Hotline: 1800 PROGRESO (1800 776 4737)


Secure Coding Bootcamp
 
The workshop is a combination of lecture, security testing and code review. You will learn the most common threats against applications. More importantly, you learn how to design and code secure web solutions via defense based code samples, an exploration into the use of third-party security libraries and secure design review. Participants will also work together on various secure coding and hacking labs as a class.
 
This intensive workshop will also highlight production quality API’s from various languages, frameworks, and 3rd party libraries that provide production quality and scalable security controls.
 
This workshop will include secure coding information for PHP and.NET programmers, but any software developer building web applications, webservices or mobile applications will benefit greatly.
 
 
Who Should Attend
Any web application developer or architect, web security professionals and development managers who are tasked with building secure web applications, web services and mobile applications.
 
Course Outline
Build injection-safe server-side applications
This topic shall detail the possible area of code injection in any given application and methods used by attackers to privilege escalate or vulnerability finding in an application (Lab Available).
 
Build modern access control functionality for multi-tenant data-driven applications
This topic shall discuss in detail typical technology in place such as Selinux,and boundry allocation for critical service application.
 
Build an injection safe user interface 
Predominantly this topic shall discuss the topic of secure coding practices and auditing strategies on preventive measures.
 
Build a secure authentication mechanism
Secure Password Mechanism shall be discussed and modern method of ensuring confidentiality.
 
Store passwords securely
Types of strategies of password storage and password management criteria shall be demonstrated in this module (LAB available).
 
Build multi-factor authentication mechanisms
Utilising RBAC / DAC and MAC based Access control mechanism. Lab environment shall demonstrate how these strategies could be implemented.
 
Understand the limits of HTTPS and what to do about it
This module of HTTPS shall discuss the common vulnerability and techniques used by perpetrators to circumvent security measures.
 
Implement multi-layered CSRF and Clickjacking protection
Detailed policies and best code review practices shall be discussed underlining the common mistakes done by application developers.
 
Build HTML5 clients securely
We shall discuss the Secure by Design application concept on how to leverage THIN HTML5 clients while maintaining highly functional business application.
 
Implement modern security HTTP Headers
Modifying headers of HTTP request and reply of web servers could prove to be vital in preventing attackers to identify the running web servers and application version. Hence it would circumvent attackers from gaining intelligence of the target. This topic shall demonstrate just that (Lab Available).
 
Implement modern symmetric cryptographic storage
An architectural decision must be made to determine the appropriate method to protect data at rest. There are such wide varieties of products, methods and mechanisms for cryptographic storage. We shall detail on this perspective both on Commercial and Open Source solutions.
 
Build security into various stages of the SDLC
This topic should cover on both theoretical and best practices discussion of Secure Development Life Cycle
 
Build a secure mobile application
Theory and Best Practices Discussion of Mobile Secure Development Life Cycle
 
 
Contact Progreso Training for more information.
 

 

Download Course Brochure Course Schedule
Related Courses
Information Systems Security Officer (CISSO)
The C)ISSO is designed for forward-thinking security professionals that want the advanced skillset necessary to manage and consult businesses on...
Penetration Testing Engineer (CPTE)
The Certified Penetration Testing Engineer course trains students on the 5 key elements of penetration testing: information gathering, scanning,...
Certified Penetration Testing Consultant (CPTC) - Live Virtual Training
The C)PTC is designed for cyber security professionals and IT network administrators who are interested in conducting Penetration tests against...
Certified Disaster Recovery Engineer (CDRE) - Live Virtual Training
The Certified Disaster Recovery Engineer certification course will prepare individuals to help their business handle the unexpected, while...
Certified Digital Forensics Examiner (CDFE) - Live Virtual Training
The Certified Digital Forensics Examiner course will benefit organizations, individuals, government offices, and law enforcement agencies in...
Certified Network Forensics Examiner (CNFE) - Live Virtual Training
The Certified Network Forensics Examiner will take your digital forensic skill set to the next level by navigating through over twenty modules of...
Certified Secure Web Application Engineer (CSWAE) - Live Virtual Training
The Certified Secure Web Application Engineer course is designed to equip students with the knowledge and tools needed to identify and defend...
Certified Incident Handling Engineer (CIHE) - Live Virtual Training
The Certified Incident Handling Engineer course is designed to help incident handlers, system administrators, and general security engineers...
Certified Wireless Security Engineer (CWSE)
The Certified Wireless Security Engineer is prepared to identify those risk that wireless networks present for a business and to create and...
Certified Security Sentinel (CSS)
The Certified Security Sentinel certification course trains students on how attacks are performed, how to identify an attack, and how to secure...
Certified Vulnerability Assessor (CVA)
The Certified Vulnerability Assessor training help students understand the importance of vulnerability assessments.
Certified Security Leadership Officer (CSLO) - Live Virtual Training
The Certified Security Leadership Officer course is designed to give management an essential understanding of current security issues, best...
Certified Professional Ethical Hacker (CPEH) - Live Virtual Training
The Certified Professional Ethical Hacker course is the introductory training to mile2’s line of penetration testing courses and certifications.
Certified Virtual Machine Engineer (CVME 5.5)
The Certified Virtual Machine Engineer course is designed for those who need to understand virtualization and the impacts it can have on an...
Certified Information Security Management Systems - Lead Auditor (CISMS-LA) - Live Virtual Training
The Certified Information Security Management Systems—Lead Auditor certification course prepares students to competently lead audits of...
Certified Information Security Management Systems Lead Implementer (CISMS-LI) - Live Virtual Training
The Certified Information Security Management Systems—Lead Implementer certification course prepares students to help any organization through...
Fundamentals of Cybersecurity Incident Handling
Basic introduction to the main incident handling tasks and critical thinking skills that will help an incident handler perform their daily work.
Protect Yourself and Your Organization From Cyber Threats (Workshop)
In this series of technology security workshops, we aim to provide critical information and best practices on how to detect  & response to the...
 
Your Name
Contact No
E-mail
Subject
Message
Text Limit :
Security Code
 
10
824
96