Web and e-commerce security assessments, as well as managed security programs at Big 5 accounting firms, within the United States Air Force, and on Wall Street. Foundstone instructors authored the best-selling Hacking Exposed: Network Security Secrets & Solutions, one of the industry's most popular and respected computer-security guides.
Who Should Take the Course?
If you are security personnel, an auditor, a web designer, and /or project manager interested in application security, then you should take this course. The course is highly technical and will go into detail on topics such as buffer overflows, input validation, cross-site scripting, and SQL injection. Code snippets will be introduced during the class and knowledge of C and C++ programming languages is required.
Topics
Authentication
Authorization
Buffer Overflow Attacks
Format String Vulnerabilities
Input Validation
SQL Injection
Cross Site Scripting
Canonicalization
Best Practices
Security Testing
Code Reviews
Tools
Lab Exercises
Code snippets will be introduced throughout the class and students will be expected to identify security bugs in the code.
What Do You Get?
Includes an individual dual-boot Windows/Linux laptop for use during the course, use of the lab network and computers, class handouts, and a CD-ROM with course tools and scripts. Breakfast and an afternoon snack are provided.
Duration:
3 days
Price:
$3295
Submitted by: admin
Hits: 0
Foundstone's Ultimate Hacking: Secure Coding Course Web Page
|
