Secure Coding

Overview:
This training program begins by searching the desire to designing and creates security systems, and then list of ordinary mistakes. A case study is given in the beginning to help candidates identify possible security holes in software - from designing stage to implementation stage - for planning through the lines of an attacker.

One of the characteristics of each of our programs is the inclusion of practical uses to support each of the ideas shown, includes with rules of safety, best exercises and to-avoid-modules for specific programming language.

The language specific modules are currently available for C/C++, Perl, Java and PHP.

The emphasis here is mainly on the way of planning needed to build secure applications from virtual perspective.

Program Objectives
This training program specially meant and produced for programmers. The objectives are:

1. Increase awareness of the must for security systems
2. Understand the life-cycle of security
3. Focus on ordinary coding mistakes
4. The practice of safety methods, like threat modeling
5. Understand the design-time factors
6. Understand Implementation of secure coding concepts

Who can attend this program?

1. Programmers: Intermediate-Advanced
2. Every one looking for practical advice on implementing secure coding practices.

Requirement:
For attend this training program students should be familiar with coding in any programming language

Topics Covered:
In this three days training program candidates will learn about:

Schedule: Day-1
Module 1 - Learn about Security systems - The duty of each person

* The demand for security systems
* Ordinary mistakes of security
1. Bounds checking
2. Buffer overflows - What is the real story?
3. Know about Cryptographic Weaknesses
4. Implementation errors
* Understand Security Life Cycle
* A Case Study
* Final thoughts: Day-1
* Question and Answer Segment

Schedule: Day-2
Module 2 - Secure Design: Understand Concepts and Technology

* Understand the concepts of robust programming
* Understanding of Security Technology
1. Threat Modeling Methods
> Learn about Trees Attack
> Understand about Hoglund and McGraw attack patterns
2. Design-time factors
> The basic processes
> Understand Persistent Data
> Channels of communication
> Non-persistent (transient) data
3. Review
4. Question and Answer Segment

Schedule: Day-3
Module 3 - Security Practices: Characteristics to avoid

* Secure C/C++ languages
* Secure Perl/CGI
* Java Security
* Secure PHP: Hypertext Preprocessor
* Prevention of handling Hypertext Markup Language
* Nix key component libc - Shared libraries
* Analysis - Fragile between robust codes
1. The queue structure
2. Match race conditions in file access
* Abstract: Check-list
* Question and Answer Segment
* Comments