What we cover:
- Security exposures
- Use of a security enhanced development process
- Basic risk analysis concepts
- Process and peripheral assessment
- Data assessment and information security
- Monitoring and detection techniques
- Securing sessions and resource management
By the time the student finishes the class, the student should be able to, with the class materials as reference, design an application or develop an application that will be ~99.99% secure from all known exposures. This is not limited to the basic buffer overflow. Students will be able to protect against session hijacking and replay attacks, prove that auditing information in logs has not been tampered with, and offer their customers the most secure applications created to date.
Some exposures and solutions are covered using basic examples. Other exposures or attacks will be presented using data gathered previous to the class date since those processes take time and cannot be demonstrated or performed by the students in class.
The course will be presented over two days. The beginning of the course will be review of security exposures, concepts and processes. The middle of the course will cover process and data security with some focus on code examples. Demonstrations of some types of attacks will be shown and how these advanced approaches to design and development mitigate those exposures. The end of the course will be review with the students taking a short test to show that the student has actively paid attention and participate in the class.
What to expect:
Each topic is introduced and supported through discussion and a foundation achieved using a question and answer session. The questions for the most part are already determined, but the students can offer more perspective if specific questions arise. Some of the sections are lecture while others include white board labs and discussions.
Depending on time, the instructor may perform some demonstrations of advanced hacking techniques with the intent to show the effects of hacking attacks when the solutions to these exposures are not integrated into newly designed and developed applications.
Students should be prepared to take many notes as this class has a massive about of information that will be presented fast-paced. A majority of the content can be followed up through reading the student booklet that gives the students a lot of research material with code examples to back up the concepts presented.
Pre-requisites
Students will be subject to reviewing code examples that demonstrate some concepts used throughout this course.
Course material will include diagrams that outline some common uses of many of the following technologies but the student should be refreshed so that the instructor doesnt have to take class time to explain.
The student should have an understanding of most of the following concepts and technologies:
- Networking
- Ethernet
- IP
- TCP/IP
- HTTP
For those who would like to review these can check the following resources:
- TCP/IP Illustrated Volume 1 by W. Richard Stevens (ISBN: 0201633469)
The student should have an understanding of some of the following concepts and technologies:
- SSL / TLS
- UDP
- C/C++
- .NET C# or any other .NET language
- Cryptography
- Sockets Programming
For those who would like to review these can check the following resources:
- ICSA Guide to Cryptography by Randall K. Nichols (ASIN: 0079137598)
- .NET Framework Essentials by Thuan Thai & Hoang Q. Lam (ISBN: 0596003021)
- Writing Solid Code by Steve Maguire (ASIN: 1556155514)
- Writing Secure Code Second Edition by Michael Howard and David C. LeBlanc (ISBN: 0735617228)
The attributes of the protocols covered relate to all other communication protocols and despite the languages used to code the programs used in this course, the concepts apply to all protocols and the designs presented can be applied to programs written in all languages.
Requirements
1) The students must provide their own laptop.
2) students MUST have the Microsoft .NET Framework version 1.1 installed
3) The students must have the following programs to interact with the class materials. To ensure the ability for the students to participate throughout the class students should install all the tools previous to attending the class. Students should also be aware that there is a chance a lab or demo will not work on a given laptop. A students personal laptop configuration could hinder the ability for the class materials to be of use.
The class materials were developed using the following products on Windows 2000 Professional with Service Pack 3.
- Microsoft PowerPoint
- Microsoft Visio
- Microsoft Word
- Microsoft Visual Studio 6.0 and or Microsoft Visual Studio. NET
- Microsoft SQL Server 2000 or Microsoft Desktop Engine (MSDE)
Who Should Attend?
The target audience for this class includes software designers, architects, programmers, security analysts, security auditors, quality assurance engineers and any other individuals that will actively participate in the design, development and auditing of network enabled software applications for security. Most of the concepts presented will include solutions in code or in design.
Students that do not have development experience will find this course just as useful as coders, and although some code is reviewed in short for developers, no students will be required to write code during the class. Most of the solutions presented in the class are step oriented, process driven and have charts and pictures that help visually illustrate what is happening. Only a few processes require the deep outline of code level steps required to implement them. This class is a must for anyone who is currently or will be participating in the design and development of any application that will use networking, be that Ethernet, infrared, 802.11, cellular or even Blue Tooth.
Course Length: 2 days
Cost: US $1800 before July 1, 2004 or US $2000 after July 1, 2004
NOTE: this is a two day course. A Certificate of Completion will be offered.
REGISTER NOW
|