90% of data breaches are caused by software vulnerabilities.

Transcription

1 90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) Offered in partnership with

2 Secure Software Development (SSD) Certificate Program Benefits Individuals Be a real influencer in CyberSecurity Learn skills that increase your marketability Take courses at your convenience Earn CPE/CEU credits Corporations Secure mission critical applications Reduce IT and data risk Comply with mandates for security training Demonstrate commitment to customers An SSD certificate is highly-regarded because it addresses the root cause of data breaches application layer vulnerabilities. The knowledge attained is not general purpose; it is specialized and critical to thwarting cybercrime. The SSD Certificate Program provides assurance that an individual has demonstrated mastery of real-world software security skills. The knowledge and techniques learned in this certificate program is based on and developed by experts in application security field - and offer both defensive techniques as well as awareness as to how a hacker will attack software applications. Certificate Course Work Course hours: 8 Choice: Creating Secure Code for C/C++ or J2EE or.net 4.0 Integer Overflows: Attacks and Counter Measures Buffer Overflows: Attacks and Counter Measures How to Perform a Security Code Review Introduction to Cryptography About UCF Second largest university in the nation Top 10 among U.S. universities for the power and impact of its patents Ranked fifth, Top Up-andcoming national university by U.S. News & World Report UCF Stands for Opportunity

3 Creating Secure Code ASP.NET This elearning course targets development teams working on ASP.Net applications. It will help developers define and code more secure applications as they learn at their own pace. As a result, organizations can keep their training costs down while improving the speed and quality of their software development efforts. This in-depth course examines the development of secure Web applications in ASP.Net. It provides developers and testers with an overview of common Web application vulnerabilities and a set of nine best practices and techniques to follow in order to avoid them. Throughout the course, students are provided with interactive games and simulations designed to reinforce the secure design and coding concepts that were introduced. Understand the principles of secure coding and design of ASP.Net Web applications. Participants will complete various self-test questions throughout the course In the, Course Laboratory, sections, hands-on activities allow students to discover the vulnerabilities for themselves and find ways to address them, greatly enhancing the security of their code. The Need for Secure Coding Best Practices This topic explains the consequences of not following best practices; it also provides an overview of the advantages of addressing security issues at the implementation phase, rather than later in the software development life cycle. Nine Best Practices This topic details each of the nine best practices listed below; for each, it defines the best practice, outlines the vulnerabilities that could arise should the best practice not be followed, and provides the students with multiple handson exercises. 1. Perform Input and Data Validation 2. Err and Fail Securely 3. Practice Defense in Depth 4. Handle Sensitive Data with Care 5. Follow Secure Account Management Policies 6. Follow Secure Auditing and Logging Procedures 7. Implement Proper Authorization 8. Do Not Reinvent the Wheel 9. Do Not Reveal Too Much Information

4 Creating Secure Code PHP List the time-tested defensive coding principles Use the coding principles to prevent common security vulnerabilities A multiple-choice exam is taken at the end of the course. PHP: Hypertext Preprocessor is a popular, powerful, and flexible language that developers use to build web applications. PHP includes frameworks, solutions, and functions that help developers create and manage secure web sessions, enable proper handling of errors in code, and provide safeguards against malicious attacks. However, novice programmers often ignore these solutions and functions and use different methods to develop programs. This introduces vulnerabilities in the programs, which attackers can exploit to access and modify critical user data stored in system files, databases, and web servers. This course introduces best practices for developing secure PHP code. The course also identifies common PHP vulnerabilities that attackers can exploit to gain access to critical information. In addition, the course explains mitigation techniques that you can use to avoid common PHP vulnerabilities and write secure code. After completing this course, you will be able to describe the best practices for developing secure PHP code, explain common PHP vulnerabilities and learn mitigation techniques to avoid common PHP vulnerabilities and write secure code. PHP Development Best Practices A secure web application requires a properly configured environment, secure code, and a secure method of communication. Misconfiguration and insufficient management expose sites to malicious attacks. Similarly, improper handling of errors in code, unencrypted communication channels, and system applicationlevel errors can result in security issues such as network eavesdropping attacks and system compromises. This module introduces the best practices and safeguards that you need to implement when developing PHP programs. The module covers topics on security configuration and management, error handling, transport layer protection, session and authentication security, and broken authentication or authorization schemes. Preventing Common PHP Vulnerabilities PHP is a powerful language that is easy to learn and includes features that can be misused if proper security measures are not employed when programming. If PHP code is not secure, attackers can inject malicious code into PHP scripts and use these scripts to access and modify critical user data stored in system files, databases, and web servers. This module discusses common PHP vulnerabilities and their impact on the security of a web application. In addition, the module highlights the preventive measures and best practices that you can use to safeguard PHP programs against different vulnerabilities.

5 Creating Secure Code C/C++ In this course, you will learn to detect common coding errors that lead to vulnerabilities. You will learn to effectively remediate the most common security vulnerabilities, and use the right tools to secure your code and detect security vulnerabilities early in the project lifestyle. This course has one module. Common Coding Errors This module discusses common coding errors that result in security vulnerabilities. By avoiding these common coding errors, you can focus on the tricky security problems unique to your application. Additionally, this module introduces you to the tools used to detect common coding errors. Recognize common coding errors that lead to vulnerabilities Apply techniques to effectively remediate common security vulnerabilities Select the right tools to secure your code Participants will complete various self-test questions throughout the course

6 Integer Overflows: Attacks & Countermeasures Recognize integer overflows in your existing code base Apply best practices in order to prevent integer overflows Perform specialized testing that detects integer overflows Participants will complete various self-test questions throughout the course An integer overflow is a programming error that can severely impact a computer system s security. Due to the subtlety of this bug, integer overflows are often overlooked during development. This course covers the security concepts, testing techniques, and best practices that will enable you to develop robust applications that are secure against integer overflow vulnerabilities. Introduction to Integer Overflows This module will cover all the information required to understand the mechanisms that lead to integer overflows, while showing the potential damage that they can cause to an application. The goal of this module is to enable you to explain why integer overflows occur and to correctly identify the threats posed by them. Preventing Integer Overflows This module will provide you the necessary information and best practices to prevent integer overflows. Specifically, this module will illustrate how to use integer overflow countermeasures such as checked expressions, how to choose correct integral types, and how to use existing libraries and classes that have been designed to be safe from integer overflows. Additionally, this module will provide you with proper code review and testing techniques that will enable you to identify and eliminate existing integer overflows.

7 Buffer Overflows: Attacks & Countermeasures This course introduces the security concepts, testing techniques, and best practices that will help you recognize and better defend against buffer overflow exploits. The students are first provided with a detailed background on the mechanisms of exploit of stack-based and heap-based buffer overflows. The course then delves into the protections provided by the Microsoft compiler and the Windows operating system, and wraps up with practical advice on how to avoid buffer overflows during the design, development, and verification phases of the software development life cycle. Recognizing the Threats Posed by Exploitation Buffer overflows are one of the most commonly known types of security vulnerabilities. While they can be easily remediated, past events have shown that they have often been overlooked and widely exploited. After completing this module, you will have a strong understanding of how buffer overflows can be exploited on both stack and on the heap and what the consequences of that attack are to overall application and system security. Mitigating Buffer Overflows This module introduces several Windows features that mitigate the dangers posed by buffer overflows such as Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP). Also discussed are several best practices to avoid and detect buffer overflows at different phases of the software development lifecycle. These practices include the /GS flag, SAFE API s, and fuzz testing. Identify the dangers posed by buffer overflows Describe the exploitation techniques for stackbased and heap-based buffer overflows Leverage built-in system defenses that protect against buffer overflow exploits Apply best practices to avoid buffer overflows Perform testing that detects buffer overflows Participants will complete various self-test questions throughout the course

8 How to Perform a Security Code Review Participants will complete various self-test questions throughout the course Application developers may use a variety of tools to identify flaws in their software. Many of these tools, however, cannot be deployed until late in the development life cycle; dynamic analysis tools require a staging site and sample data, and some static analysis tools require a compiled build. Manual code reviews, in contrast, can begin at any time and require no specialized tools only secure coding knowledge. Manual code reviews can also be laborious if every line of source code is reviewed. This course provides students with guidance on how to best organize code reviews, prioritize those code segments that will be reviewed, best practices for reviewing source code and maximize security resources. Security Code Review This module introduces you to security code review. It describes the methodology to perform a security code review and various activities associated with the review. This module also describes post code review activities. After completing this module, you will be able to describe the methodology for performing a security code review, conduct a security code review, and describe the key activities that should occur after the review.

9 Introduction to Cryptography This course provides you with the knowledge to understand cryptography and an opportunity to investigate the threats that affect two communicating parties. It also helps you understand how these threats can be mitigated using a proper cryptographic solution. The Foundations of Cryptography Explaining the Foundations of Cryptography Identifying the Aspects of Security That Cryptography Addresses Authentication Symmetric Ciphers Asymmetric Cryptographic Ciphers Explaining Hash Functions Choosing Appropriate Cryptographic Methods Considering Symmetric Ciphers for Message Encryption Considering HMAC to Provide Tamper Detection Considering Asymmetric Ciphers for Message Encryption Considering Asymmetric Ciphers to Encrypt Cryptographic Keys Considering Asymmetric Cryptography to Provide Authentication Applying Cryptographic Best Practices Selecting the Proper Cryptographic Algorithm Designing Cryptographically Agile Applications Applying Cryptographic Agility Using Proper Cryptographic Solutions Selecting a Proper Key Management Scheme Securely Storing, Exchanging and Using Secret Keys Identify the problems that cryptography can address Recognize threats that apply to two communicating parties Select appropriate cryptographic solutions to mitigate these threats Describe the mechanisms behind cryptographic protocols Follow cryptographic best practices A 15-question multiple-choice exam is taken at the end of the course. Locating Cryptography Resources

10 Secure Software Development (SSD) Certificate Program REGISTER ONLINE NOW Offered in partnership with