Course Outline

Part 1. Introduction

 

Basic concepts

  • Security boundary Source and sink metaphors AppSec kill chain Threat modeling

Part 2. Backend

 

Backend overview

  • Assets and attack vectors Backend threat model

 

Application boundary

  • Frontline Overview Authentication and Authorization Session Management Input Validation

 

Database boundary

  • Frontline Review SQL injection NoSQL injection

 

Operating system boundary

  • Frontline Overview Memory Security Command Injection Path Traversal The Lights and Shadows of File Upload XML external entity reference Deserialization

Part 3. Frontend

 

Frontend overview

  • The Cookie Tragedy Single Origin Policy JavaScript Frontend Threat Model

 

Border of origin

  • Cross-site scripting frontline review
  • Cross-site request forgery
  • Cross-site leaks
  • Inne problemy

Part 4. Big questions

 

How to keep a secret?

  • Secrets management. Managing sensitive data

 

How to ensure code and data integrity?

  • Supply chain attacks Cache poisoning

 

How to maintain availability?

  • About the importance of keeping a diary Self-healing systems Surviving disasters Surviving volume attacks

 

  14 Hours
 

Number of participants


Starts

Ends


Dates are subject to availability and take place between 9:30 am and 4:30 pm.
Open Training Courses require 5+ participants.

Testimonials (1)

Related Courses

CISA - Certified Information Systems Auditor

  28 Hours

ISO/IEC 27035 Introduction

  7 Hours

ISO/IEC 27035 Foundation

  14 Hours

ISO/IEC 27035 Lead Incident Manager

  35 Hours

ISO/IEC 27701 Foundation

  14 Hours

ISO/IEC 27701 Lead Implementer

  35 Hours

ISO/IEC 27701 Lead Auditor

  35 Hours

Related Categories