Secure Coding course designed for managers | ||
| Langue : UK | Référence : SC-DM | Durée : 2 jours |
| Formation à distance ou en vos locaux. | Prix : A définir | |
Cette formation est organisée uniquement à la demande d'un client et sera adaptée à ses besoins spécifiques.
Le coût de celle-ci sera donc déterminé par un devis personnalisé (avec This email address is being protected from spambots. You need JavaScript enabled to view it. ou This email address is being protected from spambots. You need JavaScript enabled to view it. au 53 28 20 1).
Ainsi, un grand nombre de nos formations propose une réduction tarifaire.
Veuillez nous contacter pour plus de renseignements.
The course introduces some common security concepts, gives an overview about the nature of the vulnerabilities regardless of the used programming languages and platforms, and explains how to handle the risks that apply regarding software security in the various phases of the software development lifecycle. Without going deeply into technical details, it highlights some of the most interesting and most aching vulnerabilities in various software development technologies, and presents the challenges of security testing, along with some techniques and tools that one can apply to find any existing problems in their code.
o Agenda
o IT security and secure coding
Nature of security
What is risk?
Different aspects of IT security
IT security vs. secure coding
From vulnerabilities to botnets and cybercrime
Nature of security flaws
Reasons of difficulty
From an infected computer to targeted attacks
Cybercrime – an organized network of criminals
The threat landscape
o Security challenges of various platforms – highlights –
Secure coding topics
o C/C++ (native code) secure coding
The function calling mechanism in C/C++ on x86
Buffer overflow on the stack
Overwriting the return address
Exploiting stack overflow – jumping to arbitrary address
Exploiting stack overflow – injecting malicious code
Architecture level mitigation techniques (C/C++)
o Web application security
OWASP Top Ten 2017 (release candidate)
Exercise – SQL injection
Typical SQL Injection attack methods
Blind and time-based SQL injection
Persistent XSS
Reflected XSS
Exercise – Cross Site Scripting
Insecure direct object reference (IDOR)
Clickjacking
Clickjacking
Protection against Clickjacking
Anti frame-busting – dismissing protection scripts
Protection against busting frame busting
Form tampering
Exercise – Form tampering
o Java platform security
Secure coding issues in Java
The Seven Pernicious Kingdoms
Case study – Java Calendar vulnerability
The most exploited flaw in Java at the time
The actual mistake in java.util.Calendar – spot the bug!
A generic Denial of Service attack against the Java environment
The “2.2250738585072012e-308 bug”
Exercise Double Bug
o Challenges of security testing
Functional testing vs. security testing
Security vulnerabilities
Prioritization – risk analysis
o Secure Coding Academy
Trainings of Secure Coding Academy
More than 30 practical remote and classroom trainings
Delivery methods
Practice-oriented trainings with special hands-on exercises
Reasons to attend our trainings
Some reviews from the participants...
• Understand basic concepts of security, IT security and secure coding
• Understand Web vulnerabilities both on server and client side
• Realize the severe consequences of unsecure buffer handling
• Be informated about some recent vulnerabilities in development environments and frameworks
• Learn about typical coding mistakes and how to avoid them
• Understand security testing approaches and methodologies