Secure Programming

Secure Programming


Many of the security breaches we read about in the news start out as software bugs that created exploitable vulnerabilities. This two-day course will teach students where these vulnerabilities come from, how to avoid them and how to defend against common attacks. Topics will include various types of software, with an emphasis on web applications and mobile applications. The course will conclude with a capture-the-flag style lab in which students will practice securing a deliberately vulnerable application.

COURSE OUTLINE:

Role of the programmer in information security; goals and scope of application security

Comparison of programming environments
• Consequences of exploitation
• Strengths and weaknesses of different environments

General introduction to hacking and exploitation
• Definition of hacking
• Goals and motivations of hackers
• Consequences of getting pwned (legal, business, regulatory)
• Common hacking tools
• Exchange of information in the hacker/infosec community (sale of 0-days, automated exploitation, responsible disclosure)

Discussion of famous vulnerabilities

Native code vulnerabilities
• Bounds checking and buffer overflows
• Use-after-free and double-free bugs
• Buffer overflow exploitation demo

Web security fundamentals

OWASP Top 10 vulnerabilities with discussion of exploitation techniques, consequences of exploitation and defenses
• Additional topics:
o Password hashing and management
o Importance of cruft

SQL injection exploitation lab
• Introduction to BurpSuite
• Identifying through passive and active scanning
• Manual exploitation
• Exploitation with automated tools
• Filesystem access exploits

Security antipatterns

Defensive systems and processes
• Logging
• WAFs
• Evasion demo
• Intrusion detection and prevention systems
• Code review
• Fuzzing
• Unit testing
• Static analysis

Mobile development
• OWASP Mobile Top 10
• Common problems
• Introduction to mobile app reverse engineering

SSL and cryptography
• Securing an SSL implementation
• Survey of topics in practical cryptography and common errors

Lab/CTF – secure a deliberately vulnerable application

 

ALSO INCLUDED WITH CLASS:

  • Award-Winning Instructor
  • Instructor Who Wrote the Course
  • Instructor Who Hacks for a Living– Bringing Expertise and Real-World Experience to Classroom
  • Hands-on Training
  • Computers Provided for Course (property of HackerU)
  • Certificate of Completion
  • Snacks and Coffee Breaks for Duration of Training
  • Instructor Availability
  • And More

COURSE PREREQUISITES & ASSUMPTIONS:

• Significant experience writing production software
• Familiarity with TCP/IP networking concepts
• Familiarity with web application fundamentals (recommended)

Contact us for more scheduling, details and enroll today!

COST: $1,500 per person

September 19 & 20, 2017