Price: $1,699.00
Length: 2 Days
Print Friendly, PDF & Email

Software Security Training

Software Security Training Course Description

Software Security Training course introduces you to a variety of topics in software security such as: secure programming techniques, trusted computing infrastructure, low level software attacks, wen security, risk management techniques, symbolic execution, and cloud/wireless/mobile device security.

By the advent of computing systems which are an essential part of our daily lives, one should be able to rely on the integrity of the system and the information should be kept confidential.

By taking TONEX software security training, you will learn the fundamental principles of computer security, vulnerabilities, computer crimes, threats, and concept of web security. Moreover, you will be introduced to the secure programming techniques as a part of software security, code auditing, SQL injection, and secure coding principles.

This seminar will teach you great deal of information about trusted computing infrastructure (TCI), process nodes, trusted platform module (TPM), software integrity, data integrity and protecting credentials included in platform security.

TONEX software security training will also help you learn about the software security attacks such as buffer overflow, data-only attacks or non-executable data attacks. Furthermore, understand the importance of web security issues, malicious websites, and denial of service attacks.

You also will learn about the main principles for secure design, open design, and risk management policies in software design. Learn to differentiate the reactive and proactive risk management techniques, interpret the statistical control charts in statistical analysis, and symbolic execution in software security. Trainees also will finish this seminar with sufficient knowledge about the penetration testing and its tools, cloud security applications and modules, and methods of data security and privacy.

This training helps you to discover the problems of wireless network security such as LAN attacks, Wi-Fi protection schemes, WPA, and WPA2 concept and how to defense against the attacks.

TONEX software security  training includes many in-class activities including hands on exercises, case studies and workshops. During the software security training, students bring in their own sample work and projects and through our coaching, develop their own security system.

Finally, the software security fundamentals training will introduce the mobile system security concepts such as: mobile browser security, authentication of mobile devices, mobile device management, malware detection techniques in mobile service and dynamic/static mobile device analysis.

Audience

The software security training is a 2-day course designed for:

  • All individuals who need to understand the concept of software security.
  • IT professionals in the areas of software security
  • Cyber security professionals, network engineers, security analysts, policy analysts
  • Security operation personnel, network administrators, system integrators and security consultants
  • Security traders to understand the software security of web system, mobile devices, or other devices.
  • Investors and contractors who plan to make investments in security system industry.
  • Technicians, operators, and maintenance personnel who are or will be working on cyber security projects
  • Managers, accountants, and executives of cyber security industry.

Training Outline

The software security training course consists of the following lessons, which can be revised and tailored to the client’s need:

Computer Security Principles

  • Introduction to computer security
  • Computer crime
  • Accuracy, Integrity, and Authenticity
  • Vulnerabilities
  • Introduction to Crypto
  • Access control
  • Threats to security
  • System correctness
  • Application of operating system security
  • Web security
  • Network security
  • Operating system security

Secure Programming Techniques

  • General principles of secure programming
  • Reasons of insecurity
  • Economic reasons
  • Security measurements
  • Marketing problems
  • Security requirements
  • Confidentiality
  • Integrity Availability
  • Code auditing
  • C/C++ codes
  • Assurance measure requirements
  • Open source software and security
  • Disclosure of vulnerabilities
  • Vulnerability classes
  • Web security
  • SQL injection
  • PHP
  • Shell Scripts
  • Java
  • Secure programming for Linux and Unix
  • Secure coding, principles and practices
  • Statistical analysis for secure programming

Trusted Computing Infrastructure (TCI)

  • Definition of trusted computing
  • Processing nodes
  • Protecting processing nodes against threats
  • Node controllers
  • Trust relationship in networked society
  • Trusted computing cloud model
  • Trusted Platform Module (TPM)
  • Trusted computing Attestation process
  • Implementation aspects
  • Main TPM duties
  • Unique platform identity
  • Software integrity
  • Network integrity
  • Data integrity
  • Protecting credentials
  • Device identity
  • Secure execution
  • Crypto erase
  • Examples of Platform security

Low Level Software Security Attacks and Protection

  • Introduction to software security attacks
  • Stack-based buffer overflow
  • Heap-based buffer overflow
  • Return-to-libc attacks
  • Data-only attacks
  • Methods of defense against security attacks
  • Stack canaries
  • Non-executable data
  • Control- flow integrity
  • Layout randomization
  • Other defense methods

 Web Security

  • Introduction to Web security
  • Terminologies in web security
  • Aspects of data security
  • Web privacy
  • Authentication
  • Integrity
  • Web security issues
  • Malicious websites
  • SPAM
  • 419 Nigerian Scams
  • Phishing
  • Denial of Service (DOS)
  • Distributed DOS (DDOS)
  • Botnet
  • Web attacks
  • Action plan against web attacks

 Secure Design Principles

  • Least Privileges
  • Fail-Safe Defaults
  • Economy of Mechanism
  • Complete Mediation
  • Open Design
  • Separation of Privilege
  • Diebold voting machines example
  • Least Common Mechanism
  • Psychological Acceptability
  • Fail-safe defaults
  • Principles of software security
  • Defense practice
  • Compartmentalize
  • Promoting the privacy
  • Using community resources
  • Securing easy targets

Risk Management

  • Security risk management concepts
  • Definition of risk management
  • Threat response time
  • Regulatory compliance
  • Infrastructure management cost
  • Risk prioritization
  • Reactive and proactive risk management
  • Identifying risk management prerequisites
  • Communicating risks
  • Assessing risks
  • Classifying assets
  • Organizing risk information
  • Threat probability estimation
  • Quantifying risks
  • Conducting decision support
  • Control solution
  • Implementing controls
  • Measuring program effectiveness

Statistical Analysis

  • User interface
  • Statistical roles and challenges in network security
  • Network traffic and data
  • Network data characteristics
  • Exploring network data
  • Descriptive analysis
  • Visualizing analysis
  • Data reduction
  • Network data modeling for association and prediction
  • Bivariate analysis
  • Measuring user behavior
  • Supervised learning
  • Decision analysis in network security
  • Uncertainty analysis
  • Statistical control chart

Symbolic Execution

  • Base Imperative Language
  • Input domain
  • Expressions and types
  • Basic definitions
  • Traces, paths, and programs
  • Basics of symbolic execution
  • Classic symbolic execution
  • Generalized symbolic execution
  • Application of symbolic execution
  • Trace based symbolic execution
  • Multi-path symbolic execution
  • Macroscopic view of symbolic execution
  • Cost of symbolic execution

Penetration Testing

  • Definition
  • Port scanning
  • Vulnerability scanning
  • Penetration testing
  • Why penetration testing?
  • Steps toward application of penetration testing
  • Penetration testing tools
  • Kali Linux
  • Maltego
  • WHOIS service
  • Vega
  • Hydra

 Cloud Security

  • Definition of cloud
  • Definition of security
  • Cloud computing definition
  • Features, attributes, characteristic of cloud computing
  • Cloud based applications
  • Cloud based developments
  • Cloud based infrastructure
  • Cloud models (SAAS,PAAS,IAAS)
  • Problems associated with cloud computing
  • Trust in the cloud
  • Security issues in cloud
  • Multi-tenancy
  • Loss of control monitoring
  • Access control

Data Security and Privacy (DAP)

  • Definition of Data
  • Data security
  • Prevention and detection of Data security issues
  • Reaction against data security
  • Audit standards
  • Data security policies
  • Data security tools
  • Monitoring secured data
  • Documenting the data security
  • Data privacy enforcement

 Wireless Network Security

  • Wireless networks and security definition
  • What is LAN?
  • Simple Wireless LAN
  • Attacks and Defense against attacks in wireless network
  • Wired Equivalent Privacy (WEP)
  • Wi-Fi Protected Access (WPA)
  • Wi-Fi Protected Access-Version 2 (WPA2)
  • Attacks to WEP
  • Defense for WEP attacks
  • Common attack types for WPA and WPA2
  • Common defense techniques for WPA and WPA2
  • Wireless encryption

Mobile System Security (MSS)

  • Mobiles are everywhere
  • Uniqueness of Mobiles
  • Management and security challenges for Mobile systems
  • Mobile security faced by Enterprises
  • Visualizing Mobile Security
  • Hardware security
  • Mobile Web browsers
  • Authenticating users to devices
  • Application security
  • Mobile Security solution
  • Permission and encryption
  • Security philosophy
  • Mobile Device Management (MDM)
  • Mobile Operating Systems
  • Malware Detection in Mobile System
  • Cloud based detection
  • Dynamic/Static analysis

Hands-on and In-Class Activities

  • Labs
  • Workshops
  • Group Activities

Sample Workshops Labs for Software Security Training

  • Application of Linux command lines
  • User-mode Linux and the mln tool
  • Introduction to vulnerable software
  • Manual and automatic code review
  • Preventing from exploitation
  • Symbolic execution workshop
  • SQL injection workshop
  • Command execution example

Software Security Training

Request More Information

  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.