The Secure Programming Foundation course is the first level of the SECO – Secure Software certification track.
This introductory course covers the basic concepts of secure programming. The course offers an ideal mix of theory and practice, where practical examples are illuminated with case studies.
Duration Learning Credits
2 days -16 hours of 16 PDU’s
Session
Public Classroom Pricing:
Early Bird Price: USD 1495.00
Regular Price: USD 1695.00
Instructor-Led Virtual Live Pricing:
Early Bird Price: USD 995.00
Regular Price: USD 1195.00
Private Group / In-House Learning:
Have a group of 3 or more people? Register
yourself with a special pricing and request
the training exclusively for your group.
Hot Selling Course
The course covers eight areas of attention
● Module 1: Secure Programming Awareness
● Module 2: Security from a Technical Point of View
● Module 3: Authentication and Session Management
● Module 4: Handling Input
● Module 5: Authorisation
● Module 6: Configuration, Error Handling and Logging
● Module 7: Cryptography
● Module 8: Secure Software Engineering
Novice or experienced programmers or software developers whose primary activities include
● Developing Software
● Testing or Auditing Software
● Facilitating Software Development
The aim of the course is to enable candidates to apply security principles in design and code, detect security problems in software and explain the causes of these problems.
In more detail, candidates should be able to:
● Understand the importance of security in the software life cycle and the logic behind security principles
● Define basic security terms, e.g. STRIDE, attack surface, trust boundaries, password salting, authentication, authorisation, hardening, cryptography
● Understand web application attack surfaces and trust boundaries
● Explain the workings of HTTP requests and header injection
● List password authentication vulnerabilities and relevant countermeasures
● Summarise the security implications of session management and list relevant countermeasures against session fixation
● Identify countermeasures against cross-site request forgery (CSRF) and clickjacking attacks
● Identify and explain countermeasures against injection attacks
● Identify and explain countermeasures against buffer overflows
● Identify and explain countermeasures against cross-site scripting (XSS)
● Identify and explain countermeasures against file upload attacks
● Identify and explain countermeasures against character encoding vulnerabilities
● Understand privilege escalation and list relevant mitigation techniques
● Explain how to secure products by hardening and vulnerability scanning
● Summarise how to prevent side channel attacks
● Summarise how to prevent DoS attacks
● Understand the importance of good error handling practices
● Understand the security risks involved in logging
● Understand symmetric and asymmetric cryptography, Man-in-the-Middle attacks and the pitfalls in SSL/TLS and HTTPS certificates
● Explain how security requirements can/should be identified
● Perform simple threat modelling exercises and identify security requirements for a system