Secure Development
- Created By raju2006
- Last Updated December 5th, 2023
- Overview
- Prerequisites
- Audience
- Audience
- Curriculum
Description:
"Learn the art of Secure Development with our comprehensive course! Dive into a dynamic blend of informative presentations and hands-on lab sessions, where you'll gain practical experience in detecting and thwarting application vulnerabilities targeted by attackers. Discover the secrets of safeguarding applications effectively. Explore topics like code signing and API security to equip yourself with the essential skills for robust protection. Enroll today for a hands-on journey to mastering Secure Development."
Course Code/Duration:
BDT138 / 6 Half Day Sessions Or 3 Full Day Sessions
Learning Objectives:
- Detect & Mitigate Vulnerabilities
- Hands-On Experiences
- Effective Defense
- Code Signing & API Security
- Comprehensive Skills
- Robust Protection
- Practical Mastery
- To get the most out of this course, participants should have: Completed Google Cloud Platform Fundamentals: Core Infrastructure or have equivalent experience Basic proficiency with command-line tools and Linux operating system environments.
The intended audience for this course:
- Application Developers
- Architects
- Technical Managers
The intended audience for this course:
- Application Developers
- Architects
- Technical Managers
Course Outline:
The course includes presentations, demonstrations, and hands-on labs.
Module 1: Security overview
- What is application security?
- Importance of Security
- CIA (Confidentiality – Integrity – Availability) overview
- What is Phishing
- What is Vishing
- Data security overview
- Digital signature overview
- API overview
Module 2: Secure Coding
- What is secure coding?
- Importance of secure coding
- Secure coding guidelines & practices
Module 3: OWASP Top 10 vulnerabilities
- What is OWASP
- OWASP Top 10 vulnerabilities
- Injections
- Broken Authentication
- Sensitive Data exposure
- XML External Entities (XXE)
- Broken Access control.
- Security misconfigurations.
- Cross Site Scripting (XSS)
- Insecure Deserialization.
- Using Components with known vulnerabilities
- Insufficient logging and monitoring
Module 4: Secure Programming techniques
- Hashing
- Salting
- Dictionary attacks
- Other Password security techniques
Module 5: Security key Aspects: Authentication
- What is Authentication
- Authentication factors
- Authentication options overview
- SAML
- OpenID
- OAUTH
Module 6: Type of code scanning
- Static scanning
- Dynamic scanning
Module 7: Code signing
- What is code signing?
- Benefits
- How does code signing work?
- Use of code signing
Module 8: Code signing
- What is code signing?
- Benefits
- How does code signing work?
- Use of code signing
Module 9: Security key Aspects: Authorization
- What is Authorization
- Authentication options overview
- OpenAM
- OAUTH
- Options comparison & when to choose what
Module 10: Logging and Monitoring
- Use Stackdriver to monitor and manage availability and performance
- Locate and inspect Kubernetes logs
- Create probes for wellness checks on live applications
Module 11: Security architecture: Threat modeling
- Introduction
- Terminology
- Importance of threat modeling
- Threat modelling AS process
- Mitigation
- Case study
Module 12: API security
- API overview
- Understanding the Potential Risks of APIs
- Ways to secure API
- Best practices
Training material provided:
Yes (Digital format)
