Course Outline

Module 1: Introduction to Software Security
• Course overview.
• Course objectives.
• Introduction.
• Why care about software security.
• Application threats.
• Common vulnerabilities.
• Definitions of software security.
• Secure coding fundamentals.

Module 2: Common Web Application Risks (OWASP Top 10)

• A1 - Injection.
1. SQL Injection.
2. OS/Command Injection.
3. LDAP Injection.

• A2 - Broken Authentication and Session Management.
1. A3 - Cross-Site Scripting (XSS).
2. A4 - Insecure Direct Object References.
3. A5 - Security Misconfiguration.
4. A6 - Sensitive Data Exposure.
5. Data at Rest.
6. Data in Transit.
7. A7 - Missing Function Level Access Control.

Module 3: Demo Web Application Penetration
• Videos.
• Vulnerability penetration demo.

Module 4: Data Validation
• Input validation.
• Server vs. Client side validation.
• Whitelisting vs. blacklisting
• Output encoding and escaping
• Parameterized queries
• Using frameworks and APIs
• Microsoft Web Protection Library
• Java Regex.
• OWASP ESAPI validators.

Module 5: Authentication
• Basic vs. forms based Authentication.
• Authentication Policies.
• Authorization and permissions.

Module 6: Session Management
• Protecting session IDs.
• Session Hijacking.
• Session Fixation.

Module 7: Secure SDLC
• Overview.
• Secure software development lifecycle.
• A Secure Process.
• Manager’s point of view.
• Developer’s point of view.
• Consumer expectations.
• Business responsibility.
• Phases of development lifecycle.

Requirements

• Knowledge of a Programming language (JAVA, .NET, PHP).
• Knowledge of Web technology.
• Knowledge of Database Management Systems. (Oracle, MySQL, MSSQL)

  21 Hours

Testimonials (3)

Related Courses

Related Categories