Secure Software Concepts
This course provides a high-level overview of secure software concepts for web applications, including application security, security standards, secure development methodologies, and security best practices.
Fundamentals of Secure Development
This course introduces you to the need for secure software development and best practices.
Fundamentals Secure Mobile Development
This course introduces developers to the common risks associated with Mobile applications including client side injection, sensitive data handling, network transition, application patching, web based attacks, phishing, third-party code, location security and privacy and denial of service. The student is then given an overview of the Mobile application development best practices to reduce these risks including input validation, output encoding, least privilege, code signing, data protection at rest and in transit, avoiding client side validation, and using platform security capabilities as they apply in mobile environments. Included is a discussion of threat modeling mobile applications. With knowledge checks throughout, the student who completes this course will have an understanding of mobile environment threats and risks, and the programming principles to use to address them.
Fundamentals of Secure Database Development
This course provides software architects/developers with an understanding of database development best practices.
Fundamentals of Secure Cloud Development
This course introduces developers to the common risks associated with Cloud applications, including the security features of the different series models (IaaS, PaaS, and Saas), how to identify and mitigate the most common vulnerabilities, the unique security challenges of “Big Data”, and how to apply the Microsoft SDL to cloud applications. Threat coverage includes unauthorized account access, insecure APIs, shared technology, data leakage, and account hijacking, as well the importance of complying with regulatory requirements. With knowledge checks throughout, the student who completes this course will have an understanding of cloud computing threats and risks, and the programming principals to use to address them.
Fundamentals of Secure AJAX Code
This course introduces security issues and challenges specific to AJAX applications.
Fundamentals of Secure Embedded Software Development
This course teaches about security issues inherent to IoT embedded device architecture techniques to identify system security and performance requirements.
Identifying Threats to Mainframe COBOL Applications and Data
This course covers the most common security issues that affect the confidentiality, integrity, and availability of COBOL programs on mainframes.
Fundamentals of Secure Mobile Development for IoT Embedded Systems
This course provides additional training on Secure Mobile Development pertaining to embedded software engineers.
Creating Secure C Code Series
This series provides C developers with the knowledge and skills required to secure communications with Transport Layer Security (TLS) and to implement run-time protections with technologies such as stack security cookies, Address Space Layout Randomization (ASLR), and No-eXecute.
Secure C Encrypted Network Communications
In this course, you will learn about secure communications using Transport Layer Security (TLS), and best practices for implementing these with your C and C++ applications. After completing this course, you will be able to identify the basic principles of TLS, identify libraries and interfaces for implementing the TLS protocol, identify TLS security considerations, and identify alternatives to TLS.
Secure C Run-Time Protection
This course discusses common run-time protection technologies that you can use to protect your application from attack. After completing this course, you will be able to identify run-time protection technologies, such as stack security cookies, Address Space Layout Randomization, and No-eXecute. You will be also able to identify their limitations, and how to apply them to your applications.
Creating Secure C++ Code Series
This series provides C++ developers with the knowledge and skills required to mitigate memory corruption vulnerabilities, protect data in transit using strong TLS ciphers, and to protect data using cryptographic best practices
Creating Secure C++ Code
This course highlights some of the most useful security features for avoiding memory corruption vulnerabilities in C++, including: • Using standard containers and their built-in functions to avoid direct memory operations • Using bounds-checking functions, especially for string manipulation, to avoid buffer overflows • Using smart pointers to avoid memory leaks associated with managing raw pointers • Using standard concurrency features to help reduce the risk of introducing race conditions • Using object-oriented programming features to define and manipulate data in terms of objects, thus avoiding direct memory operations that may lead to memory corruption • Using range-based loops to avoid off-by-one indexing errors Using native regular expressions to validate untrusted text input and avoid the risk of introducing vulnerabilities through third-party libraries.
Communication Security in C++
This course discusses how to protect data in transit using encryption libraries and strong TLS ciphers. It also reviews important issues about public key certificates including signing and verifying them.After completing this course, you will be able to identify well-trusted encryption libraries and strong TLS cipher suites to protect data in transit, and explain how to protect and verify the integrity of public key certificates
Creating Secure Code NET Framework Foundations Series
This course describes .NET 4 security features, including concepts such as Code Access Security (CAS) and .NET cryptographic technologies. In addition, this course will introduce you to security changes in .NET 4 including level 2 security transparency, the new sandboxing and permission model, introduction of conditional APTCA, and changes to evidence objects and collections. This course provides secure coding best practices that will enable students to build more secure applications in .NET 4.
Creating Secure Code - SAP ABAP Foundations
This course discusses best practices and techniques for secure SAP application development using Java and ABAP.
PCI DSS v3.2 Best Practices for Developers
This course provides software developers an understanding of PCI-DSS Version 3.2 application security issues.
Creating Secure Oracle Database Applications
This course introduces database application developers to key industry best practices for data security, such as secure query construction and secure communication and storage. After completing this course, you will be able to describe how to write stored procedures securely. You will also be able to explain how to secure data stored in the database as well as data in transit using Oracle Database features.
Creating Secure SQL Server and Azure SQL Database Applications
In this course, you will learn how to protect sensitive data and while ensuring the integrity of applications running on the Microsoft SQL Server Engine and Azure SQL Database.
Creating Secure AJAX Code - ASP.NET Foundations
This course introduces secure ASP.NET coding principles for AJAX applications.
Creating Secure AJAX Code - Java Foundations
This course introduces secure Java coding principles for AJAX applications.
Creating Secure AWS Cloud Applications
This course examines the security vulnerabilities, threats, and mitigations for AWS cloud computing services.
Creating Secure Azure Applications
This course examines the security vulnerabilities, threats, and mitigations for Azure cloud computing services.
Creating Secure Code - Web API Applications
This course introduces the fundamentals of secure web services development.
Creating Secure Code - Ruby on Rail Foundations
This course teaches best practices and techniques for secure application development with Ruby on Rails.
Creating Secure Python Web Applications
In this course, you will learn about best practices and techniques for secure web application development with Python.
Node.js Threats and Vulnerabilities
This course discusses system configuration, injection attacks, session management, package management, and the AngularJS framework, all within the context of Node.js security.
Creating Secure COBOL and Mainframe Applications
This course covers countermeasures for security vulnerabilities on the mainframe, such as input validation, parameterized APIs, strong cryptography, and being aware of memory management issues.
Creating Secure Java Series Services
This series provides Java developers with the knowledge and skills required to implement the Java Security Model, JAAS, and to protect data using cryptographic best practices.
Java Security Model
This course introduces you to Java’s policy-driven security model. Key topics include the Java security model, the Java security manager, security policies, and security policy files. After completing this course, you will be able to identify the components of the Java security model and the functionality of the Java security manager and access controller. You will also be able to identify the components of Java security policies as well as describe the function of Java security policy files.
Java Authentication and Authorization Services (JAAS)
This course discusses the Java authentication and authorization service, or JAAS. JAAS is a Java implementation of the standard pluggable authentication module, or PAM, framework. JAAS provides a framework that developers can use to require users to log in and to define precisely which actions users can perform. After completing this course, you will be able to identify the components of the JAAS framework, and identify how to use JAAS to control user authentication and authorization in your Java application.
This course discusses cryptography and related issues in Java.After completing this course, you will be able to generate secure encryption keys and identify related issues such as pseudo random number generators, key derivation functions, and initialization vectors. You will also be able to select an appropriate symmetric encryption algorithm, cipher mode, and authenticated encryption mode.You will also be able to identify key concepts of public key cryptography, explain how public and private key pairs work together to encrypt and decrypt data for secure transfer and to create and verify digital signatures, and use the Java keytool command-line utility for creating and managing keys and keystores.
Protecting C Code Series
This series provides C developers with the knowledge and skills required to mitigate buffer overflow conditions, implement secure memory management best practices, and protect applications and data from attacks. data for secure transfer and to create and verify digital signatures, and use the Java keytool command-line utility for creating and managing keys and keystores.
Secure C Buffer Overflow Mitigations
The C and C++ languages cover a wide range of systems spanning several decades of development.Although all programming languages are susceptible to security vulnerabilities, C and C++ are particularly prone to them due to the low-level nature of the language.In this course, you will learn how to prevent the most serious vulnerabilities in your C and C++ applications.After completing this course, you will be able to mitigate buffer overflows, understand and prevent several additional types of memory management vulnerabilities, protect data in memory, prevent format string vulnerabilities, understand integer overflows, mitigate race conditions, and avoid the most common types of Injection vulnerabilities.
Secure C Memory Management
After completing this course, you will able to identify the key concepts of dynamic memory management, identify common mistakes that lead to memory corruption and vulnerabilities, and implement best practices to mitigate memory management vulnerabilities
Common C Vulnerabilities and Attacks
In this course you will review common C application vulnerabilities, how they manifest in code, and techniques and libraries that you can use to mitigate the risk of attack.After completing this course, you will be able to mitigate risk from format string attacks, integer overflows, race conditions, canonicalization issues, command injection, and SQL Injection
Protecting Data in C++
This course discusses cryptography and related issues for COD 307 - Protecting Data in C++. After completing this course, you will be able to generate strong encryption keys and identify related symmetric cryptography issues, such as pseudo random number generators (PRNGs), key derivation algorithms, and initialization vectors. Additionally, you will be able to select an appropriate symmetric encryption algorithm, cipher mode, and authenticated encryption mode, and identify common libraries that support symmetric cryptography. You will also be able to identify key concepts of public key cryptography, explain how public and private key pairs work together both to encrypt and decrypt data for secure transfer and to create and verify digital signatures, and implement best practices to mitigate memory exposure vulnerabilities.
Creating Secure ASP.NET MVC Applications
In this course, you will learn about ASP.NET MVC and Web API code security issues that affect MVC and Web API applications. You'll learn methods to protect your application from attacks against MVC’s model-binding behavior, as well as methods to protect your application from cross-site scripting, cross-site request forgery, and malicious URL redirects. You will also study the Web API pipeline and how to implement authentication and authorization in Web API applications.
Creating Secure PHP Code
This course teaches PHP programmers the security principals they need to know to build secure PHP applications. This class teaches programming principles for security in PHP such as proper session management, error handling, authentication, authorization, data storage, use of encryption and defensive programming as well as avoiding and mitigating vulnerabilities such as SQL Injections, Cross-Site Scripting (XSS), File Inclusion, Command Injection, Cross Site Request Forgery (CSRF) and Null Byte attacks. With interactive knowledge checks in each of the modules, after completing the course, the student will be able to program securely and defensively in PHP.
Creating Secure iOS Code in Swift
In this course you will learn how to identify the most common iOS application security vulnerabilities, including Insecure Data Storage, Side Channel Data Leakage, Client Side Injection, Custom URL Scheme Abuse, Stack Smashing and Self-Signed Certificates. You will learn how to mitigate these threats by leveraging iOS and Swift security services while also implementing secure coding best practices, including Secure Memory Management, Automatic Reference Counting, Enabling Position Independent Executable, Secure Data Storage, Communicating Over HTTPS, App Transport Security, TLS Certificate Pinning, Asymmetric Encryption, Parameterized SQL Queries, Validating Path Location Input and Implementing Apple Pay.
Creating Secure Android Code in Java
In this course you will learn how to identify and mitigate the most common Android application security vulnerabilities and attack vectors, including: Weak Server Side Controls, Threats to Data, SQL Injection, Cross-Site Scripting (XSS), Session Hijacking, Threats to User Privacy and Confidentiality, Native Code Attacks, and Missing Data Encryption. Mitigation and best-practices include the Android software stack, the Android security model, access control methods, sandboxing, interprocess communications and implementing the security features of open-source developer tools.
Protecting C# Series
This series describes methods that will produce secure C# applications. It presents the common security vulnerabilities "Canonicalization Issues" and "Integer Overflows", and the unique features of C# and the .NET Framework that can be used to mitigate them.
Protecting C# from Integer Overflows and Canonicalization Issues
This course describes methods that will produce secure C# applications. It presents the common security vulnerabilities “Canonicalization Issues” and “Integer Overflows”, and the unique features of C# and the .NET Framework that can be used to mitigate them.
Protecting C# from SQL and XML Injection
This course presents some of the most pervasive security vulnerabilities, “SQL Injection” and “XML Injection”, and the features of the .NET Framework that can be used to mitigate them. When you have completed this course, you will be able to explain where and when SQL injection and XML injection are likely to occur, identify common pitfalls when defending against these vulnerabilities, and identify best practices for mitigating these vulnerabilities.
Protecting Data in C#
This course describes protecting data both in transit and at rest in C# applications using strong cryptography. Included examples show how sensitive data can be protected in memory with the SecureString and ProtectedMemory classes. The course also describes common cryptographic pitfalls you should avoid, and finally discusses how to protect data in transit, preferably with Transport Layer Security (TLS).
Creating Secure HTML5 Code
This course provides in depth coverage on how to mitigate the most dangerous threats to HTML5 applications. It includes coverage of HTML5 Forms, WebSocket API, Server-Sent Events (SSE), Node.js security, jQuery security, the GPS API, static code analysis, and security packages. Upon completion of this class you will be able to identify key threats to your HTML5 application and then mitigate those threats by (1) leveraging built-in HTML5 security features and (2) implementing secure coding best practices.
Creating Secure jQuery Code
Learn about the most common threats to jQuery applications and how to mitigate these vulnerabilities.
Protecting Java Code Series
This series provides Java developers with the knowledge and skills required to mitigate the most common application security vulnerabilities, including SQLi, XSS, and Information Disclosure.
Protecting Java Code: SQLi and Integer Overflows
This course describes ways to remediate common application security vulnerabilities in your Java application.After completing this course, you will be able to mitigate risk from SQL injection and integer overflows.
Protecting Java Code: Canonicalization, Information Disclosure and TOCTOU
This course describes ways to remediate common application security vulnerabilities in your Java application.After completing this course, you will be able to mitigate risk from canonicalization issues, information disclosure, and race conditions.
Protecting Data in Java
This course discusses protecting data at rest and in transit in Java applications. Several code examples are provided to illustrate key concepts. After completing this course, you will be able to protect data at rest and in transit with appropriate cryptographic techniques.
Creating Secure Code - .NET (C#)
This Instructor-Led course gives developers an in-depth immersion into secure coding practices, with an emphasis on the security features and pitfalls of the .NET programming environment.
Attacker Techniques Exposed: Threats, Vulnerabilities, and Exploits
This Instructor-Led course examines trends in software vulnerabilities, demonstrates examples of security breaches, explores a wide range of live software vulnerabilities, and introduces threat modeling techniques.
Creating Secure Code - J2EE Applications
This Instructor-Led course gives developers an in-depth immersion into secure coding practices with an emphasis on the security features and pitfalls of the Java programming environment.
Creating Secure Code - iOS
In this Instructor-Led course, participants will learn to develop and deploy secure iPhone applications by leveraging Apple’s security libraries and frameworks.
Creating Secure Code - Android
This Instructor-Led course helps participants develop secure Android applications by applying Android-specific secure development techniques.
Creating Secure Code - Embedded C/C++
This Instructor-Led course examines coding errors and vulnerabilities in the context of embedded C/C++ programming and provides detailed code examples of insecure practices and methods to find, fix, and prevent each type of flaw.
Security Code Review
This Instructor-Led course presents the primary techniques used to conduct a security code review, with the focus of identifying potential security vulnerabilities.