90% of data breaches are caused by software vulnerabilities.

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "90% of data breaches are caused by software vulnerabilities."

Transcription

1 90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) Offered in partnership with

2 Secure Software Development (SSD) Certificate Program Benefits Individuals Be a real influencer in CyberSecurity Learn skills that increase your marketability Take courses at your convenience Earn CPE/CEU credits Corporations Secure mission critical applications Reduce IT and data risk Comply with mandates for security training Demonstrate commitment to customers An SSD certificate is highly-regarded because it addresses the root cause of data breaches application layer vulnerabilities. The knowledge attained is not general purpose; it is specialized and critical to thwarting cybercrime. The SSD Certificate Program provides assurance that an individual has demonstrated mastery of real-world software security skills. The knowledge and techniques learned in this certificate program is based on and developed by experts in application security field - and offer both defensive techniques as well as awareness as to how a hacker will attack software applications. Certificate Course Work Course hours: 8 Choice: Creating Secure Code for C/C++ or J2EE or.net 4.0 Integer Overflows: Attacks and Counter Measures Buffer Overflows: Attacks and Counter Measures How to Perform a Security Code Review Introduction to Cryptography About UCF Second largest university in the nation Top 10 among U.S. universities for the power and impact of its patents Ranked fifth, Top Up-andcoming national university by U.S. News & World Report UCF Stands for Opportunity

3 Creating Secure Code ASP.NET This elearning course targets development teams working on ASP.Net applications. It will help developers define and code more secure applications as they learn at their own pace. As a result, organizations can keep their training costs down while improving the speed and quality of their software development efforts. This in-depth course examines the development of secure Web applications in ASP.Net. It provides developers and testers with an overview of common Web application vulnerabilities and a set of nine best practices and techniques to follow in order to avoid them. Throughout the course, students are provided with interactive games and simulations designed to reinforce the secure design and coding concepts that were introduced. Understand the principles of secure coding and design of ASP.Net Web applications. Participants will complete various self-test questions throughout the course In the, Course Laboratory, sections, hands-on activities allow students to discover the vulnerabilities for themselves and find ways to address them, greatly enhancing the security of their code. The Need for Secure Coding Best Practices This topic explains the consequences of not following best practices; it also provides an overview of the advantages of addressing security issues at the implementation phase, rather than later in the software development life cycle. Nine Best Practices This topic details each of the nine best practices listed below; for each, it defines the best practice, outlines the vulnerabilities that could arise should the best practice not be followed, and provides the students with multiple handson exercises. 1. Perform Input and Data Validation 2. Err and Fail Securely 3. Practice Defense in Depth 4. Handle Sensitive Data with Care 5. Follow Secure Account Management Policies 6. Follow Secure Auditing and Logging Procedures 7. Implement Proper Authorization 8. Do Not Reinvent the Wheel 9. Do Not Reveal Too Much Information

4 Creating Secure Code PHP List the time-tested defensive coding principles Use the coding principles to prevent common security vulnerabilities A multiple-choice exam is taken at the end of the course. PHP: Hypertext Preprocessor is a popular, powerful, and flexible language that developers use to build web applications. PHP includes frameworks, solutions, and functions that help developers create and manage secure web sessions, enable proper handling of errors in code, and provide safeguards against malicious attacks. However, novice programmers often ignore these solutions and functions and use different methods to develop programs. This introduces vulnerabilities in the programs, which attackers can exploit to access and modify critical user data stored in system files, databases, and web servers. This course introduces best practices for developing secure PHP code. The course also identifies common PHP vulnerabilities that attackers can exploit to gain access to critical information. In addition, the course explains mitigation techniques that you can use to avoid common PHP vulnerabilities and write secure code. After completing this course, you will be able to describe the best practices for developing secure PHP code, explain common PHP vulnerabilities and learn mitigation techniques to avoid common PHP vulnerabilities and write secure code. PHP Development Best Practices A secure web application requires a properly configured environment, secure code, and a secure method of communication. Misconfiguration and insufficient management expose sites to malicious attacks. Similarly, improper handling of errors in code, unencrypted communication channels, and system applicationlevel errors can result in security issues such as network eavesdropping attacks and system compromises. This module introduces the best practices and safeguards that you need to implement when developing PHP programs. The module covers topics on security configuration and management, error handling, transport layer protection, session and authentication security, and broken authentication or authorization schemes. Preventing Common PHP Vulnerabilities PHP is a powerful language that is easy to learn and includes features that can be misused if proper security measures are not employed when programming. If PHP code is not secure, attackers can inject malicious code into PHP scripts and use these scripts to access and modify critical user data stored in system files, databases, and web servers. This module discusses common PHP vulnerabilities and their impact on the security of a web application. In addition, the module highlights the preventive measures and best practices that you can use to safeguard PHP programs against different vulnerabilities.

5 Creating Secure Code C/C++ In this course, you will learn to detect common coding errors that lead to vulnerabilities. You will learn to effectively remediate the most common security vulnerabilities, and use the right tools to secure your code and detect security vulnerabilities early in the project lifestyle. This course has one module. Common Coding Errors This module discusses common coding errors that result in security vulnerabilities. By avoiding these common coding errors, you can focus on the tricky security problems unique to your application. Additionally, this module introduces you to the tools used to detect common coding errors. Recognize common coding errors that lead to vulnerabilities Apply techniques to effectively remediate common security vulnerabilities Select the right tools to secure your code Participants will complete various self-test questions throughout the course

6 Integer Overflows: Attacks & Countermeasures Recognize integer overflows in your existing code base Apply best practices in order to prevent integer overflows Perform specialized testing that detects integer overflows Participants will complete various self-test questions throughout the course An integer overflow is a programming error that can severely impact a computer system s security. Due to the subtlety of this bug, integer overflows are often overlooked during development. This course covers the security concepts, testing techniques, and best practices that will enable you to develop robust applications that are secure against integer overflow vulnerabilities. Introduction to Integer Overflows This module will cover all the information required to understand the mechanisms that lead to integer overflows, while showing the potential damage that they can cause to an application. The goal of this module is to enable you to explain why integer overflows occur and to correctly identify the threats posed by them. Preventing Integer Overflows This module will provide you the necessary information and best practices to prevent integer overflows. Specifically, this module will illustrate how to use integer overflow countermeasures such as checked expressions, how to choose correct integral types, and how to use existing libraries and classes that have been designed to be safe from integer overflows. Additionally, this module will provide you with proper code review and testing techniques that will enable you to identify and eliminate existing integer overflows.

7 Buffer Overflows: Attacks & Countermeasures This course introduces the security concepts, testing techniques, and best practices that will help you recognize and better defend against buffer overflow exploits. The students are first provided with a detailed background on the mechanisms of exploit of stack-based and heap-based buffer overflows. The course then delves into the protections provided by the Microsoft compiler and the Windows operating system, and wraps up with practical advice on how to avoid buffer overflows during the design, development, and verification phases of the software development life cycle. Recognizing the Threats Posed by Exploitation Buffer overflows are one of the most commonly known types of security vulnerabilities. While they can be easily remediated, past events have shown that they have often been overlooked and widely exploited. After completing this module, you will have a strong understanding of how buffer overflows can be exploited on both stack and on the heap and what the consequences of that attack are to overall application and system security. Mitigating Buffer Overflows This module introduces several Windows features that mitigate the dangers posed by buffer overflows such as Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP). Also discussed are several best practices to avoid and detect buffer overflows at different phases of the software development lifecycle. These practices include the /GS flag, SAFE API s, and fuzz testing. Identify the dangers posed by buffer overflows Describe the exploitation techniques for stackbased and heap-based buffer overflows Leverage built-in system defenses that protect against buffer overflow exploits Apply best practices to avoid buffer overflows Perform testing that detects buffer overflows Participants will complete various self-test questions throughout the course

8 How to Perform a Security Code Review Participants will complete various self-test questions throughout the course Application developers may use a variety of tools to identify flaws in their software. Many of these tools, however, cannot be deployed until late in the development life cycle; dynamic analysis tools require a staging site and sample data, and some static analysis tools require a compiled build. Manual code reviews, in contrast, can begin at any time and require no specialized tools only secure coding knowledge. Manual code reviews can also be laborious if every line of source code is reviewed. This course provides students with guidance on how to best organize code reviews, prioritize those code segments that will be reviewed, best practices for reviewing source code and maximize security resources. Security Code Review This module introduces you to security code review. It describes the methodology to perform a security code review and various activities associated with the review. This module also describes post code review activities. After completing this module, you will be able to describe the methodology for performing a security code review, conduct a security code review, and describe the key activities that should occur after the review.

9 Introduction to Cryptography This course provides you with the knowledge to understand cryptography and an opportunity to investigate the threats that affect two communicating parties. It also helps you understand how these threats can be mitigated using a proper cryptographic solution. The Foundations of Cryptography Explaining the Foundations of Cryptography Identifying the Aspects of Security That Cryptography Addresses Authentication Symmetric Ciphers Asymmetric Cryptographic Ciphers Explaining Hash Functions Choosing Appropriate Cryptographic Methods Considering Symmetric Ciphers for Message Encryption Considering HMAC to Provide Tamper Detection Considering Asymmetric Ciphers for Message Encryption Considering Asymmetric Ciphers to Encrypt Cryptographic Keys Considering Asymmetric Cryptography to Provide Authentication Applying Cryptographic Best Practices Selecting the Proper Cryptographic Algorithm Designing Cryptographically Agile Applications Applying Cryptographic Agility Using Proper Cryptographic Solutions Selecting a Proper Key Management Scheme Securely Storing, Exchanging and Using Secret Keys Identify the problems that cryptography can address Recognize threats that apply to two communicating parties Select appropriate cryptographic solutions to mitigate these threats Describe the mechanisms behind cryptographic protocols Follow cryptographic best practices A 15-question multiple-choice exam is taken at the end of the course. Locating Cryptography Resources

10 Secure Software Development (SSD) Certificate Program REGISTER ONLINE NOW Offered in partnership with

90% of data breaches are caused by software vulnerabilities.

90% of data breaches are caused by software vulnerabilities. 90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) Certificate Program www.ce.ucf.edu/ssd Offered

More information

90% of data breaches are caused by software vulnerabilities.

90% of data breaches are caused by software vulnerabilities. 90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) Certificate Program ssd.ucf.edu Offered in partnership

More information

SECURITY EDUCATION CATALOGUE

SECURITY EDUCATION CATALOGUE SECURITY EDUCATION CATALOGUE i ii TABLE OF CONTENTS Introduction 2 Security Awareness Education 3 Security Awareness Course Catalogue 4 Security Awareness Course Builder 7 SAE Print Material 8 Secure Code

More information

elearning for Secure Application Development

elearning for Secure Application Development elearning for Secure Application Development Curriculum Application Security Awareness Series 1-2 Secure Software Development Series 2-8 Secure Architectures and Threat Modeling Series 9 Application Security

More information

Payment Card Industry (PCI) Terminal Software Security. Best Practices

Payment Card Industry (PCI) Terminal Software Security. Best Practices Payment Card Industry (PCI) Terminal Software Security Best Version 1.0 December 2014 Document Changes Date Version Description June 2014 Draft Initial July 23, 2014 Core Redesign for core and other August

More information

Passing PCI Compliance How to Address the Application Security Mandates

Passing PCI Compliance How to Address the Application Security Mandates Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These

More information

CPA SECURITY CHARACTERISTIC SECURE VOIP CLIENT

CPA SECURITY CHARACTERISTIC SECURE VOIP CLIENT 26579500 CPA SECURITY CHARACTERISTIC SECURE VOIP CLIENT Version 2.0 Crown Copyright 2013 All Rights Reserved UNCLASSIFIED Page 1 About this document This document describes the features, testing and deployment

More information

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings Computer Security Principles and Practice Second Edition William Stailings Lawrie Brown University ofnew South Wales, Australian Defence Force Academy With Contributions by Mick Bauer Security Editor,

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

Curran, K. Tutorials. Independent study (including assessment) N/A

Curran, K. Tutorials. Independent study (including assessment) N/A MODULE TITLE: MODULE CODE: Systems Security COM535 YEAR OF REVISION: 2013/14 MODULE LEVEL: 6 CREDIT POINTS: 20 MODULE STATUS: SEMESTER: 1 LOCATION: E-LEARNING: PREREQUISITE(S): CO-REQUISITE(S): MODULE

More information

EC-Council E C S P.NET. EC-Council. EC-Council Certified Secure Programmer (.NET)

EC-Council E C S P.NET. EC-Council. EC-Council Certified Secure Programmer (.NET) E C S P.NET (.NET) ECSP.NET Course Software defects, bugs, and flaws in the logic of the program are consistently the cause for software vulnerabilities. Analysis by software security professionals has

More information

TEAM Academy Catalog. 187 Ballardvale Street, Wilmington, MA 01887 +1.978.694.1008 www.securityinnovation.com

TEAM Academy Catalog. 187 Ballardvale Street, Wilmington, MA 01887 +1.978.694.1008 www.securityinnovation.com TEAM Academy Catalog 187 Ballardvale Street, Wilmington, MA 01887 +1.978.694.1008 TEAM ACADEMY OVERVIEW 2 Table of Contents TEAM Academy Overview... 4 TEAM Professor Overview... 4 Security Awareness and

More information

SAFECode Security Development Lifecycle (SDL)

SAFECode Security Development Lifecycle (SDL) SAFECode Security Development Lifecycle (SDL) Michael Howard Microsoft Matthew Coles EMC 15th Semi-annual Software Assurance Forum, September 12-16, 2011 Agenda Introduction to SAFECode Security Training

More information

WHITEPAPER. Nessus Exploit Integration

WHITEPAPER. Nessus Exploit Integration Nessus Exploit Integration v2 Tenable Network Security has committed to providing context around vulnerabilities, and correlating them to other sources, such as available exploits. We currently pull information

More information

Information Security. Training

Information Security. Training Information Security Training Importance of Information Security Training There is only one way to keep your product plans safe and that is by having a trained, aware and a conscientious workforce. - Kevin

More information

Application Security in the Software Development Lifecycle

Application Security in the Software Development Lifecycle Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO

More information

Where every interaction matters.

Where every interaction matters. Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper

More information

SENSE Security overview 2014

SENSE Security overview 2014 SENSE Security overview 2014 Abstract... 3 Overview... 4 Installation... 6 Device Control... 7 Enrolment Process... 8 Authentication... 9 Network Protection... 12 Local Storage... 13 Conclusion... 15 2

More information

Cutting Edge Practices for Secure Software Engineering

Cutting Edge Practices for Secure Software Engineering Cutting Edge Practices for Secure Software Engineering Kanchan Hans Amity Institute of Information Technology Amity University, Noida, 201301, India khans@amity.edu Abstract Security has become a high

More information

Web Application Security

Web Application Security Chapter 1 Web Application Security In this chapter: OWASP Top 10..........................................................2 General Principles to Live By.............................................. 4

More information

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses

More information

Securing Data on Microsoft SQL Server 2012

Securing Data on Microsoft SQL Server 2012 Securing Data on Microsoft SQL Server 2012 Course 55096 The goal of this two-day instructor-led course is to provide students with the database and SQL server security knowledge and skills necessary to

More information

Juniper Networks Secure

Juniper Networks Secure White Paper Juniper Networks Secure Development Lifecycle Six Practices for Improving Product Security Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3 Introduction...3

More information

FINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

FINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that

More information

DISA's Application Security and Development STIG: How OWASP Can Help You. AppSec DC November 12, 2009. The OWASP Foundation http://www.owasp.

DISA's Application Security and Development STIG: How OWASP Can Help You. AppSec DC November 12, 2009. The OWASP Foundation http://www.owasp. DISA's Application Security and Development STIG: How Can Help You AppSec DC November 12, 2009 Jason Li Senior Application Security Engineer jason.li@aspectsecurity.com The Foundation http://www.owasp.org

More information

CMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis

CMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems

More information

Making your web application. White paper - August 2014. secure

Making your web application. White paper - August 2014. secure Making your web application White paper - August 2014 secure User Acceptance Tests Test Case Execution Quality Definition Test Design Test Plan Test Case Development Table of Contents Introduction 1 Why

More information

MS-55096: Securing Data on Microsoft SQL Server 2012

MS-55096: Securing Data on Microsoft SQL Server 2012 MS-55096: Securing Data on Microsoft SQL Server 2012 Description The goal of this two-day instructor-led course is to provide students with the database and SQL server security knowledge and skills necessary

More information

Soran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification

Soran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification 1. Module Title Information Security 2. Module Code: CS403INS 3. Module Level - Forth Stage 4. Module Leader Safwan M. 5. Teaching Semester 7 and 8 Soran University Faculty of Science and Engineering Computer

More information

Software Development: The Next Security Frontier

Software Development: The Next Security Frontier James E. Molini, CISSP, CSSLP Microsoft Member, (ISC)² Advisory Board of the Americas jmolini@microsoft.com http://www.codeguard.org/blog Software Development: The Next Security Frontier De-perimiterization

More information

Network Security Course Specifications2011-2012

Network Security Course Specifications2011-2012 Assiut University Faculty of Computers & Information Department of Information Technology Quality Assurance Unit Network Security Course Specifications2011-2012 Relevant program B.Sc. in Computers and

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

What is Web Security? Motivation

What is Web Security? Motivation brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web

More information

How to Build a Trusted Application. John Dickson, CISSP

How to Build a Trusted Application. John Dickson, CISSP How to Build a Trusted Application John Dickson, CISSP Overview What is Application Security? Examples of Potential Vulnerabilities Strategies to Build Secure Apps Questions and Answers Denim Group, Ltd.

More information

WhiteHat Security White Paper. Top 11 PCI DSS 3.0 Changes That Will Affect Your Application Security Program

WhiteHat Security White Paper. Top 11 PCI DSS 3.0 Changes That Will Affect Your Application Security Program WhiteHat Security White Paper Top 11 PCI DSS 3.0 Changes That Will Affect Your Application Security Program October 2015 The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information

More information

Development Processes (Lecture outline)

Development Processes (Lecture outline) Development*Process*for*Secure* So2ware Development Processes (Lecture outline) Emphasis on building secure software as opposed to building security software Major methodologies Microsoft's Security Development

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100

Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100 Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100 Course Description: Introduction to Cybersecurity is designed to provide students the basic concepts and terminology

More information

CPA SECURITY CHARACTERISTIC TLS VPN FOR REMOTE WORKING SOFTWARE CLIENT

CPA SECURITY CHARACTERISTIC TLS VPN FOR REMOTE WORKING SOFTWARE CLIENT 29175671 CPA SECURITY CHARACTERISTIC TLS VPN FOR REMOTE WORKING SOFTWARE CLIENT Version 1.0 Crown Copyright 2013 All Rights Reserved UNCLASSIFIED Page 1 About this document This document describes the

More information

Our Security Education Curriculum PREPARED FOR ASPE TECHNOLOGY BY SI, INC. www.aspetech.com toll-free: 877-800-5221

Our Security Education Curriculum PREPARED FOR ASPE TECHNOLOGY BY SI, INC. www.aspetech.com toll-free: 877-800-5221 Our Security Education Curriculum PREPARED FOR ASPE TECHNOLOGY BY SI, INC www.aspetech.com toll-free: 877-800-5221 Security Training for Developers, Testers and Managers Security Innovation, Inc. 187 Ballardvale

More information

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top

More information

Learning Course Curriculum

Learning Course Curriculum Learning Course Curriculum Security Compass Training Learning Curriculum. Copyright 2012. Security Compass. 1 It has long been discussed that identifying and resolving software vulnerabilities at an early

More information

Developing Secure Software in the Age of Advanced Persistent Threats

Developing Secure Software in the Age of Advanced Persistent Threats Developing Secure Software in the Age of Advanced Persistent Threats ERIC BAIZE EMC Corporation DAVE MARTIN EMC Corporation Session ID: ASEC-201 Session Classification: Intermediate Our Job: Keep our Employer

More information

Adobe Systems Incorporated

Adobe Systems Incorporated Adobe Connect 9.2 Page 1 of 8 Adobe Systems Incorporated Adobe Connect 9.2 Hosted Solution June 20 th 2014 Adobe Connect 9.2 Page 2 of 8 Table of Contents Engagement Overview... 3 About Connect 9.2...

More information

PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker

PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker www.quotium.com 1/14 Summary Abstract 3 PCI DSS Statistics 4 PCI DSS Application Security 5 How Seeker Helps You Achieve PCI DSS

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 24 Windows and Windows Vista Security First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Windows and Windows Vista Security

More information

JVA-122. Secure Java Web Development

JVA-122. Secure Java Web Development JVA-122. Secure Java Web Development Version 7.0 This comprehensive course shows experienced developers of Java EE applications how to secure those applications and to apply best practices with regard

More information

CPA SECURITY CHARACTERISTIC MIKEY-SAKKE SECURE VOIP GATEWAY

CPA SECURITY CHARACTERISTIC MIKEY-SAKKE SECURE VOIP GATEWAY 3166116 CPA SECURITY CHARACTERISTIC MIKEY-SAKKE SECURE VOIP GATEWAY Version 2.0 Crown Copyright 2013 All Rights Reserved UNCLASSIFIED Page 1 MIKEY-SAKKE Secure VoIP gateway About this document This document

More information

How to achieve PCI DSS Compliance with Checkmarx Source Code Analysis

How to achieve PCI DSS Compliance with Checkmarx Source Code Analysis How to achieve PCI DSS Compliance with Checkmarx Source Code Analysis Document Scope This document aims to assist organizations comply with PCI DSS 3 when it comes to Application Security best practices.

More information

Summary of the SEED Labs For Authors and Publishers

Summary of the SEED Labs For Authors and Publishers SEED Document 1 Summary of the SEED Labs For Authors and Publishers Wenliang Du, Syracuse University To help authors reference our SEED labs in their textbooks, we have created this document, which provides

More information

The Business Case for Security Information Management

The Business Case for Security Information Management The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un

More information

IoT Security Concerns and Renesas Synergy Solutions

IoT Security Concerns and Renesas Synergy Solutions IoT Security Concerns and Renesas Synergy Solutions Simon Moore CTO - Secure Thingz Ltd Agenda Introduction to Secure.Thingz. The Relentless Attack on the Internet of Things Building protection with Renesas

More information

Why should I care about PDF application security?

Why should I care about PDF application security? Why should I care about PDF application security? What you need to know to minimize your risk Table of contents 1: Program crashes present an opportunity for attack 2: Look for software that fully uses

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control Requirements Cyber Security For Suppliers Categorised as High Cyber Risk Cyber Security Requirement Description Why this is important 1. Asset Protection and System Configuration

More information

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked. This sample report is published with prior consent of our client in view of the fact that the current release of this web application is three major releases ahead in its life cycle. Issues pointed out

More information

Network Test Labs (NTL) Software Testing Services for igaming

Network Test Labs (NTL) Software Testing Services for igaming Network Test Labs (NTL) Software Testing Services for igaming Led by committed, young and dynamic professionals with extensive expertise and experience of independent testing services, Network Test Labs

More information

Securing Data in the Cloud

Securing Data in the Cloud Securing Data in the Cloud Meeting the Challenges of Data Encryption and Key Management for Business-Critical Applications 1 Contents Protecting Data in the Cloud: Executive Summary.....................................................

More information

Development. Resilient Software. Secure and. Mark S. Merkow Lakshmikanth Raghavan. CRC Press. Taylor& Francis Croup. Taylor St Francis Group,

Development. Resilient Software. Secure and. Mark S. Merkow Lakshmikanth Raghavan. CRC Press. Taylor& Francis Croup. Taylor St Francis Group, Secure and Resilient Software Development Mark S. Merkow Lakshmikanth Raghavan CRC Press Taylor& Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor St Francis Group, an Informs

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

2015 Vulnerability Statistics Report

2015 Vulnerability Statistics Report 2015 Vulnerability Statistics Report Introduction or bugs in software may enable cyber criminals to exploit both Internet facing and internal systems. Fraud, theft (financial, identity or data) and denial-of-service

More information

CPA SECURITY CHARACTERISTIC ENTERPRISE MANAGEMENT OF DATA AT REST ENCRYPTION

CPA SECURITY CHARACTERISTIC ENTERPRISE MANAGEMENT OF DATA AT REST ENCRYPTION UNCLASSIFIED 24426399 CPA SECURITY CHARACTERISTIC ENTERPRISE MANAGEMENT OF DATA AT REST ENCRYPTION Version 1.0 Crown Copyright 2013 All Rights Reserved UNCLASSIFIED Page 1 UNCLASSIFIED Enterprise Management

More information

W ith an estimated 14 billion devices connected to

W ith an estimated 14 billion devices connected to Renesas Synergy Security Portfolio Delivers Comprehensive Protection from Industrial and IoT Threats Advanced capabilities give developers tools to counter attacks W ith an estimated 14 billion devices

More information

CSUSB Web Application Security Standard CSUSB, Information Security & Emerging Technologies Office

CSUSB Web Application Security Standard CSUSB, Information Security & Emerging Technologies Office CSUSB, Information Security & Emerging Technologies Office Last Revised: 03/17/2015 Draft REVISION CONTROL Document Title: Author: File Reference: CSUSB Web Application Security Standard Javier Torner

More information

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you

More information

Security Implications Associated with Mass Notification Systems

Security Implications Associated with Mass Notification Systems Security Implications Associated with Mass Notification Systems Overview Cyber infrastructure: Includes electronic information and communications systems and services and the information contained in these

More information

Strategic Plan On-Demand Services April 2, 2015

Strategic Plan On-Demand Services April 2, 2015 Strategic Plan On-Demand Services April 2, 2015 1 GDCS eliminates the fears and delays that accompany trying to run an organization in an unsecured environment, and ensures that our customers focus on

More information

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Using etoken for SSL Web Authentication. SSL V3.0 Overview Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents

More information

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency logo The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency Understanding the Multiple Levels of Security Built Into the Panoptix Solution Published: October 2011

More information

OWASP Top Ten Tools and Tactics

OWASP Top Ten Tools and Tactics OWASP Top Ten Tools and Tactics Russ McRee Copyright 2012 HolisticInfoSec.org SANSFIRE 2012 10 JULY Welcome Manager, Security Analytics for Microsoft Online Services Security & Compliance Writer (toolsmith),

More information

05.0 Application Development

05.0 Application Development Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development

More information

Web application testing

Web application testing CL-WTS Web application testing Classroom 2 days Testing plays a very important role in ensuring security and robustness of web applications. Various approaches from high level auditing through penetration

More information

Security Innovation Application Security Education Curriculum. Courses to Help Build and Deploy more Secure Software and Information Systems

Security Innovation Application Security Education Curriculum. Courses to Help Build and Deploy more Secure Software and Information Systems Security Innovation Application Security Education Curriculum Courses to Help Build and Deploy more Secure Software and Information Systems Table of Contents 1.0 Security Education Curriculum Map... 3

More information

OWASP Mobile Top Ten 2014 Meet the New Addition

OWASP Mobile Top Ten 2014 Meet the New Addition OWASP Mobile Top Ten 2014 Meet the New Addition Agenda OWASP Mobile Top Ten 2014 Lack of Binary Protections added Why is Binary Protection important? What Risks Need to be Mitigated? Where to Go For Further

More information

Threat Modeling. Frank Piessens (Frank.Piessens@cs.kuleuven.be ) KATHOLIEKE UNIVERSITEIT LEUVEN

Threat Modeling. Frank Piessens (Frank.Piessens@cs.kuleuven.be ) KATHOLIEKE UNIVERSITEIT LEUVEN Threat Modeling Frank Piessens (Frank.Piessens@cs.kuleuven.be ) Secappdev 2007 1 Overview Introduction Key Concepts Threats, Vulnerabilities, Countermeasures Example Microsoft s Threat Modeling Process

More information

Programming Flaws and How to Fix Them

Programming Flaws and How to Fix Them 19 ö Programming Flaws and How to Fix Them MICHAEL HOWARD DAVID LEBLANC JOHN VIEGA McGraw-Hill /Osborne New York Chicago San Francisco Lisbon London Madrid Mexico City- Milan New Delhi San Juan Seoul Singapore

More information

Website Security: How to Avoid a Website Breach. Jeff Bell, CISSP, CPHIMS, ACHE Director, IT Security and Risk Services CareTech Solutions

Website Security: How to Avoid a Website Breach. Jeff Bell, CISSP, CPHIMS, ACHE Director, IT Security and Risk Services CareTech Solutions Website Security: How to Avoid a Website Breach Jeff Bell, CISSP, CPHIMS, ACHE Director, IT Security and Risk Services CareTech Solutions www.caretech.com > 877.700.8324 An enterprise s website is now

More information

Understanding and evaluating risk to information assets in your software projects

Understanding and evaluating risk to information assets in your software projects Understanding and evaluating risk to information assets in your software projects ugh.. what a mouthful Dana Epp Windows Security MVP Who am I? Microsoft Windows Security MVP Information Security Professional

More information

Data Security Concerns for the Electric Grid

Data Security Concerns for the Electric Grid Data Security Concerns for the Electric Grid Data Security Concerns for the Electric Grid The U.S. power grid infrastructure is a vital component of modern society and commerce, and represents a critical

More information

Seven Practical Steps to Delivering More Secure Software. January 2011

Seven Practical Steps to Delivering More Secure Software. January 2011 Seven Practical Steps to Delivering More Secure Software January 2011 Table of Contents Actions You Can Take Today 3 Delivering More Secure Code: The Seven Steps 4 Step 1: Quick Evaluation and Plan 5 Step

More information

Fortify. Securing Your Entire Software Portfolio

Fortify. Securing Your Entire Software Portfolio Fortify 360 Securing Your Entire Software Portfolio Fortify Fortify s holistic approach to application security truly safeguards our enterprise against today s ever-changing security threats. Craig Schumard,

More information

VOLUME 3. State of Software Security Report. The Intractable Problem of Insecure Software

VOLUME 3. State of Software Security Report. The Intractable Problem of Insecure Software VOLUME 3 State of Software Security Report The Intractable Problem of Insecure Software Executive Summary April 19, 2011 Executive Summary The following are some of the most significant findings in the

More information

CPA SECURITY CHARACTERISTIC IPSEC VPN FOR REMOTE WORKING SOFTWARE CLIENT

CPA SECURITY CHARACTERISTIC IPSEC VPN FOR REMOTE WORKING SOFTWARE CLIENT 24419250 CPA SECURITY CHARACTERISTIC IPSEC VPN FOR REMOTE WORKING SOFTWARE CLIENT Version 2.1 Crown Copyright 2013 All Rights Reserved UNCLASSIFIED Page 1 About this document This document describes the

More information

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001 001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110

More information

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations. Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 0 Reader s s Guide The art of war teaches us to rely

More information

Web Application Security Considerations

Web Application Security Considerations Web Application Security Considerations Eric Peele, Kevin Gainey International Field Directors & Technology Conference 2006 May 21 24, 2006 RTI International is a trade name of Research Triangle Institute

More information

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing Introduction ManTech Project Manager Mark Shaw, Senior Executive Director Cyber Security Solutions Division

More information

Developing Secure Web Applications

Developing Secure Web Applications Developing Secure Web Applications Elements of this syllabus are subject to change. Key Data Course #: 2300 Number of Days: 3 Format: Instructor-Led Certification Exams: None Certification Track: MCSD

More information

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui School of Engineering and Computer Science Te Kura Mātai Pūkaha, Pūrorohiko PO Box 600 Wellington New Zealand Tel: +64 4 463

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

Certification Report

Certification Report Certification Report EAL 4 Evaluation of SecureDoc Disk Encryption Version 4.3C Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification

More information

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013 2013 PASTA Abstract Process for Attack S imulation & Threat Assessment Abstract VerSprite, LLC Copyright 2013 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

More information

Application Code Development Standards

Application Code Development Standards Application Code Development Standards Overview This document is intended to provide guidance to campus system owners and software developers regarding secure software engineering practices. These standards

More information

An ICS Whitepaper Choosing the Right Security Assessment

An ICS Whitepaper Choosing the Right Security Assessment Security Assessment Navigating the various types of Security Assessments and selecting an IT security service provider can be a daunting task; however, it does not have to be. Understanding the available

More information

Complete Web Application Security. Phase1-Building Web Application Security into Your Development Process

Complete Web Application Security. Phase1-Building Web Application Security into Your Development Process Complete Web Application Security Phase1-Building Web Application Security into Your Development Process Table of Contents Introduction 3 Thinking of security as a process 4 The Development Life Cycle

More information

8070.S000 Application Security

8070.S000 Application Security 8070.S000 Application Security Last Revised: 02/26/15 Final 02/26/15 REVISION CONTROL Document Title: Author: File Reference: Application Security Information Security 8070.S000_Application_Security.docx

More information

SAST, DAST and Vulnerability Assessments, 1+1+1 = 4

SAST, DAST and Vulnerability Assessments, 1+1+1 = 4 SAST, DAST and Vulnerability Assessments, 1+1+1 = 4 Gordon MacKay Digital Defense, Inc. Chris Wysopal Veracode Session ID: Session Classification: ASEC-W25 Intermediate AGENDA Risk Management Challenges

More information

Course Descriptions November 2014

Course Descriptions November 2014 Master of Science In Information Security Management Course Descriptions November 2014 Master of Science in Information Security Management The Master of Science in Information Security Management (MSISM)

More information

Threat Modelling for Web Application Deployment. Ivan Ristic ivanr@webkreator.com (Thinking Stone)

Threat Modelling for Web Application Deployment. Ivan Ristic ivanr@webkreator.com (Thinking Stone) Threat Modelling for Web Application Deployment Ivan Ristic ivanr@webkreator.com (Thinking Stone) Talk Overview 1. Introducing Threat Modelling 2. Real-world Example 3. Questions Who Am I? Developer /

More information

PND at a glance: The World s Premier Online Practical Network Defense course. Self-paced, online, flexible access

PND at a glance: The World s Premier Online Practical Network Defense course. Self-paced, online, flexible access The World s Premier Online Practical Network Defense course PND at a glance: Self-paced, online, flexible access 1500+ interactive slides (PDF, HTML5 and Flash) 7+ hours of video material 10 virtual labs

More information

The Security Development Lifecycle. OWASP 24 June 2010. The OWASP Foundation http://www.owasp.org

The Security Development Lifecycle. OWASP 24 June 2010. The OWASP Foundation http://www.owasp.org The Security Development Lifecycle 24 June 2010 Steve Lipner Senior Director of Security Engineering Strategy Trustworthy Computing Microsoft Corporation SLipner@microsoft.com +1 425 705-5082 Copyright

More information