90% of data breaches are caused by software vulnerabilities.

Similar documents
90% of data breaches are caused by software vulnerabilities.

90% of data breaches are caused by software vulnerabilities.

elearning for Secure Application Development

Where every interaction matters.

90% of data breaches are caused by software vulnerabilities.

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

TEAM Academy Catalog. 187 Ballardvale Street, Wilmington, MA

FINAL DoIT v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

Web application testing

Enterprise Application Security Workshop Series

WhiteHat Security White Paper. Top 11 PCI DSS 3.0 Changes That Will Affect Your Application Security Program

Development Processes (Lecture outline)

Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

Development. Resilient Software. Secure and. Mark S. Merkow Lakshmikanth Raghavan. CRC Press. Taylor& Francis Croup. Taylor St Francis Group,

Attack Vector Detail Report Atlassian

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

OWASP Top Ten Tools and Tactics

ASP.NET MVC Secure Coding 4-Day hands on Course. Course Syllabus

SECURITY EDUCATION CATALOGUE

Excellence Doesn t Need a Certificate. Be an. Believe in You AMIGOSEC Consulting Private Limited

Testing the OWASP Top 10 Security Issues

WHITE PAPER FORTIWEB WEB APPLICATION FIREWALL. Ensuring Compliance for PCI DSS 6.5 and 6.6

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

Essential IT Security Testing

Web Application Penetration Testing

Learning Course Curriculum

White Paper. Guide to PCI Application Security Compliance for Merchants and Service Providers

OWASP Mobile Top Ten 2014 Meet the New Addition

Web Application Report

How to achieve PCI DSS Compliance with Checkmarx Source Code Analysis

WEB SITE SECURITY. Jeff Aliber Verizon Digital Media Services

Chapter 1 Web Application (In)security 1

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Cloud Security:Threats & Mitgations

Integrating Security Testing into Quality Control

Overview of the Penetration Test Implementation and Service. Peter Kanters

How to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP

Strategic Information Security. Attacking and Defending Web Services

College Training Program

Bad Romance: Three Reasons Hackers <3 Your Web Apps & How to Break Them Up

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

DFW INTERNATIONAL AIRPORT STANDARD OPERATING PROCEDURE (SOP)

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

Making your web application. White paper - August secure

Web Hacking Incidents Revealed: Trends, Stats and How to Defend. Ryan Barnett Senior Security Researcher SpiderLabs Research

Comprehensive Security for Internet-of-Things Devices With ARM TrustZone

Passing PCI Compliance How to Address the Application Security Mandates

Detecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008

From the Bottom to the Top: The Evolution of Application Monitoring

THE HACKERS NEXT TARGET

APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK

Web App Security Audit Services

Sitefinity Security and Best Practices

Barracuda Web Site Firewall Ensures PCI DSS Compliance

SERENA SOFTWARE Serena Service Manager Security

Programming Flaws and How to Fix Them

Magento Security and Vulnerabilities. Roman Stepanov

Spigit, Inc. Web Application Vulnerability Assessment/Penetration Test. Prepared By: Accuvant LABS

WHITE PAPER. FortiWeb Web Application Firewall Ensuring Compliance for PCI DSS 6.5 and 6.6

05.0 Application Development

Mobile Application Security. Helping Organizations Develop a Secure and Effective Mobile Application Security Program

Reducing Application Vulnerabilities by Security Engineering

Mobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus

Secure Web Application Coding Team Introductory Meeting December 1, :00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda

Annex B - Content Management System (CMS) Qualifying Procedure

Web Application Security

ELEARNING COURSE CATALOG

Network Test Labs (NTL) Software Testing Services for igaming

Securing Enterprise Web Applications at the Source: An Application Security Perspective

IJMIE Volume 2, Issue 9 ISSN:

Adobe Systems Incorporated

Web applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

Information Security. Training

Application Security Testing

Six Essential Elements of Web Application Security. Cost Effective Strategies for Defending Your Business

8070.S000 Application Security

ISSECO Syllabus Public Version v1.0

PCI Security Standards Council

Introduction to Web Application Security. Microsoft CSO Roundtable Houston, TX. September 13 th, 2006

Pentests more than just using the proper tools

Pentests more than just using the proper tools

Security Testing and Vulnerability Management Process. e-governance

MANAGED SECURITY TESTING

Web Application Security Assessment and Vulnerability Mitigation Tests

Workday Mobile Security FAQ

Cloud Security Framework (CSF): Gap Analysis & Roadmap

ASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION

(WAPT) Web Application Penetration Testing

The Top Web Application Attacks: Are you vulnerable?

Columbia University Web Security Standards and Practices. Objective and Scope

Table of Contents. Application Vulnerability Trends Report Introduction. 99% of Tested Applications Have Vulnerabilities

Designing and Coding Secure Systems

Penta Security 3rd Generation Web Application Firewall No Signature Required.

Web Application Security Considerations

Mean Time to Fix (MTTF) IT Risk s Dirty Little Secret Joe Krull, CPP, CISSP, IAM, CISA, A.Inst.ISP, CRISC, CIPP

Creating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011

Transcription:

90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with

Secure Software Development (SSD) Certificate Program Benefits Individuals Be a real influencer in CyberSecurity Learn skills that increase your marketability Take courses at your convenience Earn CPE/CEU credits Corporations Secure mission critical applications Reduce IT and data risk Comply with mandates for security training Demonstrate commitment to customers An SSD certificate is highly-regarded because it addresses the root cause of data breaches application layer vulnerabilities. The knowledge attained is not general purpose; it is specialized and critical to thwarting cybercrime. The SSD Certificate Program provides assurance that an individual has demonstrated mastery of real-world software security skills. The knowledge and techniques learned in this certificate program is based on and developed by experts in application security field - and offer both defensive techniques as well as awareness as to how a hacker will attack software applications. Certificate Course Work Course hours: 8 Creating Secure Code - C C++ Foundations OR Creating Secure Code JRE Foundations OR Understanding Secure Code for.net 4.0 Architecture Risk Analysis How to Create an Application Security Threat Model Attack Surface Analysis & Reduction Choice: How to test for the OWASP top Ten or Classes of Security Defects Choice: Creating Secure Code iphone Foundations OR Creating Secure Code Android Foundations About UCF Second largest university in the nation Top 10 among U.S. universities for the power and impact of its patents Ranked fifth, Top Up-andcoming national university by U.S. News & World Report UCF Stands for Opportunity

Creating Secure Code C/C++ Foundations This course will provide an overview of the threat modeling process and describe the ways to collect information for your application, build the activity-matrix and threat profile, and analyze risks. It will also teach you the nine defensive coding principles and how to use these principles to prevent common security vulnerabilities. Threat Modeling After completing this module, you will be able to: Identify threats proactively Create threat trees for your components Use threat trees to find vulnerabilities Classify vulnerabilities Perform risk analysis and prioritize security fixes. Defensive Coding Principles This module provides an overview of nine defensive coding principles that can be used in any programming language. After completing this module, you will be able to: List the time-tested defensive coding principles Use the coding principles to prevent common security vulnerabilities Perform threat modeling to identify vulnerabilities and analyze risks Leverage time-tested defensive coding principles to design and develop secure applications

Creating Secure Code JRE Foundations In this course, you will learn to recognize and remediate common Java Web software security vulnerabilities. This course has three modules, which introduce you to these vulnerabilities and help you to identify and remediate them. Common Java Web Software Security Vulnerabilities: Part 1 This module covers common vulnerabilities, including data leakage, and client or server protocol manipulation attacks. These attacks evade code reviews and test teams, including decisions based on a referrer tags, information disclosure, and failure to validate user input. You will learn what these vulnerabilities look like in code and see how you can fix them. After completing this module, you will be able to recognize and mitigate common Java Web software security vulnerabilities. Common Java Web Software Security Vulnerabilities: Part 2 This module will cover: Injection Attacks: o SQL Injection o Cross-site Scripting (XSS) Common Java Web Software Security Vulnerabilities: Part 3 This module will cover: Exploiting Authentication: o Session Hijacking o Session Fixation o Cross-site Request Forgery (CSRF)

Understanding Secure Code -.NET 4.0 This course describes.net security features, including concepts such as Code Access Security (CAS) and.net cryptographic technologies. It also provides secure coding best practices that will enable you to build more secure applications in.net. Explaining.NET Security Features In order to build secure applications in.net, it is important that you first understand the.net Framework and the security features it offers. This module provides you with the knowledge you need to understand the foundation of.net, the CLR s native security infrastructure (Code Access Security), cryptographic technologies, and the ASP.NET security infrastructure. After completing this module participants will be able to: Describe the Origins and Impact of Web vulnerabilities Recognize the dangers of ActiveX control misuse Recognize the dangers of cross-site scripting, canonicalization, SQL Injection, HTTP response splitting, and cross-site request forgery vulnerabilities Applying.NET Secure Coding Best Practices This module introduces several protections and best practices which if implemented properly, help mitigate the risk of web vulnerabilities in applications. Topics covered include the limitations of common mitigations, truly effective mitigations such as allow lists and frame restrictions, and SDL requirements aimed at mitigating Web vulnerabilities. After completing this module you will be able to: Recognize the limitations of common mitigations for Web vulnerabilities Recognize effective mitigations for Web vulnerabilities Recognize the SDL requirements aimed at mitigating Web vulnerabilities Identify the differences between managed and un-managed code Recognize the interactions between Windows access control and CAS Describe how cryptography is handled in.net Recognize the main aspects of ASP.NET security and security improvements brought by.net 2.0 Avoid common.net security pitfalls Write defensive code that protects your application from common threats Recognize when code is required to be reviewed for security vulnerabilities

Architecture Risk Analysis & Remediation Extract architecture views of a software system suitable for security analysis Apply a number of complementary techniques to find security vulnerabilities that cannot be easily discovered through tools This course defines concepts, methods, and techniques for analyzing the architecture and design of a software system for security flaws. Special attention is given to analysis of security issues in existing applications; however, the principles and techniques are applicable to systems under development. You will be shown various analyses that enable effective architecture risk analysis including accurately capturing application architecture, threat modeling with attack trees, attack pattern analysis, and enumeration of trust boundaries. Weigh the comparative impact of design-level security Apply techniques and methodologies to model threats, trust, and data sensitivity Build abuse cases and use them to explore how your software might be attacked Integrate Architecture Risk Analysis with the management of security knowledge in your organization A multiple-choice exam is taken at the end of the course.

Creating an Application Security Threat Model This course introduces the technique of Threat Modeling, its primary goals, and its role within software development. Once you are familiar with the concepts behind Threat Modeling, the entire Threat Modeling process is demonstrated giving you the knowledge you need to apply Threat Modeling to your own products and design/develop more secure code. Defining Threat Modeling This module equips you with the necessary information to help you understand the importance of Threat Modeling and the role it plays in identifying and mitigating threats. After completing this module you will be able to: Identify the goals of Threat Modeling Recognize the relation between Threat Modeling and the SDL Identify the roles involved in the Threat Modeling process Understand what and when to Threat Model Applying the Threat Modeling Process This module identifies in detail each step in the Threat Modeling process, outlines each step s purpose, and demonstrates the procedure to follow in order to apply each step. This module includes a lab to help you apply what you have learned in a real-world scenario. After completing this module you will be able to: Describe the application using diagrams Identify Threat Types by using STRIDE Identify appropriate mitigation techniques Recognize the role of the Threat Model document Understand the various threat modeling tools available to you Identify the goals of Threat Modeling and the corresponding SDL requirements Identify the roles and responsibilities involved in the Threat Modeling process Use the Threat Modeling process to accurately identify, mitigate, and validate threats Leverage various tools that help with Threat Modeling

Attack Surface Analysis & Reduction Define attack surface of an application Learn how to reduce application risk by reducing the attack surface Your system s attack surface represents the number of entry points you expose to a potential attacker - for example, user interfaces, Web services, database access, and so on. Fewer entry points means less chance of an attacker finding a vulnerability in your code. Therefore, it is important that you understand what an attack surface is and then see how you can measure and reduce the attack surface of your application. Understanding Attack Surface This module provides details that help you understand the attack surface of an application. After you understand how an attack surface affects application risk, you use the attack surface reduction goals to minimize the attack surface of your application. After completing this module, you will be able to: Describe what an attack surface is Understand how the attack surface impacts application risk Measuring and Reducing Attack Surface This module discusses the common metrics you can use, including attack surface, to measure application security. Measuring the attack surface of an application helps you measure the relative risk and its trends. This module also discusses best practices that you can use to reduce the attack surface of your application. Reducing the attack surface helps you reduce the possibility of undiscovered vulnerabilities that can impact the security of your application. After completing this module, you will be able to measure and reduce the attack surface of your application.

How to Test for the OWASP Top Ten The Open Web Application Security Project (OWASP) Top Ten is a listing of critical security flaws found in web applications. Organizations that address these flaws greatly reduce the risk of a web application being compromised, and testing for these flaws is a requirement of the Payment Card Industry Standards (PCI-DSS) as well as other regulatory bodies. This course explains how these flaws occur and provides testing strategies to identify the flaws in web applications. Testing OWASP Top 10: Part 1 Topics covered in this module: A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) Testing OWASP Top 10: Part 2 Topics covered in this module: A6: Security Misconfiguration A7: Insecure Cryptographic Storage A8: Failure to Restrict URL Access A9: Insufficient Transport Layer Protection A10: Unvalidated Redirects and Forwards Determine if a web application is vulnerable to the top five security vulnerabilities identified in the OWASP Top 10 list. Determine if a web application is vulnerable to the last five security vulnerabilities identified in the OWASP Top 10 list. Explain how to protect the application against these security vulnerabilities

Classes of Security Defects Understand and outline the common classes of security defects Recognize the potential impact that common security defects can have Identify the programming errors that are responsible for common security defects Apply coding best practices in order to avoid common security vulnerabilities Find common security defects in an application s source code Map common security defects with specific technologies Test software in order to detect common security bugs Locate additional resources on common security defects This course equips you with the knowledge you need to create a robust defense against common security defects. You will learn why and how security defects are introduced into software, and will be presented with common classes of attacks, which will be discussed in detail. Along with examples of real life security bugs, you will be shown techniques and best practices that will enable you and your team to identify, eliminate, and mitigate each class of security defects. Additional mitigation techniques and technologies are described for each class of security defect. Classes of Security Defects This module presents the underlying root causes of security defects, explains the difference between functional and security bugs, and describes the inherent insecure nature of software. Defending against Common Security Defects This module offers best practice tips for defending against common security defects such as: buffer and integer overflows format string problems integer overflow SQL and command injection improper error handling cross-site scripting unprotected network traffic lack of server-side authorization poor usability weak authentication and data protection information leakage improper file access spoofing race conditions unauthenticated key exchange weak random number generation improper use of SSL and TLS

Creating Secure Code - iphone Foundations In this 1-hour course, you will learn to develop and deploy secure iphone applications by leveraging Apple s security services and following web application secure coding best practices. iphone Application Vulnerabilities iphone security breaches are a growing problem with serious financial consequences, particularly when those breaches affect enterprise networks. Many iphone application security vulnerabilities are fundamentally the same as those of other applications. iphone attack vectors include web-based malware, SQL injection, session hijacking, theft of data at rest and in transit, and jailbreaking. Your development strategy for protecting your applications should include data encryption, access control, code signing, itunes store validation, sandboxing, and securing network connections. This module helps you understand iphone security vulnerabilities, attack vectors, and the costs associated with security breaches. Additionally, this module covers each type of vulnerability, its root cause, and the best method for protection. Applie ios and SDK Developer Security Tools In this module, we will discuss all of the ios security services available to iphone application developers. You will learn how to use each of these components to protect against the attacks covered in Module one. The ios security services discussed in this module include encryption, isolation, secure connection, input validation, and authentication. Identify iphone application security risks and the costs associated with a successful attack Explain the role of Apple ios and SDK tools in providing security to iphone applications Protect sensitive data from theft or compromise, both at rest and in transit Integrate secure coding best practices into your C and Objective-C iphone applications iphone Secure Development Best Practices This module provides language- and tool-specific instruction on how to integrate Apple security services into your own secure coding best practices to fully protect against all major vulnerabilities.

Creating Secure Code - Android Foundations Identify common security issues and attack vectors in Android applications Identify security features of the Android OS, SDK, and NDK Identify applicationbased permissions, data protection methods, and code signing, packaging, and updating techniques used to secure Android applications Identify best practices for securely developing Android applications and protecting sensitive data This 90-minute course will help you develop secure Android applications by applying Android-specific secure development best practices and techniques. The course emphasizes key Android security features that can help you prevent common application vulnerabilities. Android Application Vulnerabilities One reason for the enormous popularity of Android phones is the wide variety and number of applications being published each year. Because Android provides an open development platform, and developers have full access to APIs and frameworks, there are far fewer constraints on how developers create their applications than in competing environments, such as Apple s ios. However, the open platform and the freedom developers have also increases the number of potential vulnerabilities. This module gives you an overview of Android application security and various risks associated with the platform. Security Features of the Android OS, SDL, and NDK In this module, you will learn how to integrate security services of Android s Linux kernel, SDK, and hardware into your application. Android Secure Development Best Practices In this module, you will learn how to protect your Android application by following secure coding best practices.

Secure Software Development (SSD) Certificate Program REGISTER ONLINE NOW www.ce.ucf.edu/ssd 866-232-5834 Offered in partnership with

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information