Secure Software Development Training

This training aims to help participants understand security-focused approaches and best practices in system development processes.

Scope

Training Overview:

This training aims to help participants understand security-focused approaches and best practices in system development processes. Participants will acquire the critical knowledge and skills required for secure software development.

Target Audience:

This training is suitable for software test engineers, QA professionals, system analysts, web application developers, and other interested technical experts.

Training Content:

  1. HTTP 101
  2. Cookies
  3. Same Origin Policy (SOP) & Document Object Model (DOM)
  4. Why Penetration Testing for Web Applications
  5. Survive in the Web
  6. Types of Penetration Testing
  7. Stages of Penetration Testing
  8. Passive Reconnaissance
  9. Active Reconnaissance
  10. Vulnerability Mapping
  11. Attacking Web Applications
  12. Information Leakage
  13. Insecure Object Reference / Path Traversal
  14. Filters
  15. Injection-Based Flaws
  16. Command Injection
  17. SQL Injection
  18. Cross-Site Scripting (XSS)
  19. Cross-Site Request Forgery (CSRF)
  20. Local File Inclusion (LFI) / Remote File Inclusion (RFI)
  21. CRLF Injection
  22. File Upload Vulnerabilities
  23. Open Redirection – Unvalidated Forward & Redirects
  24. Reporting Vulnerabilities
  25. Bonus: Gamification

Methodology:

The training will be conducted online, featuring interactive lessons and practical sessions. It will include live presentations, group work, and hands-on exercises on sample projects.

Prerequisites and Preparation:

Participants should have a basic understanding of software development. They may need to set up a secure development environment on their computers.

Learning Outcomes:

Upon completing the training, participants will be able to:

  • Understand the importance and benefits of a secure development environment.
  • Learn the components of a secure development environment and how to implement them.
  • Apply secure coding principles and practices.
  • Identify common software security vulnerabilities and know how to protect against them.
  • Conduct security tests and static code analysis.
  • Utilize secure application development techniques.
  • Implement best practices related to data security and privacy.
  • Understand risk management and compliance principles.
  • Develop secure development procedures and policies.

Environment and Participant Count:

A suitable video conferencing platform will be used for remote training. The training is designed for a maximum of 15 participants. Attendees must have access to a computer and the internet to participate in interactive sessions.

Training Duration:

The total duration of the training is planned for 3 days. During the training, participants will engage in live presentations, practical exercises, and group work. The training days will be scheduled according to the parties' calendars after obtaining the client’s approval.