DESCRIPTION OF REMOTE COURSES
SEARCH-LAB Ltd. offers the following remote secure coding trainings:
Fighting against security flaws (half day)
The course gives an overview on the current global situation related to IT and Internet security, including on one hand the technical, commercial and political concerns, while on the other hand introducing the advanced and organized network of criminals that represent a high attack potential in exploiting the vulnerabilities in today's systems. This session raises security awareness through enlightening the nature of the security flaws and explaining the risks and dangers associated to them.
Common C/C++ security vulnerabilities (half day)
The course introduces those typical programming bugs in C and related programming languages – often referred to as common security vulnerabilities – that lead to exploitable security flaws responsible for the majority of security incidents in today's IT products. Besides presenting and explaining the root causes of the problems, through a number of examples the participants can learn how easy it is to exploit these possibilities by a malicious person.
Protection against common security vulnerabilities – practical methods (half day)
The course gives an overview of practical protection methods that can be applied against common security vulnerabilities. It introduces both preventive measures to be applied in the phase of development of products, and detective methods engaged during their operation. It also deals with anti-exploit techniques and measures which can limit the attackers' possibilities even if a certain residual vulnerability can be triggered. Attendees will realize how easy and moreover cheap it is to get rid of different security problems that can jeopardize the success of their products.
Secure C/C++ Coding Exercises (half day)
The course provides a practical set of exercises by showing and analyzing a series of source code examples containing typical programming bugs that can lead to exploitable vulnerabilities. Attendees learn how to spot and avoid these flaws, and they get a set of guidelines on how to write a good quality secure code. The module gives a handy capability for programmers who are developing security sensitive systems, or who just want to increase the quality of the code they produce.
Introduction to .NET and ASP.NET security technologies (half day)
The course gives an insight into the various security solutions provided by the .NET platform, namely the .NET Security Model, Code and Role Access Security, and the means to protect your .NET code. We also present the ASP.NET security architecture, focusing on the ASP.NET trust level, authentication and authorization issues, impersonation, session state, provider model, membership and role manager.
.NET specific vulnerabilities (half day)
The course introduces the .NET specific vulnerabilities, classified based on their nature forming categories of API abuse, problems stemming from code quality, password management issues, improper error handling, bugs related to missing or inappropriate input validation and faulty data representation, and finally improper use of security features.
ASP.NET and web specific vulnerabilities (half day)
The general web-related vulnerabilities are presented by following the latest OWASP Top Ten list. Then we go through the typical vulnerabilities of the ASP.NET, dealing with both the runtime environment problems and with some platform-specific issues, like attacking the PostBack, control accessibility vulnerabilities, control sequence attacks, attacking the Viewstate or string termination attacks.
Introduction to Java security technologies (half day)
The course introduces the basic security solutions provided by the Java language and the Java Runtime Environment; it gives an overview of the Java Security Architecture and the security services of the Java Standard Edition. Participants learn how to use standard components of Java to accomplish different cryptographic and security services, by using which confidentiality, integrity and availability of information and services can be provided in the most efficient way.
Java specific vulnerabilities (half day)
The course presents the most frequent and severe programming vulnerabilities of the Java language and platform, dealing with both language-specific issues and the problems stemming from the runtime environment. A special focus is put to different input validation and representation problems. Attention is raised among others to the importance of proper error handling and the correct use of security features, while it is also demonstrated how poor programming style in general can lead to exploitable vulnerabilities.
Introduction to Web Services Security (half day)
The course gives an overview of the applicable security solutions in Web Services and web applications in general, including the introduction of the basic security technologies and protocols and the ways they can be applied, means of identity management as well as different security elements and security standards of Web Services. Most important web-related security problems are presented together with the different protection methods that can be applied.
Overview on secure coding (1.5 hours)
This non-technical, manager-oriented web presentation introduces common security concepts and teaches how to think about and handle the risk under special circumstances that apply in IT security. It then gives an overview on the nature of the vulnerabilities regardless of the used programming language and platform as well as shows how to fight against security flaws. It primarily targets managers, but is useful to any professional in acquiring basic knowledge in the area of secure coding. It is a live and an instructor-led course that can followed by a larger number of participants.
