With the increase in cyber-attacks on business, it's time to start building security into new systems developments right from the start. The majority of successful cyber-attacks depend on exploiting a few well-known common vulnerabilities.
Each participant will leave with a recognised certificate
This course will show how to design security in, and maintain that security throughout a systems life-cycle from initial requirements through to de-commissioning and disposal of assets.
Module 1 - Secure Development Lifecycle (SDLC)
An overview of the main SDLC models
Configuration and source code management
Risk analysis and mitigation
Module 2 - Secure By Design
Security design architectures
Security models and frameworks
Systems design tools and methodologies
Module 3 - Application Security
Vulnerabilities and mitigations available to any development environment
Attack vectors and security controls
The OWASP Top 10 in detail
Vulnerability No. 1 - Injection
Vulnerability No. 2 - Broken Authentication and Session management
Vulnerability No. 3 - Cross Site Scripting (XSS)
Vulnerability No. 4 - Insecure Direct Object References
Vulnerability No. 5 - Security Misconfiguration
Vulnerability No. 6 - Sensitive Data Exposure
Vulnerability No. 7 - Missing Functional-level access control
Vulnerability No. 8 - Cross-site request forgery
Vulnerability No. 9 - Using Known Vulnerable Components
Vulnerability No. 10 - Unvalidated Redirects and Forwards
Module 4 - Defensive Coding
Secure coding techniques and principles.
Methods of testing code, and code test analysis
Using, compromising and defending encryption, hashes and passwords
Classification of security flaws
Our clients have included prestigious national organisations such as Oxford University Press, multi-national private corporations such as JP Morgan and HSBC, as well
as public sector institutions such as the Department of Defence and the Department of Health.