K-Secure
Copyright © 2008 Ksecure.net
All Rights reserved
E-Mail: webmaster@ksecure.net
All Rights reserved
E-Mail: webmaster@ksecure.net
Designed by Neville Bulsara
Did you know that...
Organizations that have availed of K-Secure's IT Security Training programs and services include leading corporates from India and include GE Capital, Patni Computers, HSBC, TCS, Great Eastern Shipping, Indiabulls, Tata AIG...
K-Secure
Information Security Training & Services
Information Security Training & Services
Secure Application Coding
Secure Application Coding Training Program - Methodology, Practices and Strategies
Application source code - according to most studies - is a major source of vulnerabilities. A CSI survey on vulnerability distribution suggests that 64% of the time, vulnerabilities crops up due to programming errors and 36% of the time, due to configuration issues. According to IBM labs, there is a possibility of at least one security issue contained in every 1,500 lines of code.
Given the increasing reliance on information, never before has it been more important to follow secure coding and design principles to mitigate security risks that may arise out of errors and oversights during the designing and coding of applications.
Course Objectives : K-Secure's Secure Application Coding (SAC) Training Program focuses on the key issue of designing and writing secure code - a fundamental property of Application Security (AppSec). With real life cases, hands one exercises, code scanning tools and defense plans, participants would be methodically taken down to the source code level and exposed to the flaws in design and coding practices. The class focuses on the proper ways of writing secure code and analyzing the code base. This class addresses popular languages and platforms like VB/C# (.NET), Java(J2EE), PHP, ASP etc.
Our Training Calendar lists scheduled Secure Coding Training Programs in Bombay & other parts of India.
Location : Our Secure Coding Training course is conducted at our state-of-the-art Training Lab in Mumbai - India. We can also - on request - conduct this course on-site at customer locations throughout the country such as Delhi, Bangalore, Chennai, Hyderabad, Pune etc.
Who should attend : Developers, QA team, Code reviewers, Security professionals and Managers.
Topics covered :
Application source code - according to most studies - is a major source of vulnerabilities. A CSI survey on vulnerability distribution suggests that 64% of the time, vulnerabilities crops up due to programming errors and 36% of the time, due to configuration issues. According to IBM labs, there is a possibility of at least one security issue contained in every 1,500 lines of code.
Given the increasing reliance on information, never before has it been more important to follow secure coding and design principles to mitigate security risks that may arise out of errors and oversights during the designing and coding of applications.
Course Objectives : K-Secure's Secure Application Coding (SAC) Training Program focuses on the key issue of designing and writing secure code - a fundamental property of Application Security (AppSec). With real life cases, hands one exercises, code scanning tools and defense plans, participants would be methodically taken down to the source code level and exposed to the flaws in design and coding practices. The class focuses on the proper ways of writing secure code and analyzing the code base. This class addresses popular languages and platforms like VB/C# (.NET), Java(J2EE), PHP, ASP etc.
Our Training Calendar lists scheduled Secure Coding Training Programs in Bombay & other parts of India.
Location : Our Secure Coding Training course is conducted at our state-of-the-art Training Lab in Mumbai - India. We can also - on request - conduct this course on-site at customer locations throughout the country such as Delhi, Bangalore, Chennai, Hyderabad, Pune etc.
Who should attend : Developers, QA team, Code reviewers, Security professionals and Managers.
Topics covered :
Did you know that...
Some of the most important guidleines for writing secure code are :
Quick Training Links:
Scheduled Programs:
Home | About | Training Programs | Training Calendar | IT Security Services | Testing Services
Trainers | Blog | Contact us
Trainers | Blog | Contact us
| · | Application security fundamentals: Application evolution, Layered threats, Threat models, Attack vectors and Hacker’s perspective. |
| · | Application infrastructure overview: Protocols (HTTP/SSL), Tools for analysis, Server layers and Browsers. |
| · | Application Architecture: Overview of .NET and J2EE application frameworks, Application layers and components, Resources and interactions, other languages. |
| · | Advanced Web Technologies: Ajax, Rich Internet Applications (RIA) and Web Services. |
| · | Application attack vectors and details: SQL injection, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Path traversal, Session hijacking, LDAP/XPATH/Command injection, Buffer overflow, Input validation bypassing, Database hacks, Ajax exploits, Web Services attack vectors, Decompiling assemblies and many more. |
| · | Principals of Secure Coding: Fundamentals, Controls and Strategies. |
| · | Key security aspects: Authentication, Authorization, Session management, Crypto usage and Error handling. |
| · | Defense plans: Secure objects, functions and wrappings |
| · | Code review methodologies: Spidering the code, enumerating blocks, identifying modules. |
| · | Scanning for vulnerabilities: Function and Method signature mapping, entry point identification, data access layer calls, tracing variables and functions. |
| · | Applying validations: Input validations, Output validations, Data access filtering, and Authentication validates. |
| · | XML and Web Services: SOAP, XML-RPC and REST base attacks and secure coding. |
| · | Client side coding: Ajax and JavaScript analysis, Flash based application reviews and Browser security. |
| · | Exposure to various tools and cases. |
For further details about our SAC Programs in Mumbai and other parts of India, please contact us
| · | Validate input |
| · | Architect & design keeping security in mind |
| · | Keep it simple |
| · | Deny by Default |
| · | Adhere to the principle of least privelage |
| · | Sanitize data sent to other systems |
| · | Learn & practice Defense in Depth |
| · | Use effective quality assurance techniques |
| · | Adopt a secure coding standard |
| · | Heed compiler warnings |
