Sela

Secure Coding

3 sessions
Description
Cybersecurity has risen to the top priority discussion items, and it is the subject of the US-Russia presidential communications. The number of ransomware attacks doubled in the past year, and other attacks are on the rise.
Intended audience
Developers, team leads, project managers

Topics

STRIDE attack classification
Security terminology
Threat modeling
CVSS attack assessment
Labs on threat modeling
Cross site scripting
Malicious file execution
Session hijacking
Encryption
Unsecured direct object reference
Failure to authorize/hidden URLs
Cross site request forgery (CSRF)
Security at high level, all the way from testing, deployment, and maintenance
Layered design concepts
Object layer
Persistence layer
Presentation layer
Validation
Validation controls
Strong typing
Regular expressions
White list
Scrubbing
Black list
Encoding
CAPTCHA
Honey pots
Avoiding SQL injection
Parametrizing queries/Prepared statements
Stored procedures
Entity Frameworks/Hibernate
Avoiding cross site request forgeries
Introduction to modern frameworks
Modern security design patterns
Where to go from here
SSO (at least high-level)
Spring security
.NET authentication (just mention)
Basic & Digest
Forms
Windows authentication (just mention)
JAAS and other Java authentication services
Authorization
Password security
Brute force attacks
Password resets
Secret questions/answers
SSL/TLS
Perfect Secrecy
Asymmetric and symmetric encryption
Session IDs
Policies
Hijacking/Fixation Attacks
Threading
Privileges
Audits/Logs
Secure coding
Encryption services
Static code analysis
Securing the API (both publishing and consuming API)
JWT
Dynamic code analysis (e.g. with Spotbugs)
Spring boot
.NET (mention)
Code Access
GAC
Strong named assemblies
CLR
Security Zones
Permissions
Security policy
Zero-trust networks
Artificial intelligence
Quantum computing / cryptography

רוצה לדבר עם יועץ?

האם אתה בטוח שאתה רוצה לסגור את הטופס ולאבד את כל השינויים?


אהבתם? שתפו את הדף עם אחרים

Send us a WhatsApp message