Our application security training courses draw upon in-depth field experience and on-going research. We use real-world examples and hands-on techniques to bring our students up-to-speed on application security.
SC_01: Application Security for Managers
This course aims to teach managers their important role in application security and gives them a general understanding of the threat landscape, controls, and manager's role in an application security program. This course will cover:
- Application Security - The Threats
- Application Security Programs
- Enterprise Controls
The full course outline is available.
SC_02: Threat Analysis
This course aims to teach students how to effectively integrate security into application requirements and architectures by arming them with knowledge and tools. Topics covered include:
- Secure SDLC
- Secure Requirements
- Secure Architecture
The full course outline is available.
SC_03: Application Security Awareness
This course aims to give users an understanding of the current threat landscape on application security. Topics include:
- Security & Application Concepts
- Attack Vectors
The full course outline is available.
SC_04: Secure ASP.Net
This course teaches developers how to code securely in .Net by examining common security vulnerabilities and walking through control techniques. The course covers major programming vulnerabilities as well as .NET-specific security issues, including:
- Access Control
- Session Management
- Input/Output Validation
- Error Handling
- Canonicalization
- Threading Issues
The full course outline is available.
SC_05: Secure Java/JEE
Secure Java/JEE is designed to teach Java Enterprise architects and developers how to create secure distributed applications by walking through actual code examples. The course covers major programming vulnerabilities as well as Java-specific security issues, including:
- Container Security
- Client/Server Communication
- Input/Output Validation
- Logging and Monitoring
- Access Control
- Session Management
- Cryptography
- XML Processing
The full course outline is available.
SC_06: Exploiting and Defending Web Applications
This course focuses on security issues involved with web applications and e-commerce implementations. Students walk through examples of web applications, including server configurations and application code. Several specific security topics will be discussed, including:
- Understanding Web Technologies
- Exploiting Server
- Access Control
- Session Management and Cookies
- Encryption
- Input Validation
- Canonicalization
- Buffer Overflow
- XML Security
The full course outline is available. A shorter (3 day) version of this course is also available.
Secure Web Services
Web Services are quickly becoming a key enabler for enterprise application integration. Unfortunately, with their inherent flexibility comes a wide range of potential security vulnerabilities. Our intensive course covers:
- XML and Related Standard Basics
- Attacking and Defending XML
- Web Services Basics
- Access Control
- Session Management
- Input/Output Validation
- Denial of Service
- Error Handling
- Canonicalization
- WS-Security, SAML and XACML