“Money makes the world go round…” – remember? And yes: it is your responsibility to secure all that. As a fintech company you have to take up the challenge, and beat the bad guys with bomb-proof, secure applications!
If there is a domain where security is critical, it is definitely fintech. Vulnerability is not an option if you want to stay a trusted and reliable vendor with systems and applications that certainly comply with PCI-DSS requirements. You need devoted secure coders with high-level professional attitude and developers eager to fight all coding problems: yes, you need a skilled team of software engineers.
Want to know why? Just for the record: even though IT security best practices are widely available, 90% of security incidents stem from common vulnerabilities as a result of ignorance and malpractice. So, you better keep loaded in all possible ways with up to date knowledge about secure coding – unless you wanna cry!
We offer a training program exclusively targeting engineers developing applications for the banking and finance sector. Our dedicated trainers share their experience and expertise through hands-on labs, and give real-life case studies from the banking industry – engaging participants in live hacking fun to reveal all consequences of insecure coding.
Audience
Developers working in the banking finance industry (Fintech)
Course Objectives
Participants attending this course will:
§ Understand basic concepts of security, IT security and secure coding
§ Understand special threats in the banking and finance sector
§ Understand regulations and standards
§ Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
§ Learn client-side vulnerabilities and secure coding practices
§ Understand security concepts of Web services
§ Learn about XML security
§ Learn about JSON security
§ Have a practical understanding of cryptography
§ Understand the requirements of secure communication
§ Understand essential security protocols
§ Understand some recent attacks against cryptosystems
§ Learn about typical coding mistakes and how to avoid them
§ Get information about some recent vulnerabilities in the Java framework
§ Learn about denial of service attacks and protections
§ Get practical knowledge in using security testing techniques and tools
§ Learn how to handle vulnerabilities in the used platforms, frameworks and libraries
§ Get sources and further readings on secure coding practices
Prerequisites
Advanced desktop and Web application development
Outline
§ IT security and secure coding
§ Special threats in the banking and finance sector
§ Regulations and standards
§ Web application security
§ Client-side security
§ Security architecture
§ Object-relational mapping (ORM) security
§ Security of Web services
§ JSON security
§ Requirements of secure communication
§ Practical cryptography
§ Security protocols
§ Cryptographic vulnerabilities
§ Crypto libraries and APIs
§ Input validation
§ Improper use of security features
§ Denial of service
§ Improper error and exception handling
§ Time and state problems
§ Code quality problems
§ Security testing techniques
§ Deployment environment
§ Principles of security and secure coding
§ Knowledge sources