Advanced Software Security – beyond Ethical Hacking

Are you looking to start your journey towards becoming a security champion?

Despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed. You will be provided with all of the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.

This is a fully customizable 5 day long course ideal for advanced software engineers, or as a perfect complement to a coding bootcamp.

It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.

The secure coders’ community awaits you.

Audience

Software Engineers

Course Objectives

Participants attending this course will:

§ Understand basic concepts of security, IT security and secure coding

§ Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

§ Learn client-side vulnerabilities and secure coding practices

§ Understand security concepts of Web services

§ Learn about XML security

§ Learn about denial of service attacks and protections

§ Have a practical understanding of cryptography

§ Realize the severe consequences of unsecure buffer handling

§ Understand the architectural protection techniques and their weaknesses

§ Learn about typical coding mistakes and how to exploit them

§ Be informed about recent vulnerabilities in various platforms, frameworks and libraries

§ Get practical knowledge in using security testing techniques and tools

§ Learn how to handle vulnerabilities in the used platforms, frameworks and libraries

§ Get sources and further readings on secure coding practices

Prerequisites

Advanced and general software development

Outline

§ IT security and secure coding

§ Web application security

§ Client-side security

§ Security of Web services

§ XML security

§ Denial of service

§ Practical cryptography

§ x86 machine code, memory layout and stack operations

§ Buffer overflow and its exploitation

§ Exploitation of typical coding mistakes

§ Time and state problems

§ Code quality problems

§ Security testing techniques

§ Deployment environment

§ Knowledge sources