Secure Coding Bootcamp
The workshop is a combination of lecture, security testing and code review. You will learn the most common threats against applications. More importantly, you learn how to design and code secure web solutions via defense based code samples, an exploration into the use of third-party security libraries and secure design review. Participants will also work together on various secure coding and hacking labs as a class.
This intensive workshop will also highlight production quality API’s from various languages, frameworks, and 3rd party libraries that provide production quality and scalable security controls.
This workshop will include secure coding information for PHP and.NET programmers, but any software developer building web applications, webservices or mobile applications will benefit greatly.
Who Should Attend
Any web application developer or architect, web security professionals and development managers who are tasked with building secure web applications, web services and mobile applications.
Build injection-safe server-side applications
This topic shall detail the possible area of code injection in any given application and methods used by attackers to privilege escalate or vulnerability finding in an application (Lab Available).
Build modern access control functionality for multi-tenant data-driven applications
This topic shall discuss in detail typical technology in place such as Selinux,and boundry allocation for critical service application.
Build an injection safe user interface
Predominantly this topic shall discuss the topic of secure coding practices and auditing strategies on preventive measures.
Build a secure authentication mechanism
Secure Password Mechanism shall be discussed and modern method of ensuring confidentiality.
Store passwords securely
Types of strategies of password storage and password management criteria shall be demonstrated in this module (LAB available).
Build multi-factor authentication mechanisms
Utilising RBAC / DAC and MAC based Access control mechanism. Lab environment shall demonstrate how these strategies could be implemented.
Understand the limits of HTTPS and what to do about it
This module of HTTPS shall discuss the common vulnerability and techniques used by perpetrators to circumvent security measures.
Implement multi-layered CSRF and Clickjacking protection
Detailed policies and best code review practices shall be discussed underlining the common mistakes done by application developers.
Build HTML5 clients securely
We shall discuss the Secure by Design application concept on how to leverage THIN HTML5 clients while maintaining highly functional business application.
Implement modern security HTTP Headers
Modifying headers of HTTP request and reply of web servers could prove to be vital in preventing attackers to identify the running web servers and application version. Hence it would circumvent attackers from gaining intelligence of the target. This topic shall demonstrate just that (Lab Available).
Implement modern symmetric cryptographic storage
An architectural decision must be made to determine the appropriate method to protect data at rest. There are such wide varieties of products, methods and mechanisms for cryptographic storage. We shall detail on this perspective both on Commercial and Open Source solutions.
Build security into various stages of the SDLC
This topic should cover on both theoretical and best practices discussion of Secure Development Life Cycle
Build a secure mobile application
Theory and Best Practices Discussion of Mobile Secure Development Life Cycle
Contact Progreso Training for more information.
Download Course Brochure Course Schedule
|Copyright © 2017 Progreso Training Pte Ltd. All Rights Reserved.|