Secure applications and websites play a big role in your overall security profile, and so must secure application development best practices. With so many high-profile data security breaches, auditors and regulators are paying particularly close attention to the coding practices of your developers as they assess compliance with Payment Card Industry Data Security Standards (PCI DSS) and Sarbanes-Oxley (SOX).

This Secure Application Development training is an engaging, interactive course that will increase awareness of secure coding practices, assist developers in improving application delivery, and allow you to meet industry and regulatory compliance requirements. The course is closely aligned with OWASP standards for application security. The intended audience includes architects, designers, developers, and IT risk managers. Secure Application Coding Topics Include:

Security Principles Overview

  • Core Security Concepts
  • Secure Design Tenets
  • Industry Regulations, including PII, SOX, PCI DSS, PFI, and HIPAA
  • Relative Cost of Detection throughout the SDLC Threat Modeling
  • Risk Assessment through Qualitative Analysis

Authentication

  • Common Authentication Methods
  • Client-Side SSL Certificates
  • Single Sign-On (SSO)
  • Re-Authentication
  • Password & Account Policies
  • Failing Closed & Failing Open
  • Specific Methods for Preventing Common Attacks
  • Design and Implementation Best Practices

Authorization

  • Common Authorization Attacks
  • Authorization vs. Authentication
  • Principle of Least Privilege
  • Separation of Duties
  • Access-Control Methods
  • Design and Implementation Best Practices

Session Management

  • Cookies
  • Session Timeouts
  • Securing Against Common Attacks on Sessions
  • Proper Session Storage and Clearing Procedures
  • Design and Implementation Best Practices

Input / Output Handling

  • Validation Overview
  • Common Vulnerabilities and Exploits
  • Data Validation Strategies
  • Preventing Common Attacks
  • Database Access Control
  • Design and Implementation Best Practices

Error Handling

  • Impacts of Improper Error Handling
  • Identifying Exploits
  • Detailed Error Messages
  • Centralized Exception Handling
  • Structured Error Handling
  • Error Logging
  • Design and Implementation Best Practices

Logging

  • Logging Purpose and Requirements
  • Centralized Logging
  • Log Security
  • Design and Implementation Best Practices

Cryptography

  • Hashing
  • Encryption
  • Digital Signatures
  • Certification Authorities
  • SSL & TLS
  • Digital Signatures
  • Securing Communications with HTTPS
  • Key Management
  • Design and Implementation Best Practices

Web Service Security

  • Web Service Protocols and Standards (SOAP and REST)
  • Common Web Service Languages and Frameworks
  • Web Service Vulnerabilities and Common Attacks
  • Message Signing and Encryption
  • Design and Implementation Best Practices

Secure Application Coding Course Features:

  • Meets PCI DSS 3.0 Requirements
  • Real-Life Examples and Applications
  • Professional Graphics and Voiceovers
  • SCORM Compliant

Request a Demo or call MediaPro at 425-483-4700 x4725 to view a free Secure Application Coding course demonstration or to discuss pricing for your organization.