As a developer, your duty is to write bulletproof code. However…
What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed?
This advanced course will change the way you look at code. A hands-on training during which we will teach you all of the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.
It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.
Audience
§ C/C++ Developers
§ Software Architects
§ Testers
Course Objectives
Participants attending this course will:
§ Understand basic concepts of security, IT security and secure coding
§ Realize the severe consequences of unsecure buffer handling
§ Understand the architectural protection techniques and their weaknesses
§ Learn about typical coding mistakes and how to avoid them
§ Be informed about recent vulnerabilities in various platforms, frameworks and libraries
§ Understand the requirements of secure communication
§ Have a practical understanding of cryptography
§ Understand essential security protocols
§ Understand some recent attacks against cryptosystems
§ Learn about denial of service attacks and protections
§ Learn about XML security
§ Understand security testing approaches and methodologies
§ Get practical knowledge in using security testing techniques and tools
§ Learn how to handle vulnerabilities in the used platforms, frameworks and libraries
§ Get sources and further readings on secure coding practices
Prerequisites
Advanced C/C++ development
Outline
§ IT security and secure coding
§ x86 machine code, memory layout and stack operations
§ Buffer overflow
§ Common coding errors and vulnerabilities
§ Requirements of secure communication
§ Practical cryptography
§ Security protocols
§ Denial of service
§ XML security
§ Security testing
§ Security testing techniques
§ Deployment environment
§ Principles of security and secure coding
§ Knowledge sources