Let us help you find the training program you are looking for.

If you can't find what you are looking for, contact us, we'll help you find it. We have over 800 training programs to choose from.


Course Skill Level:

Foundational to Intermediate

Course Duration:

3 day/s

  • Course Delivery Format:

    Live, instructor-led.

  • Course Category:

    Security & Cybersecurity

  • Course Code:


Who should attend & recommended skills:

Developers, team leads, project managers

Who should attend & recommended skills

  • Developers, team leads, project managers
  • Cybersecurity awareness: Recommended
  • Comfortable developing code in the target environment

About this course

This course will teach secure coding practices.

Skills acquired & topics covered

  • Threat modeling
  • Common attacks
  • Secure design
  • Countermeasures
  • Modern security frameworks
  • Authorization and Authentication
  • Session security
  • Framework architecture
  • Securing the runtime environment
  • Security future
  • Problem
  • Solution

Course breakdown / modules

  • STRIDE attack classification
  • Security terminology
  • Threat modeling
  • CVSS attack assessment
  • Labs on threat modeling

  • Cross site scripting
  • Malicious file execution
  • Session hijacking
  • Encryption
  • Unsecured direct object reference
  • Failure to authorize/hidden URLs

  • Layered design concepts
  • Object layer
  • Persistence layer
  • Presentation layer

  • Validation
  • Validation controls
  • Strong typing
  • Regular expressions
  • White list
  • Scrubbing
  • Black list
  • Encoding
  • Honey pots
  • Avoiding SQL injection
  • Parametrizing queries/Prepared statements
  • Stored procedures
  • Entity Frameworks/Hibernate
  • Avoiding cross site request forgeries

  • Introduction to modern frameworksVault
  • Consul
  • Anthos
  • Modern security design patternsDynamic secrets
  • Automatic credential rotation
  • Cubbyhole response wrapping
  • Encryption as a service
  • Where to go from here

  • .NET authentication
  • Basic Digest
  • Forms
  • Windows authentication
  • JAAS and other Java authentication services
  • Authorization
  • Password security
  • Brute force attacks
  • Password resets
  • Secret questions/answers

  • Session IDs
  • Policies
  • Hijacking/Fixation Attacks

  • Threading
  • Privileges
  • Audits/Logs
  • Secure coding
  • Encryption services
  • Static code analysis

  • .NET
  • Code Access
  • GAC
  • Strong named assemblies
  • CLR
  • Security Zones
  • Permissions
  • Security policy

  • Zero-trust networks
  • Artificial intelligence
  • Appendix – Background

  • Security of software systems is becoming more and more important and visible in the public eye. Meanwhile, there is a basic imbalance between the attackers (hackers) and defenders (software developers). That is, hackers get immediate reward for their breach they effect and the damage the cause. By contracts, defenders get the blame when they are hacked and no mention when they are not.
  • Our system addresses this and changes the balance, ultimately resulting in more secure software systems.

  • (Pat. Pend.) IMPACT
  • Breaking the developers into two teams: blue (defenders) and red (attackers)
  • Recording the results of the attacker’s actions
  • Recording the successes of the defenders in stopping the attackers and their failures
  • Periodically update the scoreboard of the defenders thus proving positive reinforcement for their actions
  • The IMPACT system records the above data as logs. It is built on logging frameworks and well-known open source tools for log generation. It uses NoSQL databases to store the log data and Big Data analytics tools such as Spark generate the scoreboards.

Upcoming Training Sessions

no posts found