Free Software Testing Training Click For Info
Software Testing Training Is Coming To Your TownClick For Dates
Enter the Bug Free ZoneClick to Enter
Online Software Testing Training at your Pace and your PlaceClick For Details
Group Software Testing Training For Your TeamClick For Details
Application Security Fundamentals
Application security is a relatively new, yet very exciting field. It is being driven by a number of open source, government, regulatory, and industry organizations, but the need for application security is, sadly enough, the fact that software continues to be developed that isn't secure. Two of the primary factors that software isn't developed securely include:
- Software development teams have not been sufficiently educated in how to identify security vulnerabilities associated with their software development projects
- Often, software dev elopment teams falsely believe that if perimeter security controls are in place, then the software they develop will also be secure, or at least will not affect the perimeter security
At one time, both software and network architectures were structured so that as long as perimeter security (i.e. firewalls, intrusion detection and prevention, anti-virus, etc.) was properly implemented and maintained, then flaws in application code could not possibly affect the security of that perimeter. However, the paradigm has shifted with the introduction of web-based applications.
Traditional firewalls must let web-based traffic through the perimeter in order for web-based applications to function. Therefore any attacker who can exploit flaws in the code of a web-application is already within the perimeter! There are additional controls which may be added to secure this perimeter including application and database firewalls, but many organizations have not yet recognized the need for such controls, as headlines continue to point out. When you couple this with the fact that organizations are often slow to adopt new security controls because security is often seen as another expense, it becomes even more imperative for software development teams to understand the vulnerabilities associated with their software development efforts.
To counteract this trend, education is the key. Software development teams, including project managers, technical analysts, business analysts, business managers, developers, quality assurance analysts, and testers must all be aware of the coding vulnerabilities which could plague any software development effort - as well as ways of discovering those vulnerabilities. With more than 3,400 new coding vulnerabilities discovered every six months, this becomes an almost impossible task.
Through techniques such as threat modeling, software development teams can quickly begin to learn how to measure the risks associated with their software development projects. Once potential risks are understood management can at least make informed decisions on how to deal with those risks.
Participants will learn:
Upon completing this course you will:
- Have a better understanding of the need for Application Security
- Understand the differences between the web and traditional applications
- Understand what application vulnerabilities are and how they affect application and system security
- Understand of how to find and mitigate application vulnerabilities during software development
- Have a basic understanding of the tools of the trade
- Have a better understanding of the top programming errors and associated vulnerabilities plaguing software today
- Understand where to apply application security activities within the software development life cycle
- What is Application Security and why is it important
- Headlines
- Regulatory requirements
- Cost and customer confidence
- Review of software architectures and their affect on application security
- Mainframe architectures
- Client-server architectures
- Impact of the World Wide Web
- Vulnerabilities and their impact
- Persistent vulnerabilities
- Vulnerability resources
- Top five coding strategies to reduce the amount of vulnerabilities in web-based software
- Tools of the Trade
- Design/Modeling Verification Tools
- Source Code Security Analyzers
- Web Application Vulnerability Scanners
- Software Assurance Metrics and Tool Evaluation (SAMATE) Project
- Top Programming Errors and Vulnerabilities
- OWASP Top 10 Project
- SANS Top 25 Most Dangerous Programming Errors
- Application security activities in the SDLC
- Threat Modeling
- Code Reviews
- Securing the SDLC
- Requirements Phase Activities
- Architecture/Design Phase Activities
- Development Phase Activities
- Testing Phase Activities
- Deployment Phase Activities
- Maintenance Phase Activities