Fundamentals of Secure Application Development Classroom Live Atlanta, GA May 21, 2020

Price: $1,300

This course runs for a duration of 2 Days.

The class will run daily from 8:30 am EST to 4:30 pm EST.

Class Location: Atlanta - Atlanta, GA.

Enroll today to reserve your spot!

Space is limited. Enroll today.

Enroll Now

Description

The rules of information security aren’t what they used to be. Hackers aren’t kids in basements–they’re state sponsored professionals and organized criminal groups all around the world. They break into systems and steal data any way they can.

Unfortunately, the vast majority of hacks are not due to insecure networks or misconfigured firewalls; they are a result of common software flaws that get coded into applications. Even with good information security policy and staff, the reality is that software developers are often underserved when it comes to security strategy. If their applications get built without attention to good software security practices, risk gets passed downstream and by the time an incident occurs it’s too late to be proactive.

From proactive requirements to coding and testing, this course covers the best practices any software developer needs to avoid opening up their users, customers and organization to attack at the application layer. We teach only constantly updated best practices, and our experts answer your questions live in class. Return to work ready to build higher quality, more robustly protected applications.

Who Should Attend

  • Application Development Managers
  • Software Engineers and Developers
  • CISOs, CISAs and Security Professionals
  • Software Testers
  • QA Managers, Directors and Staff
  • Test Management
  • Business Analysts
  • Project Managers
  • IT Specialists (Security, Capacity Management, Networking…)

Course Overview

  • Part 1: Secure Software Development

  • Assets, Threats & Vulnerabilities
  • Security Risk Analysis (Bus & Tech)
  • Secure Dev Processes (MS, BSI…)
  • Defense in Depth
  • Approach for this course
  • Introductory Case Study

    Part 2: The Context for Secure Development

  • Assets to be protected
  • Threats Expected
  • Security Imperatives (int&external)
  • Organization's Risk Appetite
  • Security Terminology
  • Organizational Security Policy
  • Security Roles and Responsibilities
  • Security Training for Roles
  • Generic Security Goals & Requirements
  • Exercise: Our Own Security Context

    Part 3: Security Requirements

  • Project-Specific Security Terms
  • Project-Related Assets & Security Goals
  • Product Architecture Analysis
  • Use Cases & MisUse/Abuse Cases
  • Dataflows with Trust Boundaries
  • Product Security Risk Analysis
  • Elicit, Categorize, Prioritize SecRqts
  • Validate Security Requirements
  • Exercise: Managing Security Requirements

    Part 4: Designing Secure Software

  • High-Level Design
    • Architectural Risk Analysis
    • Design Requirements
    • Analyze Attack Surface
    • Threat Modeling
    • Trust Boundaries
    • Eliminate Race Objects
  • Detail-Level Design
    • Secure Design Principles
    • Use of Security Wrappers
    • Input Validation
    • Design Pitfalls
    • Validating Design Security
    • Pairing Mem Mgmt Functions
    • Exclude User Input from format strings
    • Canonicalization
    • TOCTOU
    • Close Race Windows
    • Taint Analysis
  • ‚ÄčExercise: A Secure Software Design, Instructor Q and A

    Part 5: Writing Secure Code

  • Coding
    • Developer guidelines & checklists
    • Compiler Security Settings (per)
    • Tools to use
    • Coding Standards (per language)
    • Common pitfalls (per language)
    • Secure/Safe functions/methods
      • Stack Canaries
      • Encrypted Pointers
      • Memory Initialization
      • Function Return Checking (e.e. malloc)
      • Dereferencing Pointers
    • Integer type selection
      • Range Checking
      • Pre/post checking
    • Synchronization Primitives
  • Early Verification
    • Static Analysis (Code Review w/tools)
    • Unit & Dev Team Testing
    • Risk-Based Security Testing
    • Taint Analysis
  • Exercise: Secure Coding Q and A

    Part 6: Testing for Software Security

  • Assets to be protected
  • Threats Expected
  • Security Imperatives (int&external)
  • Organization's Risk Appetite
  • Static Analysis
  • Dynamic Analysis
  • Risk-Based Security testing
  • Fuzz Testing (Whitebox vs Blackbox)
  • Penetration Testing (Whitebox vs Blackbox)
  • Attack Surface Review
  • Code audits
  • Independent Security Review
  • Exercise: Testing Software for Security

    Part 7: Releasing & Operating Secure Software

  • Incident Response Planning
  • Final Security Review
  • Release Archive
  • OS Protections:
    • Address Space Layout Randomization
    • Non-Executable Stacks
    • W^X
    • Data Execution Prevention
  • Monitoring
  • Incident Response
  • Penetration Testing
  • Exercise: A Secure Software Release

    Part 8: Making Software Development More Secure

  • Process Review
  • Getting Started
  • Priorities
  • Exercise: Your Secure Software Plan

Other Available Dates for this Course

Virtual Classroom Live
April 16, 2020

$1,300.00
2 Days    8:30 am EST - 4:30 pm EST
view class details and enroll
Virtual Classroom Live
May 21, 2020

$1,300.00
2 Days    8:30 am EST - 4:30 pm EST
view class details and enroll
Classroom Live
June 18, 2020

Dallas, TX
$1,300.00
2 Days    8:30 am CST - 4:30 pm CST
view class details and enroll
Virtual Classroom Live
June 18, 2020

$1,300.00
2 Days    8:30 am CST - 4:30 pm CST
view class details and enroll
Virtual Classroom Live
July 23, 2020

$1,300.00
2 Days    8:30 am EST - 4:30 pm EST
view class details and enroll
Classroom Live
July 23, 2020

Columbus, OH
$1,300.00
2 Days    8:30 am EST - 4:30 pm EST
view class details and enroll
Classroom Live
August 20, 2020

Phoenix, AZ
$1,300.00
2 Days    8:30 am PST - 4:30 pm PST
view class details and enroll
Virtual Classroom Live
August 20, 2020

$1,300.00
2 Days    8:30 am PST - 4:30 pm PST
view class details and enroll
Classroom Live
September 17, 2020

Austin, TX
$1,300.00
2 Days    8:30 am CST - 4:30 pm CST
view class details and enroll
Virtual Classroom Live
September 17, 2020

$1,300.00
2 Days    8:30 am CST - 4:30 pm CST
view class details and enroll
Classroom Live
October 15, 2020

Cincinnati, OH
$1,300.00
2 Days    8:30 am EST - 4:30 pm EST
view class details and enroll
Virtual Classroom Live
October 15, 2020

$1,300.00
2 Days    8:30 am EST - 4:30 pm EST
view class details and enroll
Classroom Live
November 12, 2020

San Francisco, CA
$1,300.00
2 Days    8:30 am PST - 4:30 pm PST
view class details and enroll
Virtual Classroom Live
November 12, 2020

$1,300.00
2 Days    8:30 am PST - 4:30 pm PST
view class details and enroll
Classroom Live
December 17, 2020

Phoenix, AZ
$1,300.00
2 Days    8:30 am PST - 4:30 pm PST
view class details and enroll
Virtual Classroom Live
December 17, 2020

$1,300.00
2 Days    8:30 am PST - 4:30 pm PST
view class details and enroll