Cyber Secure Coder Certification Training in Qatar

Topic A: Keeping eye on security vulnerabilities throughout development

• Understand requirements for businesses for app security
• Standards and Compliance Requirements
• Consequences of failing to meet security
• Strategies to identify requirements and prospects of security 
• Understand customers’ needs and impact
• Understand platform needs

Topic B: Recognize issues fail to identify software security

• Three Ps of Software Security
• Terminology

Topic C: Recognize weaknesses in your app

• Hacking
• Builders and Breakers
• Cracking a password hash
• Learn to solve password hash weakness
• Attack phases
• General patterns for attacks
• Case Study: Protection against a password attack
• Strategies to recognize security vulnerabilities within apps

Topic D: Collect intelligence on exploits and vulnerabilities

• Tactics to conduct research on vulnerabilities & exploits
• Recognize their sources 
• Learn about exploits and vulnerability intelligence

Topic A: Learn to tackle vulnerabilities caused by app misconfiguration and defects 

• Learn about defects and their causes
• Strategies to prevent security defects
• Hypervisor vulnerabilities
• Host platform configuration
• Tricks to manage risks in external hosts and services
• Recognize faults in projects
• FailSafe and failure recovery
• Strategies to handle security errors 
• Locate faults and misconfigurations
• Analyzing the project files
• Issues with standard libraries and third party codes
• Dependences and encrypt to validate
• Measures of service providers and host systems 
• Tricks to use services and codes of Third Party 
• Issues with handling and messaging

Topic B: Tackling Faults because of Human Interference 

• The human element in software security
• Risks  associated with Human Element
• Social engineering attacks
• Ways to manage people risks
• User Input and its validation
• Security policy enforcement

Topic C: Tackle risks because of process shortcomings

• Development process initiatives
• Create security in
• Understand requirements, design, maintenance, development, deployment and testing Phase
• Familiar with security testing tools
• CIA triad
• Understand development process security and management of its risks

Topic A: Apply basic principles for secure design

• Importance of security while designing apps
• Differentiate between security by obscurity vs. security by design
• Principles of OWASP Security Design
• Control surface area attack
• Create secure defaults
• Least privilege & basic mechanism
• Defense in depth & fail securely
• Don't Trust amenities
• Duties separation
• Keeping security Simple
• Fixing issues with security
• App design and security Patterns
• Modular Design and its benefits
• Balancing defense in depth and simplicity
• Ways to avoid basic mistakes in design

Topic B: Design Software to Counter Specific Threats

• Risk equation
• Threat Modeling and its advantages

Step 1: Explain Basic Security Purposes and Scope

• Tooling and Documentation
• Assets

Step 2: Decompose Apps

• Trust Levels
• Diagramming Symbols and the catalog app
• Entry and Exit Points
• External Dependencies
• Diagrams on data flow

Step 3: Identify and Rank Threats

• DREAD, STRIDE, PASTA
• Controlling risk outside
• Tips to locate and rank threats
• Misuse cases & zones
• Creating strategies to response risk 
• Understand severity
• Tips on rankings threats

Step 4: Counter Each Threat

• Recognize countermeasures and threats

Topic A: Practices best strategies for secure coding

• Create  deliverables and documentation
• Data Integrity and application  
• Errors in basic general programming
• Insecure Deserialization
• XXE Attacks
• Tips to prevent uncontrolled format string defects
• Race Conditions impact on threading/multiprocessing
• Strategies to stop race condition faults
• Performing a MemoryBased attack
• Research checklist on secure coding
• Buffer overrun faults & overflows
• Tips to prevent buffer overflow, overread, and integer overflow faults
• Insecure output encoding

Topic B: Prevention of Platform Weaknesses 

• Vulnerabilities of OWASP top ten platform, desktop application 
• Authentication & authorization
• Broken Authentication
• Differentiate desktop platforms
• Managed vs. Unmanaged
• Desktop app attack vectors
• Development app and configuration of projects
• Tips on preventing desktop app weaknesses
• Strategies to stop web, mobile app, and Internet of Things vulnerability defects
• DLL Injection & Shellcode Injection
• Debugger Security

Topic C: Prevention of privacy vulnerabilities

• Defects, design, & data anonymization
• Tips on preventing privacy vulnerability issues

Topic A: Limiting entry with login and user roles

• Web Sessions
• Management of secure session 
• Tips on passing session IDs
• Account Lockouts
• Tips on managing secure password
• Tackling Authentication and Authorization issues
• Control on access
• Learn user provision
• Recover passwords

Topic B: Data in transit and at rest protection

• Encryption & its uses
• PKI process & its components 
• Key Management & its factors
• Certificate cancellation
• Tips on preventing data in transit and at rest
• Cryptographic lifespan
• Symmetric & asymmetric encryption
• Hashing
• Digital Signatures & its nonrepudiation
• Digital Certifications

Topic C: Implementation in Logging and Handling Errors 

• Error Handling & its usage
• Error Messaging
• Logging
• Tips on implementing handling and logging errors
• Reviewing & improving error handling

Topic D: Protection of Sensitive Data and Functions

• Learn about highly confidential data
• Output restrictions
• Case Study: CrossSite Scripting Defect
• Staging a Persisted XSS Attack on an Administrator Function
• Function level access control

Topic E: Database Access Protection

• Case Study: SQL Injection Defect
• Query parameterization
• Protection of folder connection credential

Topic A: Performing security testing

• Testing role & phases
• Development, unit, and & integration Testing
• Steps of security testing
• Testing documentation and deliverables
• Manual review
• Code review tips

Topic B: Analysis of code to locate security issues

• Analyze static code 
• Tips on utilizing static analysis
• Strategies and performance for code analysis

Topic C: Utilize Automated Testing Tools to identify security issues

• Automated & unit testing
• Strategies to use automated testing apps
• Use of a Test Suite to Automate Unit Testing

Topic A: Monitor and log apps to provide security support

• Finding upcoming security issues
• Intrusion detection and measures
• Checking placement
• logging
• tip on logging and monitoring a deployed app
• Aware of situations

Topic B: Maintenance of security after deployment

• Maintain
• Patches and Updates
• Guidelines 

• Risk Equation
• Threat Modeling & its benefits 

Step 1: Describe basic security scope and objectives

• Assets
• Tooling and documentation

Step 2: Software decompose 

• Trust Levels
• Entry and Exit Points
• External Dependencies
• Diagrams on data flow
• Diagramming symbols & the catalog app