Analyzing Security of applications must be the topmost priority of any organization dealing with critical data. Four major techniques for application security analysis include - automated scanning, static analysis, manual penetration testing and manual code review. This training program focuses on manual code review technique.
Course Objectives :
- Code Audit Guide History.
- Security Code Review Coverage.
- Code Review Metrics.
- Application Threat Modeling.
- Crawling code and Security Code Review in the SDLC
- PCI DSS and Code review.
- Audit by technical control: Authentication.
- Audit by technical control: Error Handling, Authorization, Secure application deployment, Input Validation, Cryptographic controls, and Session Management.
- Audit Code for Buffer Overflows and Overruns.
- Audit Code for Cross-site scripting, Data Validation, Cross-Site Request Forgery issues, Logging Issues, and Session Integrity issues.
- Java gotchas and PHP Security Leading Practice.
- Searching code in Java or J2EE.
- Searching code in ASP.
- Pointers and keywords in Web 2.0.
- Integers and Strings.
- Audit Flash Applications and MySQL Security.
This course is beneficial for:
Audit Code is prepared on the basis of OWASP Methodology. Audit Application Source Code Training helps candidates in verifying the security of application source code, and running applications.
Securing Web Services .Net :
Securing Web Services .Net with Windows Communication Foundation is a Microsoft solution, devised for designing or building web based applications, in accordance with Service-Oriented Architecture (SOA) standards.
Course Modules :- Security basics for Web Services
- Intranet Application Scenarios
- WCF Security essentials
- Internet Application Scenarios
Securing Web Services .Net course teaches the importance of having a secure system, which has become the foremost concern in today's world. So much so, it has become imperative to incorporate security well in advance and treat it as a part of the core functionality. This course would be beneficial for Windows developers and solution architects who wish to make their WCF platforms more secure and useful.
Advance Database Security Testing :
Organizations often overlook the Database Security Testing. Databases have immense amount of data. This course teaches trainees to prevent the upcoming attacks from internal users, maintain security of the data within the database, and about Database hardening.
Penetration Testing With Python :
The course on Penetration Testing with Python teaches how to employ the Python language for security research, attack automation, and penetration testing with a practical approach. This course is best suited for security specialists, penetration testers, and network administrators who need to understand the automation of a task. This course covers the concepts of system security, attacking web applications, network security, exploitation techniques, binary and malware analysis and task automation.
Java Secure Code Testing
The course on Java Secure Code Testing would teach you about the examination of the actual code, working with the real tools, building of the applications, and improvisation of the security of Java applications. This course delivers all relevant information in the field of programming which involves exploring a specific piece of code, classifying a security flaw, and fixing flaws on the OWASP Top 10 and CWE/SANS Top 25 perilous Programming Errors.
Securing SQL Server 2012 :
Nowadays, SQL Server 2012 database security has become of major issue. This course will teach you how to secure a database with the use of advanced methods and protect it from security threats. After completing this course, students will learn the latest techniques in: securing business intelligence, denial-of-service attacks, user authorization, SQL Injection, and data encryption.
This course will teach you how to secure your server and network while configuring a firewall for SQL Server access, managing service SIDs, and encrypting the session by SSL. This course will also teach you about internal security while creating logins to connect to SQL Server, and users to get access to a database.