COURSE 3300 | 2-DAY SESSION
Hands-On How to Break Software Security
From the authors of the popular text How to Break Software Security and The Software Vulnerability Guide
The Challenge:
Application security has not kept up with the proliferation of software. Business end-users rely heavily on software, yet don't have the time to consider the consequences of using it. As a result, they put blind faith in the applications they use — applications which most experts would agree are incredibly insecure, acting as a perfect breeding ground for hacker exploitation. This problem is exacerbated when a company's best line of defense (developers and testers) against software vulnerability does not have the skill set to identify security problems before software goes into production.
The Goal:
It is imperative that testers and developers possess the skills, techniques and tools required to find software security vulnerabilities before applications are released. Professionals in software development must learn to recognize and correct potential security holes before attackers find them.
The Solution:
Hands-on Software Security Testing Fundamentals will lay the foundation you need to effectively recognize and expose security flaws in software. The course content is based on the first book to be published on the topic of application security testing: How to Break Software Security. You will be introduced to a fault model which empowers you to conceptualize these types of bugs. You'll leave the course with hands-on experience in a full arsenal of software attacks proven effective at exposing security bugs.
Immediate benefits of attending this class:
- Learn what makes a security vulnerability unique, dangerous and often innocuous
- Understand the difference between functional and security vulnerabilities
- Learn about the four different classes of security vulnerabilities and how you test against them
- Learn nineteen specific attacks you can apply to uncover security vulnerabilities
- Apply what you learned in this class during the hands-on lab sessions, gain the skills to immediately use these tests in the field
- Design unexpected user inputs to reveal software vulnerabilities, and create scenarios developers never anticipated
- Improve your software development lifecycle by understanding why security is not an after-thought
- Increase your awareness as a developer by understanding what coding mistakes can result in gaping security holes
- Know *when* and *how* to look for security vulnerabilities
- Learn how to find vulnerabilities by attacking software dependencies
- Become more security aware and learn to "sense" or "smell" security vulnerabilities
- Learn how to use the knowledge of past security vulnerabilities behavior to protect your current applications
- Understand the assets your software protects
- View your application from the eyes of a hacker
- Understand the concept of insider threat
- Learn how to create threat models so you can identify vulnerable spots in your application
- Learn the industry recognized software security methodology and put it into practice
- Enable developers to prevent software security by understanding how they get created in the first place
- Catch and prevent security vulnerabilities early, when the cost is minimal
- Learn about the tools that can assist you in uncovering software vulnerabilities.
- Feel confident in your ability to *not* allow high-severity vulnerabilities to slip past your testing efforts
Who Should Attend:
If you develop commercial software, customer data, or are in the process this course is critical for your success.
- Software Testers and QA
- QA Managers/Directors
- Application Architects
- Software Project Managers
- Application Development
- Developers and Programmers
- Software Engineers
- Web Masters and Developers
- Software Integrators
|
