Secure Software Development and Static Source Code Analysis training aims to detect security vulnerabilities through static code analysis that are frequently encountered in corporate environments, which are difficult to detect with classical security software, and analyzing malicious software, determining its effects and activities, solving the necessary studies to be removed from the system.

Java and .NET technologies are implemented separately, as they are two separate pieces of training.

Establishing security requirements, creating abuse scenarios, understanding threat modeling, and secure design, and performing static source code analysis are among the requirements of developing secure software.

Pre-requisite  It is recommended to have basic programming knowledge and skills for an efficient training.

Gain                At the end of this training, participants will learn the approaches of attackers, the basic principles and techniques of secure software development with sample applications.

Contents         The training headings are:

  • Web Standards
  • Secure Input Validation
  • Cross Site Scripting (XSS)
  • SQL Injection
  • Other Insufficient Input Validation Vulnerabilities
  • Input Validation Strategies
  • Secure Authentication
  • Secure Session Management
  • Secure Authorization
  • Secure Design
  • Secure Error Handling and Log Management
  • Secure Cryptography
  • Static Source Code Analysis
  • Secure Web Services and AJAX

Duration         24 hours (theoretical and practical)