Secure Coding Master Course for Banking and Finance

“Money makes the world go round…” – remember? And yes: it is your responsibility to secure all that. As a fintech company you have to take up the challenge, and beat the bad guys with bomb-proof, secure applications!

If there is a domain where security is critical, it is definitely fintech. Vulnerability is not an option if you want to stay a trusted and reliable vendor with systems and applications that certainly comply with PCI-DSS requirements. You need devoted secure coders with high-level professional attitude and developers eager to fight all coding problems: yes, you need a skilled team of software engineers.

Want to know why? Just for the record: even though IT security best practices are widely available, 90% of security incidents stem from common vulnerabilities as a result of ignorance and malpractice. So, you better keep loaded in all possible ways with up to date knowledge about secure coding – unless you wanna cry!

We offer a training program exclusively targeting engineers developing applications for the banking and finance sector. Our dedicated trainers share their experience and expertise through hands-on labs, and give real-life case studies from the banking industry – engaging participants in live hacking fun to reveal all consequences of insecure coding.

Audience

Developers working in the banking finance industry (Fintech)

Course Objectives

Participants attending this course will:

§ Understand basic concepts of security, IT security and secure coding

§ Understand special threats in the banking and finance sector

§ Understand regulations and standards

§ Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

§ Learn client-side vulnerabilities and secure coding practices

§ Understand security concepts of Web services

§ Learn about XML security

§ Learn about JSON security

§ Have a practical understanding of cryptography

§ Understand the requirements of secure communication

§ Understand essential security protocols

§ Understand some recent attacks against cryptosystems

§ Learn about typical coding mistakes and how to avoid them

§ Get information about some recent vulnerabilities in the Java framework

§ Learn about denial of service attacks and protections

§ Get practical knowledge in using security testing techniques and tools

§ Learn how to handle vulnerabilities in the used platforms, frameworks and libraries

§ Get sources and further readings on secure coding practices

Prerequisites

Advanced desktop and Web application development

Outline

§ IT security and secure coding

§ Special threats in the banking and finance sector

§ Regulations and standards

§ Web application security

§ Client-side security

§ Security architecture

§ Object-relational mapping (ORM) security

§ Security of Web services

§ JSON security

§ Requirements of secure communication

§ Practical cryptography

§ Security protocols

§ Cryptographic vulnerabilities

§ Crypto libraries and APIs

§ Input validation

§ Improper use of security features

§ Denial of service

§ Improper error and exception handling

§ Time and state problems

§ Code quality problems

§ Security testing techniques

§ Deployment environment

§ Principles of security and secure coding

§ Knowledge sources