OWASP and Security Concepts for Software Developers

PT25170
Summary
This course for Developers is designed to expose software developers to the key security concepts that they need to know to gain a full appreciation of secure coding. This is mostly a language-agnostic course that focuses on the concepts, techniques, and mechanisms required to secure data and to create secure software that enforces and maintains data protection. Most developers are aware of some of these concepts, but they do not fully appreciate the significance of each in relation to the others, and how these topics ultimately affect their ability to evaluate and implement secure coding practices. Any factors that affect software security should be carefully considered and fully understood. This course helps ensure that developers are adequately equipped to make properly informed choices during each coding project.
Prerequisites
Before taking this course, students should have some development experience to complete the lab exercises.
Duration
5 Days/Lecture & Lab
Audience
This course is designed for Developers with Java programming experience.
Topics
  • Security Goals
  • Secure Systems Design
  • Secure Design Principles
  • Worms and Other Malware
  • Buffer Overflows
  • Client-State Manipulation
  • SQL Injection
  • Password Security
  • Jumping into the OWASP Top 10
  • A1: Injection
  • A2: Broken Authentication
  • A3: Sensitive Data Exposure
  • A4: XML External Entities (XXE)
  • A5: Broken Access Control
  • A6: Security Misconfiguration
  • A7: Cross Site Scripting (XSS)
  • Cross-Domain Security in Web Applications
  • Symmetric Key Cryptography
  • Key Management and Exchange
  • MACs and Signatures
  • Appendix A: Hacking and Penetration Testing
  • API Security – If time allows

Related Scheduled Courses