K-Secure
Copyright © 2008 Ksecure.net
All Rights reserved
E-Mail: webmaster@ksecure.net
Designed by  Neville Bulsara
Did you know that...
Organizations that have availed of K-Secure's IT Security Training programs and services include leading corporates from  India and include GE Capital, Patni Computers, HSBC, TCS, Great Eastern Shipping,  Indiabulls, Tata AIG...
K-Secure
Information Security Training & Services
Information Security Training & Services
Secure Application Coding
Secure Application Coding Training Program - Methodology, Practices and Strategies


Application source code - according to most studies - is  a major source of vulnerabilities. A CSI survey on vulnerability distribution suggests that 64% of the time, vulnerabilities  crops up due to programming errors and 36% of the time, due to configuration issues. According to IBM labs, there is a possibility of at least one security issue contained in every 1,500 lines of code.

Given the increasing reliance on information, never before has it been more important to follow secure coding and design principles to mitigate security risks that may arise out of errors and oversights during the designing and coding of applications.

Course Objectives : K-Secure's Secure Application Coding (SAC) Training Program   focuses on the key issue of designing and writing secure code - a fundamental property of Application Security (AppSec). With real life cases, hands one exercises, code scanning tools and defense plans,  participants would be methodically taken down to the source code level and exposed to the flaws in design and coding practices. The class focuses on the proper ways of writing secure code and analyzing the code base. This class addresses popular languages and platforms like VB/C# (.NET), Java(J2EE), PHP, ASP etc.

Our Training Calendar lists scheduled  Secure Coding  Training Programs in Bombay & other parts of India.

Location : Our Secure Coding Training course is conducted at our state-of-the-art Training Lab in Mumbai - India. We can also - on request - conduct this course on-site at customer locations throughout the country such as Delhi, Bangalore, Chennai, Hyderabad, Pune etc.

Who should attend : Developers, QA team, Code reviewers, Security professionals and Managers.

Topics covered :
Did you know that...
Some of the most important guidleines for writing secure code are :
Quick Training Links:
Scheduled Programs:
About K-Secure
Training Programs
Training Calendar
IT Security Services
Contact
Testing Services
 
Blog
Trainers
Home
ec council training partner
pearson vue authorised test centre
Home | About | Training Programs | Training Calendar | IT Security Services | Testing Services
Trainers | BlogContact us
Application security fundamentals: Application evolution, Layered threats, Threat models, Attack vectors and Hackerís perspective.
Application infrastructure overview: Protocols (HTTP/SSL), Tools for analysis, Server layers and Browsers.
Application Architecture: Overview of  .NET and J2EE application frameworks, Application layers and components, Resources and interactions, other languages.
Advanced Web Technologies: Ajax, Rich Internet Applications (RIA) and Web Services.
Application attack vectors and details: SQL injection, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Path traversal, Session hijacking,  LDAP/XPATH/Command injection, Buffer overflow, Input validation bypassing, Database hacks, Ajax exploits, Web Services attack vectors, Decompiling assemblies and many more.
Principals of Secure Coding: Fundamentals, Controls and Strategies.
Key security aspects: Authentication, Authorization, Session management, Crypto usage and Error handling.
Defense plans: Secure objects, functions and wrappings
Code review methodologies: Spidering the code, enumerating blocks, identifying modules.
Scanning for vulnerabilities: Function and Method signature mapping, entry point identification, data access layer calls, tracing variables and functions.
Applying validations: Input validations, Output validations, Data access filtering, and Authentication validates.
XML and Web Services: SOAP, XML-RPC and REST base attacks and secure coding.
Client side coding: Ajax and JavaScript analysis, Flash based application reviews and Browser security.
Exposure to various tools and cases.
For further details about our SAC  Programs in Mumbai and other parts of India, please contact us
Validate input
Architect & design keeping security in mind
Keep it simple
Deny by Default
Adhere to the principle of least privelage
Sanitize data sent to other systems
Learn & practice Defense in Depth
Use effective quality assurance techniques
Adopt a secure coding standard
Heed compiler warnings