Services

Application Security Training

In order to produce secure software, Individuals in technical roles (developers, testers, and program managers) who are directly involved with the development of software programs must understand the risks involved with software development and have the proper training on how to prevent them, or mitigate them – if they arise.

Understanding software security threats is the foundation for building better software. By allowing individuals involved with the development of software programs to stay informed about security basics and latest trends in security and privacy, you’ll increase their commitment to writing more secure software.

Komodo’s application security training program covers topics such as:

  • Threat Modeling: Defining business objectives, user roles, data and use cases – identify threats that can compromise Confidentiality, Integrity and availability of the data.
  • Secure design principles, including: attack surface reduction, defense in depth, principle of least privilege, secure defaults etc.
  • Secure coding, including: buffer overruns mitigation, error handling, input validation, proper encoding techniques, cryptography etc.
  • Common attacks, including: introduction to OWASP top 10, SQL injections, cross site scripting, clickjacking etc.
  • Application Security Basics: a broad intro into the application security domain covering all of the above.

Custom training plans are also developed by our experts according to the relevant audience and your organizations need.

Syllabus 

please fine below optional syllabuses of some of the courses we offer: 

1.    Introduction to Application Security (.NET/Java)

a.        Terminology and Basics

                                             i.      CIA

                                            ii.      Threat agent/Vulnerability

                                           iii.      Layers of attacks

b.      OWASP Top 10 Web Application Security Vulnerabilities (+ Demo)

                                             i.      A1-Injection

                                            ii.      A2-Cross Site Scripting (XSS)

                                           iii.      A3-Broken Authentication and Session Management

                                           iv.      A4-Insecure Direct Object References

                                            v.      A5-Cross Site Request Forgery (CSRF)

                                           vi.      A6-Security Misconfiguration

                                          vii.      A7-Insecure Cryptographic Storage

                                         viii.      A8-Failure to Restrict URL Access

                                           ix.      A9-Insufficient Transport Layer Protection

                                            x.      A10-Unvalidated Redirects and Forwards

c.       How to Take Counter Measures?

                                             i.      Secure Coding Guidelines

                                            ii.      Examples

    

2.    Introduction to Secure Cobol Development in zOS

a.       Terminology and Basics

                                             i.      CIA

                                            ii.      Threat agent/Vulnerability

                                           iii.      Layers of attacks

b.      Security Risks

                                             i.      Information Exposure

                                            ii.      System Corruption

c.        General Mitigation

                                             i.      Input Validation

                                            ii.      Error Handling

                                           iii.      Reduction of Complexity

                                           iv.      Secure Coding Standards

d.       COBOL Batch Security Risks

                                             i.      Log Forging

                                            ii.      Path Manipulation

                                           iii.      Information Leak

                                            iv.      Privacy Violations

                                             v.      Ignored Errors

                                            vi.      Insufficient Input Validation

                                            vii.      Inappropriate or Harmful Comments

                                           viii.      Obfuscated Code

                                            ix.      Weak Encryption

 

3.    Introduction to Secured Mobile Development (iOS/Android)

a.       Mobile Security Basics

b.      Mobile Threat Modeling

c.       Top 10 Mobile Security Risks

                                             i.      Insecure Data Storage

                                            ii.      Weak Server Side Controls

                                           iii.      Insufficient Transport Layer Protection

                                            iv.      Client Side Injection

                                             v.      Poor Authentication and Authorization

                                            vi.      Improper Session Handling

                                           vii.      Security Decisions Via Untrusted Inputs

                                          viii.      Side Channel Data Leakage

                                            ix.      Broken Cryptography

                                            x.      Sensitive Information Disclosure

d.    Mobile Security Best Practices

 

TALK TO OUR REPRESENTATIVE TO LEARN MORE

USA: +1 844 833 1467

ISR: +972 9 955 5565

logo komodo centered