Learning Course Curriculum

Size: px
Start display at page:

Download "Learning Course Curriculum"

Transcription

1 Learning Course Curriculum Security Compass Training Learning Curriculum. Copyright Security Compass. 1

2 It has long been discussed that identifying and resolving software vulnerabilities at an early stage is one of the best ways to reduce the costs, and risks present in any software application. Learning Curriculum. Copyright Security Compass. 2

3 Training Options At Security compass, we offer a variety of training options to meet your needs: On-site Instructor led training Live instructor on-site at your location delivering training to your staff Our instructors are seasoned pen-testers arming your staff with best practices to securing your information and the latest threat vectors Our instructors draw on scenarios that are relevant to your organization to help students connect with the risks in your own organization Ability for your staff to mingle, meet and embrace IT Security concepts as a team, fostering growth and networking with peers Training to address PCI compliance is offered with some of our courses Eligibility for CPE credits for students who have certifications (CISSP, CISA, etc.) Remote Instructor led training Training performed through a remote WebEx session with a live instructor Training courses are divided into 4 hour sessions to improve learning experience Access to the same Security Compass instructors that teach on-site Ability to have each student learn from the comfort of their own desk using collaboration tools Ease of planning, each student will be provided with an access to a WebEx portal to which they can join in and work with their colleagues, no infrastructure needed at your location Eligibility for CPE credits for students who have certifications (CISSP, CISA, etc.) Computer based training (CBT) Training module shipped to your organization for deployment into LMS or local student s desktop On demand training, take the course at your own pace and convenience Integrated Quiz options and certifications available Full narration by a real person, varying voices start-stop functionality. Fast forward, rewind, and resume sections as they desire and all our courses are fully SCORM compliant, making LMS integration a breeze. Training to address PCI compliance offered with some of our courses Learning Curriculum. Copyright Security Compass. 3

4 TrueLabs Hands-on Lab Exercises TrueLabs is Security Compass set of hands-on lab exercises for students. Depending on the course, our TrueLabs exercises allow students to better understand the security issues taught within the course. For instance, in our Exploiting and Defending Web Applications course, students have hands on exercises relating to common web application exploits. For our Mobile Hacking and Securing, students hack a vulnerable Android and iphone application. For our Securing Applications series, students see and learn to fix insure code. These exercises are all performed in a virtual machine provided to the students during the course. The following courses currently support TrueLabs: Exploiting and Defending Web Applications Securing Applications in.net Securing Applications in JAVA Securing Applications in C++ Mobile Hacking and Securing Truelabs. Students perform hands-on labs fixing insecure code in our JAVA TrueLabs VM. Learning Curriculum. Copyright Security Compass. 4

5 Security Learning Paths All our courses offer a certification track through Security Compass. Those that complete the required courses outlined below in their roles will receive a certificate of completion for their subject matter expertise. Some courses below will show the expected date of completion as we work hard to expand our course offerings and curriculum. Learning Curriculum. Copyright Security Compass. 5

6 Course Catalog Our focus is on application security. We aim to provide technically relevant courses and tools to help your staff understand secure development and defend your organizations applications. Learning Curriculum. Copyright Security Compass. 6

7 Available Courses Application Security for Managers Developers and security analysts are increasingly becoming involved in application security initiatives. Managers need to understand both the technical nature of their teams involvement with security initiatives as well as the business case for performing activities. This class arms managers with the knowledge necessary to make effective, risk-based decisions about application projects that balance business needs with security requirements. Length: 1 day Audience: Managers, CIO, Project Managers Key Concepts: The importance of application security vs. traditional security The most common application security vulnerabilities including the OWASP top 10 Understanding the risks to application security vulnerabilities Understanding and implementing a secure software development lifecycle (SDLC) Understanding the needs for secure design, development and testing Forming a business case for security Learning Curriculum. Copyright Security Compass. 7

8 Threat Model Express Threat modeling is gaining traction as a fundamental application security activity. In this class students learn about the attacks that their applications may face and then both formal and informal approaches to threat modeling. Using a fictional scenario, students perform all the activities of a threat model on a complex application including analyzing design documents and role-playing interviews. Students learn about the industry standard formal threat modeling process as well as Facilitated Application Threat Modeling: a 1-day approach to threat modeling pioneered by Security Compass. Days: 1 day Audience: Architects, Project Managers, Administrators Key Concepts: What is threat modeling and what does it achieve What the steps are to a traditional threat model How to gather useful information for a threat model including interviewing staff Establishing threats, vulnerabilities and countermeasures to your applications Ranking the threats based on its perceived risk to your application How to perform a quick 1-day threat model express with an in class exercise Learning Curriculum. Copyright Security Compass. 8

9 OWASP Top 10 Students will learn about the latest OWASP top 10 including how each of the vulnerabilities can impact your applications. We include a number of real-world examples where students discover the impacts to organization that have fallen victim to these vulnerabilities. Students will be able to describe best practices to defending against the OWASP Top 10 from a code agnostic standpoint and bring back this learning in to their organizations. CBT Available: Yes, 60 minutes Days: 1 day Audience: General Staff, Developers, Testers, Managers, Administrators Key Concepts: Understand common web application vulnerabilities (XSS, XSRF, SQL injection, Parameter manipulation, etc.) including the OWASP Top Describe how hackers exploit these weaknesses to take advantage of your users See real world examples of breaches and how these vulnerabilities have impacted organizations Describe best practices to defending against each of the OWASP Top 10 from a code agnostic perspective Learning Curriculum. Copyright Security Compass. 9

10 Exploiting and Defending Web Applications This course includes the OWASP Top 10 course and expands upon it to include a number of additional vulnerabilities commonly exploited in web applications today. It also introduces high level concepts of Authorization, Authentication, Data validation and Cryptography in the context of today s modern web applications. Students will perform hands on exercises to understand how exploits are performed and executed using our interactive TrueLabs solution. CBT Available: Yes, 90 minutes TrueLabs: Yes, both Instructor led and CBT Days: 3 days Audience: Developers, Architects, QA, Testers, Project Managers Key Concepts: Understand common web application vulnerabilities (XSS, XSRF, SQL injection, Parameter manipulation, etc.) including the OWASP Top 10 plus many more. Describe how hackers exploit these weaknesses to take advantage of your users Describe weaknesses in authentication, authorization, session management and data validation View examples of how hackers have breached systems using these vulnerabilities Perform TrueLabs exercises to see hands-on how hackers take advantage of these web application vulnerabilities Learning Curriculum. Copyright Security Compass. 10

11 Securing Web Applications in Java After taking this class students will be able to develop secure Java Enterprise Edition (J2EE) applications. Students will learn to define and identify secure code, differentiate between secure coding methods, employ secure code in practice and design and judge effectiveness of secure coding practice. The class focuses on learning by doing. Concepts are presented in short lecture-demonstration sessions, and then students are challenged in hands-on labs to make reasoned choices and implement secure code. Students are required to execute various real world solutions including fixing broken applications, adding security functionality, replacing poorly written code, finding vulnerabilities and doing runtime testing. CBT Available: Yes, 90 minutes TrueLabs: Yes, both Instructor led and CBT Days: 3 days Audience: Java Developers, Web Developers Key Concepts: Understand how to program Java securely to defend against common web application vulnerabilities Learn about libraries and techniques that can help developers protect their applications against insecure coding practices Identify best practices to secure Java programming for each of the OWASP top 10 by viewing bad insecure code examples vs. good secure code Hands-on TrueLabs exercises where students write real Java code to fix broken applications and defend against the OWASP Top 10 Learning Curriculum. Copyright Security Compass. 11

12 Securing Web Applications in.net Students will learn to define and identify secure.net 4.0 code, differentiate between secure coding methods, employ secure code in practice and design and judge effectiveness of secure coding practice. The class focuses on learning by doing. Concepts are presented in short lecture-demonstration sessions, and then students are challenged in hands-on labs to make reasoned choices and implement secure code. Students are required to execute various real world solutions including fixing broken applications, adding security functionality, replacing poorly written code, finding vulnerabilities and doing runtime testing. CBT Available: Yes, 90 minutes TrueLabs: Yes, both Instructor led and CBT Days: 3 days Audience:.NET Developers, Web Developers Key Concepts: Understand how to program.net securely to defend against common web application vulnerabilities with the latest techniques (.NET 4.0) Learn about libraries and techniques that can help developers protect their applications against insecure coding practices Identify best practices to secure.net programming for each of the OWASP top 10 by viewing bad insecure code examples vs. good secure code Hands-on TrueLabs exercises where students write real.net code to fix broken applications and defend against the OWASP Top 10 Learning Curriculum. Copyright Security Compass. 12

13 Securing C/C++ This class will prepare students to develop secure applications in C or C++. Students will learn to define and identify secure code, differentiate between secure coding methods, employ secure code in practice, and design and judge effectiveness of secure coding practice. Students completing this class will find their secure coding abilities materially sharpened. The course focuses on learning by demonstrations. Throughout the course, vulnerability categories are explained, followed by examples of real world examples in popular applications. Risk is analyzed, and defense techniques are identified for each vulnerability presented. CBT Available: Yes, 60 minutes TrueLabs: Yes, Instructor led only Day: 2 days Audience: Programmers, Code reviewers, QA Key Concepts: Hands-on TrueLabs exercises include performing a buffer overflow labs and how overflows can lead to exploited code execution. Understand secure allocation of memory, including memory organization and stacks. Discuss secure use of pointers, including pointer arithmetic and how incorrect use of pointers can cause vulnerability. Communicate how buffer overflows occur in addition to how they can get exploited by hackers. Learn about format string vulnerabilities and defenses to using format strings. Learn about best practices to defending against common C++ issues. Learning Curriculum. Copyright Security Compass. 13

14 Mobile Hacking and Securing Students will discover mobile hacking techniques for Android and iphone. They will understand the platform security models, device security models, app analysis, file system analysis and runtime analysis for these popular mobile operating systems. We will demonstrate insecure coding practices in Android and iphone environments. Students will perform hands-on TrueLabs exercises against our insecure app ExploitMe Mobile for both Android / iphone. They will learn to attack this vulnerable mobile application and learn about the pitfalls to mobile programming. Knowing this will arm them with the tools necessary to developing better, more secure mobile apps. TrueLabs: Yes, Instructor led Day: 1 day Audience: Mobile App Developers, Testers Key Concepts: Hands-on TrueLabs exercises include hacking a vulnerable mobile iphone and Android app we ve created called ExploitMe Mobile. Learn about the two popular iphone and Android device security architectures, and how they differ when it comes to their security Understand how hackers analyze mobile application protocols and reversing techniques Identify file storage issues including sensitive file storage and how to securely store data Perform decompilation of mobile apps to see the inner workings of the application itself Performing memory dumps and run-time analysis Learning Curriculum. Copyright Security Compass. 14

15 Free OWASP Top 10 Course We re happy to give back to the community by providing our OWASP Top 10 course free of charge (contains brief delays with promotions for our Training). The course will outline the fundamentals of the OWASP Top 10 and allows you to experience our high quality computer based training formats. If you are enjoy the course, contact us about the Premium version that can be hosted in your organization s LMS systems. Access the course immediately by signing up: Free CBT. Our OWASP Top 10 course is available online free of charge. Try it today. Learning Curriculum. Copyright Security Compass. 15

16 What can we do for you? We understand application security. We breathe it. We strive to provide you with the best training experience for your staff. Our experience helping our clients research and manage real world security risks allows us to drive our training material with the latest threats and vulnerabilities seen in every day engagements. What does that mean? It means that your staff is ready to respond to with forward thinking concepts to securing your business most sensitive applications. Here to help. Reach out to Security Compass advisors who can help. Oliver Ng Director of Training ext. 125 Sahba Kazerooni Director of Professional Services ext. 103 Learning Curriculum. Copyright Security Compass. 16

LEARNING CURRICULUM SECURITY COMPASS TRAINING 2015 Q3. Copyright 2015. Security Compass. 1

LEARNING CURRICULUM SECURITY COMPASS TRAINING 2015 Q3. Copyright 2015. Security Compass. 1 LEARNING CURRICULUM SECURITY COMPASS TRAINING 2015 Q3 Copyright 2015. Security Compass. 1 CONTENTS WHY SECURITY COMPASS...3 RECOMMENDED LEARNING PATHs...4 TECHNICAL LEARNING PATHS...4 BUSINESS / SUPPORT

More information

Mobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus

Mobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus Mobile Application Hacking for Android and iphone 4-Day Hands-On Course Syllabus Android and iphone Mobile Application Hacking 4-Day Hands-On Course Course description This course will focus on the techniques

More information

Information Security Services

Information Security Services Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual

More information

Enterprise Application Security Workshop Series

Enterprise Application Security Workshop Series Enterprise Application Security Workshop Series Phone 877-697-2434 fax 877-697-2434 www.thesagegrp.com Defending JAVA Applications (3 Days) In The Sage Group s Defending JAVA Applications workshop, participants

More information

90% of data breaches are caused by software vulnerabilities.

90% of data breaches are caused by software vulnerabilities. 90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with

More information

KEN VAN WYK. Fundamentals of Secure Coding and how to break Software MARCH 19-23, 2007 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)

KEN VAN WYK. Fundamentals of Secure Coding and how to break Software MARCH 19-23, 2007 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY) TECHNOLOGY TRANSFER PRESENTS KEN VAN WYK Fundamentals of Secure Coding and how to break Software MARCH 19-23, 2007 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY) info@technologytransfer.it www.technologytransfer.it

More information

Mobile Application Hacking for ios. 3-Day Hands-On Course. Syllabus

Mobile Application Hacking for ios. 3-Day Hands-On Course. Syllabus Mobile Application Hacking for ios 3-Day Hands-On Course Syllabus Course description ios Mobile Application Hacking 3-Day Hands-On Course This course will focus on the techniques and tools for testing

More information

elearning for Secure Application Development

elearning for Secure Application Development elearning for Secure Application Development Curriculum Application Security Awareness Series 1-2 Secure Software Development Series 2-8 Secure Architectures and Threat Modeling Series 9 Application Security

More information

Security-as-a-Service (Sec-aaS) Framework. Service Introduction

Security-as-a-Service (Sec-aaS) Framework. Service Introduction Security-as-a-Service (Sec-aaS) Framework Service Introduction Need of Information Security Program In current high-tech environment, we are getting more dependent on information systems. This dependency

More information

Know your enemy. Class Objectives Threat Model Express. and know yourself and you can fight a hundred battles without disaster.

Know your enemy. Class Objectives Threat Model Express. and know yourself and you can fight a hundred battles without disaster. Know your enemy and know yourself and you can fight a hundred battles without disaster. Sun Tzu Class Objectives Threat Model Express Create quick, informal threat models 2012 Security Compass inc. 2 1

More information

SECURITY EDUCATION CATALOGUE

SECURITY EDUCATION CATALOGUE SECURITY EDUCATION CATALOGUE i ii TABLE OF CONTENTS Introduction 2 Security Awareness Education 3 Security Awareness Course Catalogue 4 Security Awareness Course Builder 7 SAE Print Material 8 Secure Code

More information

Application Security Testing

Application Security Testing Tstsec - Version: 1 09 July 2016 Application Security Testing Application Security Testing Tstsec - Version: 1 4 days Course Description: We are living in a world of data and communication, in which the

More information

InfoSec Academy Application & Secure Code Track

InfoSec Academy Application & Secure Code Track Fundamental Courses Foundational Courses InfoSec Academy Specialized Courses Advanced Courses Certification Preparation Courses Certified Information Systems Security Professional (CISSP) Texas Security

More information

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Securing Your Web Application against security vulnerabilities Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Agenda Security Landscape Vulnerability Analysis Automated Vulnerability

More information

WhiteHat Security White Paper. Top 11 PCI DSS 3.0 Changes That Will Affect Your Application Security Program

WhiteHat Security White Paper. Top 11 PCI DSS 3.0 Changes That Will Affect Your Application Security Program WhiteHat Security White Paper Top 11 PCI DSS 3.0 Changes That Will Affect Your Application Security Program October 2015 The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information

More information

TEAM Academy Catalog. 187 Ballardvale Street, Wilmington, MA 01887 +1.978.694.1008 www.securityinnovation.com

TEAM Academy Catalog. 187 Ballardvale Street, Wilmington, MA 01887 +1.978.694.1008 www.securityinnovation.com TEAM Academy Catalog 187 Ballardvale Street, Wilmington, MA 01887 +1.978.694.1008 TEAM ACADEMY OVERVIEW 2 Table of Contents TEAM Academy Overview... 4 TEAM Professor Overview... 4 Security Awareness and

More information

Mean Time to Fix (MTTF) IT Risk s Dirty Little Secret Joe Krull, CPP, CISSP, IAM, CISA, A.Inst.ISP, CRISC, CIPP

Mean Time to Fix (MTTF) IT Risk s Dirty Little Secret Joe Krull, CPP, CISSP, IAM, CISA, A.Inst.ISP, CRISC, CIPP Mean Time to Fix (MTTF) IT Risk s Dirty Little Secret Joe Krull, CPP, CISSP, IAM, CISA, A.Inst.ISP, CRISC, CIPP Presentation Overview Basic Application Security (AppSec) Fundamentals Risks Associated With

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

Web Application Hacking (Penetration Testing) 5-day Hands-On Course Web Application Hacking (Penetration Testing) 5-day Hands-On Course Web Application Hacking (Penetration Testing) 5-day Hands-On Course Course Description Our web sites are under attack on a daily basis

More information

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's: Security.01 Penetration Testing.02 Compliance Review.03 Application Security Audit.04 Social Engineering.05 Security Outsourcing.06 Security Consulting.07 Security Policy and Program.08 Training Services

More information

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org

More information

Enterprise Application Security Program

Enterprise Application Security Program Enterprise Application Security Program GE s approach to solving the root cause and establishing a Center of Excellence Darren Challey GE Application Security Leader Agenda Why is AppSec important? Why

More information

Security Training-as-a-Service (STr-aaS) Service Details & Features

Security Training-as-a-Service (STr-aaS) Service Details & Features Security Training-as-a-Service (STr-aaS) Service Details & Features Importance of Information Security Training There is only one way to keep your product plans safe and that is by having a trained, aware

More information

Cyber Exploits: Improving Defenses Against Penetration Attempts

Cyber Exploits: Improving Defenses Against Penetration Attempts Cyber Exploits: Improving Defenses Against Penetration Attempts Mark Burnette, CPA, CISA, CISSP, CISM, CGEIT, CRISC, QSA LBMC Security & Risk Services Today s Agenda Planning a Cyber Defense Strategy How

More information

Table of Contents. Application Vulnerability Trends Report 2013. Introduction. 99% of Tested Applications Have Vulnerabilities

Table of Contents. Application Vulnerability Trends Report 2013. Introduction. 99% of Tested Applications Have Vulnerabilities Application Vulnerability Trends Report : 2013 Table of Contents 3 4 5 6 7 8 8 9 10 10 Introduction 99% of Tested Applications Have Vulnerabilities Cross Site Scripting Tops a Long List of Vulnerabilities

More information

Effective Software Security Management

Effective Software Security Management Effective Software Security Management choosing the right drivers for applying application security Author: Dharmesh M Mehta dharmeshmm@mastek.com / dharmeshmm@owasp.org Table of Contents Abstract... 1

More information

SAFECode Security Development Lifecycle (SDL)

SAFECode Security Development Lifecycle (SDL) SAFECode Security Development Lifecycle (SDL) Michael Howard Microsoft Matthew Coles EMC 15th Semi-annual Software Assurance Forum, September 12-16, 2011 Agenda Introduction to SAFECode Security Training

More information

THE HACKERS NEXT TARGET

THE HACKERS NEXT TARGET Governance and Risk Management THE HACKERS NEXT TARGET YOUR WEB AND SOFTWARE Anthony Lim MBA CISSP CSSLP FCITIL Director, Security, Asia Pacific Rational Software ISC2 CyberSecurity Conference 09 Kuala

More information

Mobile Application Security. Helping Organizations Develop a Secure and Effective Mobile Application Security Program

Mobile Application Security. Helping Organizations Develop a Secure and Effective Mobile Application Security Program Mobile Application Security Helping Organizations Develop a Secure and Effective Mobile Application Security Program by James Fox fox_james@bah.com Shahzad Zafar zafar_shahzad@bah.com Mobile applications

More information

Protect Your Organization With the Certification That Maps to a Master s-level Education in Software Assurance

Protect Your Organization With the Certification That Maps to a Master s-level Education in Software Assurance Protect Your Organization With the Certification That Maps to a Master s-level Education in Software Assurance Sponsored by the U.S. Department of Homeland Security (DHS), the Software Engineering Institute

More information

College Training Program

College Training Program College Training Program Importance of Information Security Training There is only one way to keep your product plans safe and that is by having a trained, aware and a conscientious workforce. - Kevin

More information

Security Innovation Application Security Education Curriculum. Courses to Help Build and Deploy more Secure Software and Information Systems

Security Innovation Application Security Education Curriculum. Courses to Help Build and Deploy more Secure Software and Information Systems Security Innovation Application Security Education Curriculum Courses to Help Build and Deploy more Secure Software and Information Systems Table of Contents 1.0 Security Education Curriculum Map... 3

More information

Our Security Education Curriculum PREPARED FOR ASPE TECHNOLOGY BY SI, INC. www.aspetech.com toll-free: 877-800-5221

Our Security Education Curriculum PREPARED FOR ASPE TECHNOLOGY BY SI, INC. www.aspetech.com toll-free: 877-800-5221 Our Security Education Curriculum PREPARED FOR ASPE TECHNOLOGY BY SI, INC www.aspetech.com toll-free: 877-800-5221 Security Training for Developers, Testers and Managers Security Innovation, Inc. 187 Ballardvale

More information

Learn the fundamentals of Software Development and Hacking of the iphone Operating System.

Learn the fundamentals of Software Development and Hacking of the iphone Operating System. Course: Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,495.00 Description: Learn the fundamentals of Software Development and Hacking of the iphone Operating System. provides an Instructor-led

More information

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

If you know the enemy and know yourself, you need not fear the result of a hundred battles. Rui Pereira,B.Sc.(Hons),CIPS ISP/ITCP,CISSP,CISA,CWNA/CWSP,CPTE/CPTC Principal Consultant, WaveFront Consulting Group ruiper@wavefrontcg.com 1 (604) 961-0701 If you know the enemy and know yourself, you

More information

Introduction. Secure Software Development 9/03/2015. Matias starts. Daan takes over. Matias takes over. Who are we? Round of introductions

Introduction. Secure Software Development 9/03/2015. Matias starts. Daan takes over. Matias takes over. Who are we? Round of introductions Matias starts Who are we? Applying Static Analysis Matias Madou and Daan Raman, Leuven, Feb 27, 2015 1 At NVISO, I m responsible for the software security practice. Next to the client work, I also leads

More information

Testing for Security

Testing for Security Testing for Security Kenneth Ingham September 29, 2009 1 Course overview The threat that security breaches present to your products and ultimately your customer base can be significant. This course is

More information

Penetration Testing //Vulnerability Assessment //Remedy

Penetration Testing //Vulnerability Assessment //Remedy A Division Penetration Testing //Vulnerability Assessment //Remedy In Penetration Testing, part of a security assessment practice attempts to simulate the techniques adopted by an attacker in compromising

More information

Hackers are here. Where are you?

Hackers are here. Where are you? 1 2 What is EC-Council Certified Security Analyst Licensed Penetration Tester Program You are an ethical hacker. Your last name is Pwned. You dream about enumeration and you can scan networks in your sleep.

More information

Adobe Systems Incorporated

Adobe Systems Incorporated Adobe Connect 9.2 Page 1 of 8 Adobe Systems Incorporated Adobe Connect 9.2 Hosted Solution June 20 th 2014 Adobe Connect 9.2 Page 2 of 8 Table of Contents Engagement Overview... 3 About Connect 9.2...

More information

TECHNOLOGY TRANSFER PRESENTS KEN VAN WYK JUNE 8-9, 2015 JUNE 10-11, 2015 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME (ITALY)

TECHNOLOGY TRANSFER PRESENTS KEN VAN WYK JUNE 8-9, 2015 JUNE 10-11, 2015 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME (ITALY) TECHNOLOGY TRANSFER PRESENTS KEN VAN WYK BREAKING AND FIXING WEB APPLICATIONS SECURITY PENETRATION TESTING IOS APPS JUNE 8-9, 2015 JUNE 10-11, 2015 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME (ITALY)

More information

VOLUME 3. State of Software Security Report. The Intractable Problem of Insecure Software

VOLUME 3. State of Software Security Report. The Intractable Problem of Insecure Software VOLUME 3 State of Software Security Report The Intractable Problem of Insecure Software Executive Summary April 19, 2011 Executive Summary The following are some of the most significant findings in the

More information

Development. Resilient Software. Secure and. Mark S. Merkow Lakshmikanth Raghavan. CRC Press. Taylor& Francis Croup. Taylor St Francis Group,

Development. Resilient Software. Secure and. Mark S. Merkow Lakshmikanth Raghavan. CRC Press. Taylor& Francis Croup. Taylor St Francis Group, Secure and Resilient Software Development Mark S. Merkow Lakshmikanth Raghavan CRC Press Taylor& Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor St Francis Group, an Informs

More information

ASP.NET MVC Secure Coding 4-Day hands on Course. Course Syllabus

ASP.NET MVC Secure Coding 4-Day hands on Course. Course Syllabus ASP.NET MVC Secure Coding 4-Day hands on Course Course Syllabus Course description ASP.NET MVC Secure Coding 4-Day hands on Course Secure programming is the best defense against hackers. This multilayered

More information

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access The Best First for Beginners who want to become Penetration Testers PTSv2 in pills: Self-paced, online, flexible access 900+ interactive slides and 3 hours of video material Interactive and guided learning

More information

Professional Penetration Testing Techniques and Vulnerability Assessment ...

Professional Penetration Testing Techniques and Vulnerability Assessment ... Course Introduction Today Hackers are everywhere, if your corporate system connects to internet that means your system might be facing with hacker. This five days course Professional Vulnerability Assessment

More information

FINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

FINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that

More information

WEB APPLICATION SECURITY

WEB APPLICATION SECURITY WEB APPLICATION SECURITY Governance and Risk Management YOUR LAST LINE OF DEFENSE Aug 06 2009 ANSES RAH RAH Anthony Lim MBA CISSP CSSLP FCITIL Director, Security, Asia Pacific Rational Software Prolog

More information

Penetration Testing Guidelines For the Financial Industry in Singapore. 31 July 2015

Penetration Testing Guidelines For the Financial Industry in Singapore. 31 July 2015 For the Financial Industry in Singapore 31 July 2015 TABLE OF CONTENT 1. EXECUTIVE SUMMARY 3 2. INTRODUCTION 4 2.1 Audience 4 2.2 Purpose and Scope 4 2.3 Definitions 4 3. REQUIREMENTS 6 3.1 Overview 6

More information

Web Application Security

Web Application Security Web Application Security Ng Wee Kai Senior Security Consultant PulseSecure Pte Ltd About PulseSecure IT Security Consulting Company Part of Consortium in IDA (T) 606 Term Tender Cover most of the IT Security

More information

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001 001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110

More information

Introduction to Web Application Security. Microsoft CSO Roundtable Houston, TX. September 13 th, 2006

Introduction to Web Application Security. Microsoft CSO Roundtable Houston, TX. September 13 th, 2006 Introduction to Web Application Security Microsoft CSO Roundtable Houston, TX September 13 th, 2006 Overview Background What is Application Security and Why Is It Important? Examples Where Do We Go From

More information

Rational AppScan & Ounce Products

Rational AppScan & Ounce Products IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168

More information

Strategic Information Security. Attacking and Defending Web Services

Strategic Information Security. Attacking and Defending Web Services Security PS Strategic Information Security. Attacking and Defending Web Services Presented By: David W. Green, CISSP dgreen@securityps.com Introduction About Security PS Application Security Assessments

More information

SYLLABUS MOBILE APPLICATION SECURITY AND PENETRATION TESTING. MASPT at a glance: v1.0 (28/01/2014) 10 highly practical modules

SYLLABUS MOBILE APPLICATION SECURITY AND PENETRATION TESTING. MASPT at a glance: v1.0 (28/01/2014) 10 highly practical modules Must have skills in any penetration tester's arsenal. MASPT at a glance: 10 highly practical modules 4 hours of video material 1200+ interactive slides 20 Applications to practice with Leads to emapt certification

More information

How To Ensure That Your Computer System Is Safe

How To Ensure That Your Computer System Is Safe Establishing a Continuous Process for PCI DSS Compliance Visa, MasterCard, American Express, and other payment card companies currently require all U.S. merchants accepting credit card payments to comply

More information

How to Build a Trusted Application. John Dickson, CISSP

How to Build a Trusted Application. John Dickson, CISSP How to Build a Trusted Application John Dickson, CISSP Overview What is Application Security? Examples of Potential Vulnerabilities Strategies to Build Secure Apps Questions and Answers Denim Group, Ltd.

More information

CYBER SECURITY TRAINING SAFE AND SECURE

CYBER SECURITY TRAINING SAFE AND SECURE CYBER SECURITY TRAINING KEEPING YOU SAFE AND SECURE Experts in Cyber Security training. Hardly a day goes by without a cyber attack being reported. With this ever-increasing threat there is a growing need

More information

Android & ios Application Vulnerability Assessment & Penetration Testing Training. 2-Day hands on workshop on VAPT of Android & ios Applications

Android & ios Application Vulnerability Assessment & Penetration Testing Training. 2-Day hands on workshop on VAPT of Android & ios Applications Android & ios Application Vulnerability Assessment & Penetration Testing Training 2-Day hands on workshop on VAPT of Android & ios Applications Course Title Workshop on VAPT of Android & ios Applications

More information

EC-Council Certified Security Analyst (ECSA)

EC-Council Certified Security Analyst (ECSA) EC-Council Certified Security Analyst (ECSA) v8 Eğitim Tipi ve Süresi: 5 Days VILT 5 Day VILT EC-Council Certified Security Analyst (ECSA) v8 Learn penetration testing methodologies while preparing for

More information

IoT Potential Risks and Challenges

IoT Potential Risks and Challenges IoT Potential Risks and Challenges GRIFES / GITI / EPFL Alumni Conference, Lausanne, May 7 th, 2015 Stefan Schiller, HP ESP Fortify Solution Architect D/A/CH IoT Potential Risks and Challenges Agenda IDC

More information

Advanced ANDROID & ios Hands-on Exploitation

Advanced ANDROID & ios Hands-on Exploitation Advanced ANDROID & ios Hands-on Exploitation By Attify Trainers Aditya Gupta Prerequisite The participants are expected to have a basic knowledge of Mobile Operating Systems. Knowledge of programming languages

More information

white SECURITY TESTING WHITE PAPER

white SECURITY TESTING WHITE PAPER white SECURITY TESTING WHITE PAPER Contents: Introduction...3 The Need for Security Testing...4 Security Scorecards...5 Test Approach... 11 Framework... 16 Project Initiation Process... 17 Conclusion...

More information

Your Web and Applications

Your Web and Applications Governance and Risk Management Your Web and Applications The Hacker s New Target Anthony Lim MBA CISSP CSSLP FCITIL Director, Security, Asia Pacific Rational Software Social Engineering in the Business

More information

Security Training Why It Benefits Your Organization and How to Make Your Case to Management

Security Training Why It Benefits Your Organization and How to Make Your Case to Management Security Training Why It Benefits Your Organization and How to Make Your Case to Management Author: Nick Murison Senior Security Consultant Foundstone Professional Services Introduction A major challenge

More information

Mobile Application Lifecycle Management

Mobile Application Lifecycle Management Mobile Application Lifecycle Management An InfoStretch White Paper October 2014 3200 Patrick Henry Drive, Suite 250 Santa Clara, CA 95054 408.727.1100 info@infostretch.com www.infostretch.com 2014 InfoStretch

More information

Where every interaction matters.

Where every interaction matters. Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper

More information

OWASP Mobile Top Ten 2014 Meet the New Addition

OWASP Mobile Top Ten 2014 Meet the New Addition OWASP Mobile Top Ten 2014 Meet the New Addition Agenda OWASP Mobile Top Ten 2014 Lack of Binary Protections added Why is Binary Protection important? What Risks Need to be Mitigated? Where to Go For Further

More information

The Top Web Application Attacks: Are you vulnerable?

The Top Web Application Attacks: Are you vulnerable? QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding

More information

ISSECO Syllabus Public Version v1.0

ISSECO Syllabus Public Version v1.0 ISSECO Syllabus Public Version v1.0 ISSECO Certified Professional for Secure Software Engineering Date: October 16th, 2009 This document was produced by the ISSECO Working Party Syllabus Introduction to

More information

EC-Council E C S P.NET. EC-Council. EC-Council Certified Secure Programmer (.NET)

EC-Council E C S P.NET. EC-Council. EC-Council Certified Secure Programmer (.NET) E C S P.NET (.NET) ECSP.NET Course Software defects, bugs, and flaws in the logic of the program are consistently the cause for software vulnerabilities. Analysis by software security professionals has

More information

Information Security. Training

Information Security. Training Information Security Training Importance of Information Security Training There is only one way to keep your product plans safe and that is by having a trained, aware and a conscientious workforce. - Kevin

More information

Web App Security Audit Services

Web App Security Audit Services locuz.com Professional Services Web App Security Audit Services The unsecured world today Today, over 80% of attacks against a company s network come at the Application Layer not the Network or System

More information

Adobe ColdFusion. Secure Profile Web Application Penetration Test. July 31, 2014. Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661

Adobe ColdFusion. Secure Profile Web Application Penetration Test. July 31, 2014. Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661 Adobe ColdFusion Secure Profile Web Application Penetration Test July 31, 2014 Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661 Chicago Dallas This document contains and constitutes the

More information

ASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION

ASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION ASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION V 2.0 A S L I T S e c u r i t y P v t L t d. Page 1 Overview: Learn the various attacks like sql injections, cross site scripting, command execution

More information

Web Application security testing: who tests the test?

Web Application security testing: who tests the test? Web Application security testing: who tests the test? Ainārs Galvāns Application Penetration Tester www.exigenservices.lv About myself Functional testing Leading test group Reporting to client Performance

More information

Top Signs You re Prime for a Data Breach in 2014

Top Signs You re Prime for a Data Breach in 2014 Hacking Into Your Healthcare Systems Series Top Signs You re Prime for a Data Breach in 2014 PRESENTED BY: IronBox Data Protection Website: www.goironbox.com Email: contactus@goironbox.com About IronBox

More information

Intelligent Security Design, Development and Acquisition

Intelligent Security Design, Development and Acquisition PAGE 1 Intelligent Security Design, Development and Acquisition Presented by Kashif Dhatwani Security Practice Director BIAS Corporation Agenda PAGE 2 Introduction Security Challenges Securing the New

More information

Web Application Security. Vulnerabilities, Weakness and Countermeasures. Massimo Cotelli CISSP. Secure

Web Application Security. Vulnerabilities, Weakness and Countermeasures. Massimo Cotelli CISSP. Secure Vulnerabilities, Weakness and Countermeasures Massimo Cotelli CISSP Secure : Goal of This Talk Security awareness purpose Know the Web Application vulnerabilities Understand the impacts and consequences

More information

Mobile Application Security Report 2015

Mobile Application Security Report 2015 Mobile Application Security Report 2015 BY Author : James Greenberg 1 P a g e Executive Summary Mobile Application Security Report 2015 The mobile application industry is growing exponentially at an explosive

More information

IBM Rational AppScan: Application security and risk management

IBM Rational AppScan: Application security and risk management IBM Software Security November 2011 IBM Rational AppScan: Application security and risk management Identify, prioritize, track and remediate critical security vulnerabilities and compliance demands 2 IBM

More information

Best Practices - Remediation of Application Vulnerabilities

Best Practices - Remediation of Application Vulnerabilities DROISYS APPLICATION SECURITY REMEDIATION Best Practices - Remediation of Application Vulnerabilities by Sanjiv Goyal CEO, Droisys February 2012 Proprietary Notice All rights reserved. Copyright 2012 Droisys

More information

Cenzic Product Guide. Cloud, Mobile and Web Application Security

Cenzic Product Guide. Cloud, Mobile and Web Application Security Cloud, Mobile and Web Application Security Table of Contents Cenzic Enterprise...3 Cenzic Desktop...3 Cenzic Managed Cloud...3 Cenzic Cloud...3 Cenzic Hybrid...3 Cenzic Mobile...4 Technology...4 Continuous

More information

Penetration Testing in Romania

Penetration Testing in Romania Penetration Testing in Romania Adrian Furtunǎ, Ph.D. 11 October 2011 Romanian IT&C Security Forum Agenda About penetration testing Examples Q & A 2 What is penetration testing? Method for evaluating the

More information

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked. This sample report is published with prior consent of our client in view of the fact that the current release of this web application is three major releases ahead in its life cycle. Issues pointed out

More information

Introduction to Penetration Testing Graham Weston

Introduction to Penetration Testing Graham Weston Introduction to Penetration Testing Graham Weston March 2014 Agenda Introduction and background Why do penetration testing? Aims and objectives Approaches Types of penetration test What can be penetration

More information

How to Develop Cloud Applications Based on Web App Security Lessons

How to Develop Cloud Applications Based on Web App Security Lessons Applications Based on Before moving applications to the public cloud, it is important to implement security practices and techniques. This expert E-Guide provides guidance on how to develop secure applications

More information

How to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP

How to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP How to start a software security initiative within your organization: a maturity based and metrics driven approach Marco Morana OWASP Lead/ TISO Citigroup OWASP Application Security For E-Government Copyright

More information

Hackers are here. Where are you?

Hackers are here. Where are you? 1 2 What is EC-Council Certified Security Analyst Licensed Penetration Tester Program You are an ethical hacker. Your last name is Pwned. You dream about enumeration and you can scan networks in your sleep.

More information

Security Solutions & Training. Exploit-Me. Open Source Firefox Plug-Ins for Penetration Testing

Security Solutions & Training. Exploit-Me. Open Source Firefox Plug-Ins for Penetration Testing Security Solutions & Training Exploit-Me Open Source Firefox Plug-Ins for Penetration Testing Introduction 2 Introduction 3 Agenda State of web application security XSS Really a Danger? Introducing XSS-Me

More information

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY www.alliancetechpartners.com WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY More than 70% of all websites have vulnerabilities

More information

Passing PCI Compliance How to Address the Application Security Mandates

Passing PCI Compliance How to Address the Application Security Mandates Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These

More information

Application Security and the SDLC. Dan Cornell Denim Group, Ltd. www.denimgroup.com

Application Security and the SDLC. Dan Cornell Denim Group, Ltd. www.denimgroup.com Application Security and the SDLC Dan Cornell Denim Group, Ltd. www.denimgroup.com Overview Background What is Application Security and Why is It Important? Specific Reference Examples Integrating Security

More information

QA Classroom and Online training from Yes-M Systems

QA Classroom and Online training from Yes-M Systems QA Classroom and Online training from Yes-M Systems One of the best QA courses: Manual Testing Highlights 85+ hours to finish the course Experienced Instructors Recruiters help with Resume Preparation

More information

ArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young

ArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction

More information

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top

More information

Universities and Schools Under Cyber-Attack: How to Protect Your Institution of Excellence

Universities and Schools Under Cyber-Attack: How to Protect Your Institution of Excellence Universities and Schools Under Cyber-Attack: How to Protect Your Institution of Excellence About ERM About The Speaker Information Security Expert at ERM B.S. Software Engineering and Information Technology

More information

Web attacks and security: SQL injection and cross-site scripting (XSS)

Web attacks and security: SQL injection and cross-site scripting (XSS) Web attacks and security: SQL injection and cross-site scripting (XSS) License This work by Z. Cliffe Schreuders at Leeds Metropolitan University is licensed under a Creative Commons Attribution-ShareAlike

More information

PCI DSS in Essence Through practical examples. September, 2016 Septia Academy

PCI DSS in Essence Through practical examples. September, 2016 Septia Academy PCI DSS in Essence Through practical examples September, 2016 Septia Academy PCI DSS in Essence Training program specification Introduction The Payment Card Industry Data Security Standard s requirements

More information