Building Secure Software Training Course and Workshop in Bangalore, Mysore, Chennai, Hyderabad, Pune, Mumbai, Delhi, Noida, Gurgaon, Kolkata

The Building Secure Software training course discusses a variety of software models with a special focus on web applications. Learn the practical techniques and technologies that are needed to design and build secure software. You will learn to secure each stage of the Software Development Lifecycle (SDLC) by understanding the foundational concepts for securing software.

By attending Building Secure Software workshop, delegates will learn:

The process and techniques of building secure software
Data protection in storage and transit
Authentication and authorization techniques
Client-side security
Secure user management systems
Data validation strategies
Error handling and exception management
Logging and auditing mechanisms
Major security features of Java, .NET, and web services
Security design patterns
Threat modeling

Basic knowledge of software development methodologies and tools.

This Building Secure Software class is ideal for Software professionals who define, design, and architect solutions; those who manage software development projects and teams; those who audit the security of applications.

Introduction

Software Security Overview

Cryptography

Common Mistakes
Random Numbers
Symmetric/Asymmetric Cryptography
Hashing Algorithms
Key Management
Cryptography Application
McAfee Application Control
Digital Signatures and Certificates
XML Encryption and Digital Signaturs

Authentication

Common Mistakes
Types (HTTP, Form, and Others)
Kerberos
Federated Authentication
Microsoft Windows CardSpace
SAML

Authorization

Common Mistakes
Least Privilege
Access Control
Role Based Access Control (RBAC)
Modeling Authorization
Common Vulnerabilities
Extensible Access Control Markup Language (XACML)

User Management

Common Mistakes
Passwords
Password Storage
Account Lockout
Password Resets

Client-Side Security

Common Mistakes
Code Obfuscation
Anti-Tampering Measures
Anti-Debugging Measures

Data Validation

Common Mistakes
Trust Boundaries
Data Validation Design
Validation Strategies and Tactics
Input and Output Validation
Common Data Validation Attacks
Validating Non-Textual Data

Error Handling and Exception Management

Common Mistakes
Designing for Failure
Failing Securely
Structured Exception Handling
Designing Error Messages

Event Logging

Common Mistakes
Effective Logging

Architecture and Design Patterns

Architecture Versus Design Patterns
Building Reusable Security Components
Securing the Infrastructure
OWSAP Enterprise Security API (ESAPI)
Architecture Patterns

Web Application Security

NET Framework Security
Java Security
Web Services Attack and Defenses
WS-Security

Threat Modeling

Tools and Methodologies
Choosing a Methodology
Threat Modeling Tools and Resources
The McAfee Methodology
Security Requirements
System
Threats
Countermeasures
Post-Threat Modeling
Analyzing and Managing Risk
Incremental Threat Modeling
Driving Security Testing
Root Cause Analysis

Encarta Labs Advantage

One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
All courses are delivered by Industry Veterans
Get jumpstarted from newbie to production ready in a matter of few days

Trained more than 50,000 Corporate executives across the Globe
All our trainings are conducted in workshop mode with more focus on hands-on sessions

Building Secure Software

COURSE AGENDA