Secure applications and websites play a big role in your overall security profile, and so must secure application development best practices.

With so many high-profile data security breaches, auditors and regulators are paying particularly close attention to the coding practices of your developers as they assess compliance with Payment Card Industry Data Security Standards (PCI DSS) and Sarbanes-Oxley (SOX).

MediaPRO’s Secure Application Development training is an engaging, interactive course that will increase awareness of secure coding practices, assist developers in improving application delivery, and allow you to meet industry and regulatory compliance requirements. The course is closely aligned with OWASP 2017 standards for application security. The intended audience includes architects, designers, developers, and IT risk managers.

Our Secure Application Development course is a standalone offering available outside of our tiered packages of awareness program content, but can be purchased alongside any other offering. See more about our packages here.

 

Secure Application Coding Topics Include:

Security Principles Overview

  • Core Security Concepts
  • Secure Design Tenets
  • Industry Regulations, including PII, SOX, PCI DSS, PFI, and HIPAA
  • Relative Cost of Detection throughout the SDLC Threat Modeling
  • Risk Assessment through Qualitative Analysis

Authentication

  • Common Authentication Methods
  • Client-Side SSL Certificates
  • Single Sign-On (SSO)
  • Re-Authentication
  • Password & Account Policies
  • Failing Closed & Failing Open
  • Specific Methods for Preventing Common Attacks
  • Design and Implementation Best Practices

Authorization

  • Common Authorization Attacks
  • Authorization vs. Authentication
  • Principle of Least Privilege
  • Separation of Duties
  • Access-Control Methods
  • Design and Implementation Best Practices

Session Management

  • Cookies
  • Session Timeouts
  • Securing Against Common Attacks on Sessions
  • Proper Session Storage and Clearing Procedures
  • Design and Implementation Best Practices

Input / Output Handling

  • Validation Overview
  • Common Vulnerabilities and Exploits
  • Data Validation Strategies
  • Preventing Common Attacks
  • Database Access Control
  • Serialization
  • Design and Implementation Best Practices

Error Handling

  • Impacts of Improper Error Handling
  • Identifying Exploits
  • Detailed Error Messages
  • Centralized Exception Handling
  • Structured Error Handling
  • Error Logging
  • Design and Implementation Best Practices

Logging

  • Logging Purpose and Requirements
  • Centralized Logging
  • Log Security
  • Design and Implementation Best Practices

Cryptography

  • Hashing
  • Encryption
  • Digital Signatures
  • Certification Authorities
  • SSL & TLS
  • Digital Signatures
  • Securing Communications with HTTPS
  • Key Management
  • Design and Implementation Best Practices

Web Service Security

  • Web Service Protocols and Standards (SOAP and REST)
  • Common Web Service Languages and Frameworks
  • Web Service Vulnerabilities and Common Attacks
  • Message Signing and Encryption
  • Design and Implementation Best Practices

Secure Application Coding Course Features:

  • Meets PCI DSS 3.2 Requirements
  • Real-Life Examples and Applications
  • Professional Graphics and Voiceovers
  • SCORM Compliant

 

What MediaPRO solution is right for your business?

View Packages
Request a Demo

Take a closer look at the courses included in each TrainingPack

MediaPRO TrainingPack courses are interactive and engaging, with the right mix of humor and professionalism. You can use courses as-is, easily modify them, or quickly build your own from pre-built topics.

Check out the Courses
More Resources
2018 State of Privacy and Security Awareness Report

Explore the current state of employee knowledge in cybersecurity and data privacy with our of Privacy and Security Awareness Report.

White Paper: A How-To Guide for Effective Simulated Phishing Campaigns

Get the most out of your simulated phishing campaigns with proven tactics and strategies from our experts.

Infographic: The ABCs of Effective Awareness Programs

Check out our infographic for the most important components of a successful security awareness program.