Secure Coding

The target of the secure coding course is to allow candidates acquire necessary security knowledge for developing more secure software. Most popular application security attacks will be illustrated. In addition, best security practices for secure software development will be explained in order to counter security attacks. Students will learn how to integrate security early in the software development lifecycle (SDLC). Demos and exercises will be utilized in order to put hands on experience on the topics presented. Real life cases will be discussed in order to relate the topics with real incidents.

course syllabus

Security Analysis

  • Security Goals
  • Threat Modeling
  • Security requirements

Secure Design & Implementation

  • Authentication
  • Brute force Attacks
  • Authentication Bypass
  • Insecure Credentials
  • Authorization
  • Direct Access to Critical Resources
  • Parameter Manipulation
  • Advanced Logic Attacks
  • Session Management
  • Session Hijacking
  • Session Fixation
  • Cross-Site Request Forgery (CSRF)

Secure Design & Implementation

  • Data Validation
  • SQL Injection
  • Cross-Site Scripting (XSS)
  • LDAP injection
  • Directory Traversal
  • OS Commanding
  • Buffer overflow
  • App Components Communication
  • Unauthorized Access to APIs
  • Sniffing Sensitive Data

Data Storage and Cryptography

Error Handling and Logging

Security Code Review

  • Validation on Security Controls
    • Authentication
    • Authorization
    • Data Validation
    • Session Management
    • App Components Communication
    • Data Storage and Cryptography
    • Error Handling and Logging
  • Static Code Scanning Tools
    • NET
    • CodePro Analytix
    • HP Fortify SCA
  • Capture the flag

Who Should Attend?

  • Programmers & Software Quality Assurance Professionals.
  • Information Security Engineers.
  • System Analysts & Software Developers.
  • Employees who need a basic understanding of secure coding best practices.

Apply Now