|Secure Coding - that means developing computer software in such a way that it is protected against security breaches! Defects, bugs and errors (Logik, Out of Bound, Systemebene, Workflow, Funktion, etc.) are the main cause of exploited software vulnerabilities. But most vulnerabilities are due to a relatively small number of common software programming errors. You will learn how to avoid them and what is important to consider in this 4-day training course.|
Numerous practical exercises help you to directly apply and consolidate the knowledge you have acquired.
|The training SC970 Secure Coding is suitable for:
- Software Entwickler (Web)
- Software Architekten
- Cloud Architekten
|To be able to follow the course content and the pace of learning in the workshop SC970 Secure Coding, general programming knowledge and basic knowledge of web development are required.|
|The course Secure Coding (SC970) offers:
The workshop SC970 Secure Coding teaches the basics of developing secure software and how to identify and avoid security gaps in software development. You will get a good introduction and overview of secure coding.
- Conveying the security concept throughout the entire life cycle of a software product
- Recognition and avoidance of vulnerabilities in software development
- Pointing out frequently made security-relevant errors
- Teaching of best practices for the avoidance of safety-relevant errors
|duration: 4 days|
price: 2790,- Euro + VAT
You can find the print view here.
|Will be scheduled on request|
Please let us know here, when you prefer to have this workshop!
- Intro: Why secure development is important?
- Presentation of major security vulnerabilities and data breaches
- Risks for companies
- Introduction to Risk Management
- Identify risks
- Classify risks
- Essentials – Do's and Don'ts in Software Development
- Software Development Lifecycle (SDL)
- Secure Software Concepts
- Secure Software Requirements
- Secure Software Design
- Secure Software Implementation/Programming
- Secure Software Testing
- Software Lifecycle Management
- Software Deployment, Operations and Maintenance
- Supply Chain and Software Acquisition
- Source Code Review
- Best Practices im Source Code Review
- Web and Embedded Developer – Threats and Vulnerabilities
- OWASP Top 10
- Short introduction to the most common classes of vulnerabilites.
- Introduction to Web Interception Proxies
- Short introduction to Burp Suite in the pre-installed environment
- Tools of the trade (sqlmap, dirbuster, …)
- What can certain "hacking" tools do and how do I use them (required for "hands on" parts).
- Hands on Hacking (Insecure Example Application)
- Juice Shop Introduction, Challenges und CTF (partly freely designable by the participants but also guided attacks with the instructor)
- Finding Bugs in Open Source Applications (Real World Hacking)
- 0day Hunting in Open Source Application
- Enumeration techniques (DNS, application mapping, …)
- Find out as much as possible about an application
- Find "secret" parts of the application-OSINT (Open Source Intelligence)
- OSINT (Open Source Intelligence) – Using public information to attack software
- Examples of leaked secrets (github commits), Repos on webservers, questions in forums and much more
- Using insecure dependencies to attack secure software
- Third Party Module/Libraries
- Supply Chain attacks in the wild
- Manipulation of open source projects to attack secure applications, demonstrated with real-world examples
- Presentation of some anonymized penetration test reports
- Analysis of the found gaps and recommendations for fixes
- Web Developer - Prevention
- Best Practices for secure web applications (Depending on programming language)
- Static code analysis
- Dynamic code analysis
- Spotting bugs in application logic
- Third Party Libraries and dependency management
- Keeping the impact low
- Many practical exercises for the individual modules.