Secure Coding

Secure Development: .NET Applications [+] Read more[-] Read less Request course syllabus

Introduction:

ZINAD Secure Development: .NET Applications is a highly practical, interactive training that focuses on secure coding techniques and methodologies that can be immediately applied in your applications. This course uses real-world examples, walking through real code samples, using live applications. Participants will learn how to discover, debug, and mitigate these flaws through better coding best practices. Training covers how to secure applications from design flaws, memory corruption, and how to perform operational review.

At the end of this course, you will:

  • Know how to identify security flaws in .NET applications
  • Be able to Devise fixes for flaw
  • Know how to perform security testing
  • Understand basics for how to conduct code reviews
  • Be able to follow the new discovered threats and be updated with new techniques
  • Know how to write code to avoid introducing vulnerabilities

What will you get

  • Printed materials for secure development training
  • Virtual machine includes all labs, vulnerable and remediated codes
  • 2 hours practical exam after training
  • Certification of completion

Required Background

To successfully complete this course, you must have:
  • At least one year experience with .NET development

Topics Covered

  1. Introduction to application security
  2. Data Validation Related Threats
  3. Data Validation Threats Mitigation
  4. .NET output encoding
  5. .NET Dynamic SQL Queries Threats
  6. .NET secure file handling
  7. .NET session management threats
  8. Session management threats Mitigation
  9. .NET Authentication
  10. .NET Authorization
  11. Application Denial of Service vulnerabilities
  12. Application auditing & logging
  13. Error/Exception handling
  14. .NET cryptography
  15. SDL – Secure Development Lifecycle
  16. Secure Code Review
Secure Development: PHP Applications [+] Read more[-] Read less Request course syllabus

Introduction:

ZINAD Secure Development (PHP Applications) is a highly practical, interactive training that focuses on secure coding techniques and methodologies that can be immediately applied in your applications. This course uses real-world examples, walking through real code samples, using live applications. Participants will learn how to discover, debug, and mitigate these flaws through better coding best practices. Training covers how to secure applications from flaws found on the OWASP Top 10 and CWE/SANS Top 25 most dangerous programming errors.

At the end of this course, you will:

  • Know how to identify security flaws in PHP applications
  • Be able to Devise fixes for flaw
  • Know how to perform security testing
  • Understand basics for how to conduct code reviews
  • Be able to follow the new discovered threats and be updated with new techniques
  • Know how to write code to avoid introducing vulnerabilities

What will you get

  • Printed materials for secure development training
  • Virtual machine includes all labs, vulnerable and remediated codes
  • 2 hours practical exam after training
  • Certification of completion

Required Background

To successfully complete this course, you must have:
  • At least one year experience with PHP web development
  • Apache, Databases (MySQL) & SQL language background

Topics Covered

  1. Introduction to application security
  2. Data Validation Related Threats
  3. Data Validation Threats Mitigation
  4. PHP output encoding
  5. PHP Dynamic SQL Queries Threats
  6. PHP secure file handling
  7. PHP session management threats
  8. Session management threats Mitigation
  9. PHP Authentication
  10. PHP Authorization
  11. PHP Configuration Security
  12. Threading and Security
  13. Application Denial of Service vulnerabilities
  14. Application auditing & logging
  15. Error/Exception handling
  16. PHP cryptography
  17. SDL – Secure Development Lifecycle
  18. Secure Code Review
Secure Development: Java Applications [+] Read more[-] Read less Request course syllabus

Introduction:

ZINAD Secure Development: Java/J2EE Applications is a highly practical, interactive training that focuses on secure coding techniques and methodologies that can be immediately applied in your applications. This course uses real-world examples, walking through real code samples, using live applications. Participants will learn how to discover, debug, and mitigate these flaws through better coding best practices. Training covers how to secure applications from flaws found on the OWASP Top 10 and CWE/SANS Top 25 most dangerous programming errors.

At the end of this course, you will:

  • The process and techniques of writing secure code
  • Know how to identify security flaws in Java/J2EE applications
  • Be able to Devise fixes for flaw
  • Know how to perform security testing
  • Understand basics for how to conduct code reviews
  • Be able to follow the new discovered threats and be updated with new techniques
  • Know how to write code to avoid introducing vulnerabilities

What will you get

  • Printed materials for secure development training
  • Virtual machine includes all labs, vulnerable and remediated codes
  • 1 hour practical exam after training
  • Certification of completion

Required Background

To successfully complete this course, you must have:
  • Experiences with Java programming
  • At least one year experience with J2EE web development
  • Jboss, Databases (MS SQLServer) & SQL language background

Topics Covered

  1. Introduction to application security
  2. Data Validation Related Threats
  3. Data Validation Threats Mitigation
  4. Output encoding
  5. Dynamic SQL Queries Threats
  6. J2EE secure file handling
  7. J2EE session management threats
  8. Session management threats Mitigation
  9. J2EE Authentication
  10. J2EE Authorization
  11. Infrastructure Security
  12. Java Security
  13. Threading and Security
  14. Application Denial of Service vulnerabilities
  15. Application auditing & logging
  16. Error/Exception handling
  17. Cryptography
  18. SDL – Secure Development Lifecycle
  19. Secure Code Review
  20. Secure Coding Hands-on
Web application Security: Introduction
Web Application security: Advanced Penetration Testing

All the topics covered in each course have practical lab at the end of the topic, and the final day includes a five hours hands-on practical implementation of every technique covered in the course.

For more information about courses schedule or syllabus please contact us at:
training [at] ZINAD [dot] net