PART I:

SECURE SYSTEMS DEVELOPMENT:
Attacks, Countermeaures and Security Principles.



  

COURSE OBJECTIVES
Learn to design and build secure and robust systems. This course is focused at the system level and is technology, platform and programming language neutral. This universal approach allows the information presented to be used by people in a variety of roles, and for all types of application development, regardless of specific programming language and platform.

Gain a “50,000 foot” view of secure systems development as the course focuses on foundational information security practices and architecture, with a strong emphasis on web applications, given their popularity.

This material will help you to begin to think like an attacker. Understanding the nature of the attacks will enable you to learn how to build secure systems and program defensively.

COURSE DESCRIPTION
This course consists of interactive lectures, real-world stories, examples, and hands-on labs to help you understand the nature of the threats and how they can be mitigated by integrating good security practices at all phases of the Systems Development Lifecycle (SDLC). The material covered builds progressively on the understanding of systems and what security is. A broad introduction to a variety of attacks is designed to help the student understand the clever attacker. Then an overview of important security principles is covered to provide a vocabulary for understanding controls and countermeasures – defending against the attackers. A variety of general controls and countermeasures to address specific attacks are then addressed.

  • Prerequisites: Involvement in the design,
    development, testing, deployment, or maintenance of information systems.

  • Learning Level: Basic to Intermediate. No
    previous security knowledge is assumed. Some programming skills are recommended.

  • Who Needs to Attend: Application Developers, System Designers, Software Engineers, Database Administrators, System Architects, IT Project Managers.




Application-specific topics are then covered:

  • Architecture
  • The SDLC
  • Threat Analysis
  • Testing
  • Security patterns

Checklists of good practices and pitfalls to watch for are provided to help make the theoretical become practical, and each topic has a comprehensive bibliography to provide pointers for further, in-depth reading.

LABS
Each student will have a state-of-the art workstation on which to conduct the labs. The following is a small selection of some of the labs:

  • Threat analysis
  • Using hacking tools
  • Information gathering
  • System fingerprinting
  • Web hacking
learn concepts in c plus plus dot net java and asp
aaaa
SECURE APPLICATION
DEVELOPMENT
PDF
The ever-changing nature of the IT industry demands that working professionals change right along with it. Or risk “jobsolescence.” Catering to significantly skilled and experienced IT and Law Enforcement practitioners, the awardwinning CSFI Continuing Education programs at Wright College will equip you with up-to-the-minute knowledge and
methodologies to keep you ahead of the curve, and add to your professional worth.