Application_Security-Awareness: duration: 1x 4h description
advertisement
Application_Security-Awareness: duration: 1x 4h description: general introduction into information security in software applications. traget audiance: everyone who is involve in the development and maintaining software applications required: none content: Inleiding Cursus programma Verwachtingen cursisten Cursus doel Redenen, begrip & definitie Wat is applicatie beveiliging? Wat is een veilige applicatie? Waarom nu? Waar komen bedreigingen vandaan? Waar ‘zit’ applicatie beveiliging? OWASP Wat is OWASP? De OWASP Top Ten! Afsluiting Samenvatting Vragen Application_Security-Java: duration: 4x 4h description: in depth course about developing secure software appliations with Java / J2EE traget audiance: medior and senior Java developers, designers and architects. required: basic understanding in information security in software applications (AppSec-AW course) Expierence in Java / J2EE Development content: Day_1 (4h): Awareness Recap Introduction SDL Static Code Analysis introducation in the course application "WebWinkel" (online store) Lab: SQL Injection Day_2 (4h): Input validation Lab: XSS Validation in Java CSRF Lab: CSRF Day_3 (4h): Logging and Instrumentation Storing Secrets Authentication & Authorization Webservice Security Lab: Webservice Day_4 (4h): AJAX Java Security Model Code Protection Deployment Lab: Capture the Flag Evaluation Application_Security-.Net: duration: 4x 4h description: in depth course about developing secure software appliations with Microsoft .Net 3.5 traget audiance: medior and senior .Net developers, designers and architects. required: basic understanding in information security in software applications (AppSec-AW course) Expierence in Microsoft .Net Development content: Day_1 (4h): AppSec-AW Recap Secure Development Processes Input validation introducation in the course application "WebWinkel" (online store) Lab: SQL Injection Validation Services Day_2 (4h): Lab: XSS Static Code Analysis Lab: Input validation Storing Secrets Day_3 (4h): Authentication & Authorization CSRF Lab: CSRF Introduction WSE 3.0 Lab: WS Security Day_4 (4h): Code Access Security Logging & Instrumentation AJAX Deployment Lab: Capture the flag Application_Security-Test: duration: 3x 4h description: Basic introducation in finding vunerabilities in (web) applications traget audiance: functional tester and developers required: basic understanding in information security in software applications (AppSec-AW course) content: Day_1 (4h): introdcution Web / software architecture information gathering / application mapping (functional / technical) Legal issues Day_2 (4h): Security test activities part 1 labs Day_3 (4h): Security test activities part 2 Security test procedures Reporting Application_Security-Threatmodeling: duration: 2x 4h description: this course gives an understanding why and how to create a threat model traget audiance: Information analysists, designers and (lead) developers required: basic understanding in information security in software applications (AppSec-AW course) content: Day_1 (4h): Why model threats? Secure Development Lifecycle Terminology Asset Vulnerability Threat Risk Countermeasures Case introduction Identify assets Identify threats 1/2 Day_2 (4h): Recap day_1 Attack categories Case Identify threats 2/2 EoP card game Risk & countermeasures Case “PSA” Determine risk Different types of TM TM and security requirements Prerequisites for TM