Center for Qualified CyberSecurity Excellence & Mastery

Get Q/ualified!

5-Day Fundamentals of Secure Software Programming

New Rules for Writing Secure Software

Everyone, whether they write protocols or internal processes is responsible for using secure coding techniques to minimize the adverse effects of attacks, whether those attacks are intentional or accidental. In this 5 day class you will learn if a process deep in the lines crashes because it receives bad data or because a resource that should have been there was not, it still causes a crash and reduces the availability.

Committee on National Security SystemsSecure software coding is the process of reducing the susceptibility of software to vulnerabilities either intentional or unintentional. It includes items that are classed as defensive in nature (e.g. checking error return codes before using handles and other data structures that should have been created, or protecting against using a pointer after it has been released). It also includes items that may be more normally associated with cryptographic procedures (e,g. random number generation, encryption algorithms, etc.).

This class is GREAT for you entire team and BEST TAKEN in our 5-day BOOTCAMP delivery - Just $2,995!

Q/SSE ® Qualified SW Security Expert 5-Day Bootcamp
Q/SSP ® Qualified SW Security Penetration Tester
SW Testing Onsite Bootcamp
How to Break & FIX Web Applications
How to Break and FIX Software
Fundamentals of Secure Software Programming
Q/SSH ® Qualified SW Security Hacker
Q/SSBT ® Qualified SW Security Testing Best Practices
Introduction to Reverse Engineering

Class Fee: $2,995
Time: 7;45 am - 5pm
Location: Click here to view the class schedule
Learning Level: Intermediate
CPE Credits: 40
Prerequisites: Understanding of TCP/IP protocols

Method of Delivery - Residential On Ground
Method of Evaluation: 1. 95 % attendance 2. 100 % completion of Lab
Grading: Pass = 95% Attendance and 100% Completion of Labs and Practical
Fail => 95% Attendance and > 100% Completion of Labs and Practical
Learning Level: Programmer - Intermediate Who Should Attend

Software testers, software developers, development and test managers, security auditors and anyone involved in software production for resale or internal use will find it valuable. Information Security and IT managers; Information Assurance Programmers; Information Security Analysts and Consultants; Internal Auditors and Audit Consultants; QA Specialists.

What Is CWE? Want more info on CWE?

Targeted to developers and security practitioners, CWE is a formal list of software weaknesses, idiosyncrasies, faults, and flaws created to:

•  Serve as a common language for describing the source code, software design, or software architecture causes of software security vulnerabilities.
•  Serve as a standard measuring stick for software security tools targeting these issues.
•  Provide a common baseline standard for identification, mitigation, and prevention of these weaknesses.

Click here for: What is CWE? PDF

I.  Introduction to Software Security

Common Software Coding and Design Errors and Flaws
Students will learn about the range of software development errors and flaws that create application security, reliability, availability and confidentiality failures. Specifically in this section we will deal with those vulnerabilities that are common across language implementations (C, C++ and Java). For each vulnerability type, the course will cover real-world examples illustrated in code - of failures along with methods to find, fix and prevent each type of flaw.

System-Level

Data Issues

Information Disclosure

On the Wire

Tools

II.  Web Vulnerabilities .   The web is different. We will address common web vulnerabilities, how to find them, how to prevent them. OWASP Top Ten Overview

Web sites

III.  Defensive Coding Principles

This section is designed to educate developers and testers on the general principles of secure coding. This includes a historical perspective on software failure, when good design goes bad, and 18 defensive coding principles to live by.

IV.  Security Testing and Quality Assurance

This includes the difference between functional and security testing, understanding and application's entry points, and spotting three classes of security bugs: dangerous inputs, rigged environment and logic vulnerabilities.

Each section will have an in depth hands on lab

PART B

Gathering information on the target

Attacking the client

A attacking State

Attacking Data

Attacking the server

Web Services

Privacy

Tool support

Hands-on lab attacking a site full of vulnerabilities

PART C

Live vulnerability and exploit tour! This is the core of the class. In this section, attendees will go through a wide range of software vulnerabilities and labs to show sample exploits of these vulnerabilities live. Labs include: cross-site scripting, SQL injection, buffer overflows, format string vulnerabilities, and many others software vulnerabilities. Attendees gain awareness and key insights into these vulnerability type, the ease with which the attacker community can exploit them and what to do to prevent these critical attacks.

Tools and Threats.   The threat is growing and so is the number of tools that lower the bar for attackers. This section takes the attendees inside the underground world of the attacker tools.

Thinking Like the Attacker: Threat Modeling.  A critical step in securing software or system is to methodically think through threats. In this section we present several techniques for threat modeling and also walk the audience through the process of modeling threats against several systems.

Incorporating Threats Into Software/System Design, Development, Testing and Deployment. By thinking about threats at each stage of the development lifecycle, we can make software and systems that are more resilient to attack. Attendees will walk away with an introduction to tools and techniques to build security in.

We sneak in Reverse Engineering too!

*Class fees are subject to change

View Class Schedule