Beyond Ethical Hacking - Advanced Software Security Training Course

Course Code

cl-beh

Duration

35 hours (usually 5 days including breaks)

Overview

Beyond solid knowledge in using security solutions of the applied technologies, even for experienced programmers it is essential to have a deep understanding of the typical attack techniques that are possible due the various vulnerabilities, i.e. security-relevant programming mistakes. This course approaches secure coding from the stand point of the attack techniques, but with the same purpose as any other course of SCADEMY Secure Coding Academy: to learn software security best practices.

General web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained with the most important aim to avoid the associated problems. Besides server side issues (basically following the OWASP Top Ten), a special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5, which is followed by discussing web services and XML security. A brief introduction to the foundations of cryptography provides a common practical baseline for understanding the purpose and the operation of various algorithms.

Specifically for C and C++, we go into more details regarding the exploitation of buffer overflows on the stack and on the heap. After showing the attack techniques, we give an overview of practical protection methods that can be applied at different levels (hardware components, the operating system, programming languages, the compiler, the source code or in production) to prevent the occurrence of the various bugs, to detect them during development and before market launch, or to prevent their exploitation during system operation. Finally, we discuss counter attacks, and then counter-protection measures, highlighting the cat-and-mouse nature of hacking and protection.

Finally, the course explains the most frequent and severe programming flaws in general, by bringing examples in Java, .NET, C and C++ languages and platforms. Besides the typical bugs committed by the programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment or the used libraries. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.

Finally, we present security testing techniques and tools that can be applied to reveal the discussed vulnerabilities, along with the various techniques for reconnaissance, configuration and hardening of the environment.

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn client-side vulnerabilities and secure coding practices
  • Understand security concepts of Web services
  • Have a practical understanding of cryptography
  • Realize the severe consequences of unsecure buffer handling
  • Understand the architectural protection techniques and their weaknesses
  • Learn about typical coding mistakes and how to exploit them
  • Be informed about recent vulnerabilities in various platforms, frameworks and libraries
  • Learn essential vulnerability analysis and testing techniques and tools
  • Get sources and further readings on secure coding practices

Audience

Developers

Course Outline

  • IT security and secure coding
  • Web application security
  • Client-side security
  • Client-side security
  • Security of Web services
  • XML security
  • Practical cryptography
  • x86 machine code, memory layout, stack operations
  • Exploitation of typical coding mistakes
  • Time and state problems
  • Code quality problems
  • Vulnerability testing and analysis
  • Knowledge sources

Testimonials

★★★★★
★★★★★

Course Discounts

Course Discounts Newsletter

We respect the privacy of your email address. We will not pass on or sell your address to others.
You can always change your preferences or unsubscribe completely.

Some of our clients

is growing fast!

We are looking to expand our presence in Estonia!

As a Business Development Manager you will:

  • expand business in Estonia
  • recruit local talent (sales, agents, trainers, consultants)
  • recruit local trainers and consultants

We offer:

  • Artificial Intelligence and Big Data systems to support your local operation
  • high-tech automation
  • continuously upgraded course catalogue and content
  • good fun in international team

If you are interested in running a high-tech, high-quality training and consulting business.

Apply now!