title
Please take a moment to fill out this form. We will get back to you as soon as possible.
All fields marked with an asterisk (*) are mandatory.
Secure Coding
Course Description
Overview
Cybersecurity has risen to the top priority discussion items, and it is the subject of the US-Russia presidential communications. The number of ransomware attacks doubled in the past year, and other attacks are on the rise.This is an introductory-intermediate course that will teach secure coding practices. This course teaches a comprehensive approach to cybersecurity. It starts with threat modeling, creating the lay of the land. It then continues with common attacks, with the principles of designing secure multi-layer systems, and goes into the details of secure coding for the target languages.
Also included are securing runtime environments and modern security frameworks.
Objectives
Audience
Prerequisites
- Recommended: Cybersecurity awareness
- Comfortable developing code in the target environment
Topics
- STRIDE attack classification
- Security terminology
- Threat modeling
- CVSS attack assessment
- Labs on threat modeling
- Cross site scripting
- Malicious file execution
- Session hijacking
- Encryption
- Unsecured direct object reference
- Failure to authorize/hidden URLs
- Cross site request forgery (CSRF)
- Security at high level, all the way from testing, deployment, and maintenance (Start from non-functional requirements)
- Layered design concepts
- Object layer
- Persistence layer
- Presentation layer
- Validation
- Validation controls
- Strong typing
- Regular expressions
- White list
- Scrubbing
- Black list
- Encoding
- CAPTCHA
- Honey pots
- Avoiding SQL injection
- Parametrizing queries/Prepared statements
- Stored procedures
- Entity Frameworks/Hibernate
- Avoiding cross site request forgeries
- Introduction to modern frameworks
- Modern security design patterns
- Where to go from here
- SSO (at least high-level)
- Spring security
- .NET authentication (just mention)
- Basic & Digest
- Forms
- Windows authentication (just mention)
- JAAS and other Java authentication services
- Authorization
- Password security
- Brute force attacks
- Password resets
- Secret questions/answers
- SSL/TLS
- Perfect Secrecy
- Asymmetric and symmetric encryption
- Session IDs
- Policies
- Hijacking/Fixation Attacks
- Threading
- Privileges
- Audits/Logs
- Secure coding
- Encryption services
- Static code analysis
- Securing the API (both publishing and consuming API)
- JWT
- Dynamic code analysis (e.g. with Spotbugs)
- Spring boot
- .NET (mention)
- Code Access
- GAC
- Strong named assemblies
- CLR
- Security Zones
- Permissions
- Security policy
- Zero-trust networks
- Artificial intelligence
- Quantum computing / cryptography
Related Courses
-
Cyber Secure Coder Certified CSC (Exam CSC-210)
CNX0032- Duration: 3
- Delivery Format: Classroom Training, Online Training
- Price: 2,100.00 USD
-
Certified Dark Web Analyst Common Body of Knowledge 5th Edition
035144SE- Duration: 5
- Delivery Format: Classroom Training, Online Training
- Price: 3,500.00 USD
Self-Paced Training Info
Learn at your own pace with anytime, anywhere training
- Same in-demand topics as instructor-led public and private classes.
- Standalone learning or supplemental reinforcement.
- e-Learning content varies by course and technology.
- View the Self-Paced version of this outline and what is included in the SPVC course.
- Learn more about e-Learning
Course Added To Shopping Cart
bla
bla
bla
bla
bla
bla
Self-Paced Training Terms & Conditions
Exam Terms & Conditions
Sorry, there are no classes that meet your criteria.
Please contact us to schedule a class.
STOP! Before You Leave
Save 0% on this course!
Take advantage of our online-only offer & save 0% on any course !
Promo Code skip0 will be applied to your registration
Purchase Information
title
Please take a moment to fill out this form. We will get back to you as soon as possible.
All fields marked with an asterisk (*) are mandatory.