Description

Outline

• IT security and secure coding
• Special threats in the banking and finance sector
• Regulations and standards
• Web application security (OWASP Top Ten)
• Client-side security
• Security architecture
• Requirements of secure communication
• Practical cryptography
• Crypto libraries and APIs
• Security protocols
• Input validation
• Security of Web services
• Improper use of security features
• Object-relational mapping (ORM) security
• Improper error and exception handling
• Time and state problems
• Code quality problems
• Denial of service
• Security testing techniques and tools
• Deployment environment
• Principles of security and secure coding
• Knowledge sources

Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Understand security considerations in the SDLC
• Understand special threats in the banking and finance sector
• Understand regulations and standards
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Learn about XML security
• Learn client-side vulnerabilities and secure coding practices
• Have a practical understanding of cryptography
• Understand the requirements of secure communication
• Understand essential security protocols
• Understand some recent attacks against cryptosystems
• Understand security concepts of Web services
• Learn about JSON security
• Learn about typical coding mistakes and how to avoid them
• Get information about some recent vulnerabilities in the Java framework
• Learn about denial of service attacks and protections
• Get practical knowledge in using security testing techniques and tools
• Learn how to set up and operate the deployment environment securely
• Get sources and further readings on secure coding practices

Audience

Developers, Testers, Professionals

Prerequisites

Advanced desktop and Web application development