Overview

Certified Secured Programmer:Secured coding is the practice of developing computer software in a way that guards against the accidental introduction of security vulnerabilities.By identifying the insecure coding practices that lead to these errors and educating developers on secure alternatives, organization can take proactive steps to help significantly reduce or eliminate vulnerabilities in software before deployment.CACMS provides you a course to be an expert secured programmer. '

Course Outline

Certified Secure Programming in .Net

.Net is widely used by organizations as a leading framework to build web applications. ECSP .Net teaches developers how to identify security flaws and implement security countermeasures throughout the software development life cycle to improve the overall quality of products and applications.

Course Outline

• .Net framework security features and various secure coding principles
• .Net framework run time security model, role-based security, code access security (CAS), and class libraries security
• Various validation controls, mitigation techniques for validation control vulnerabilities, defensive techniques for SQL injection attacks, and output encoding to prevent input validation attacks
• Defensive techniques against session attacks, cookie security, and View State security
• Mitigating vulnerabilities in class level exception handling, managing unhandled errors, and implementing windows log security against various attacks
• Defensive techniques against path traversal attacks and defensive techniques against canonicalization attack and file ACLs
• Mitigating vulnerabilities in machine config files, mitigating the vulnerabilities in app config files, and security code review approaches
• The importance of secure programmers and certified secure programmers, the career path of secure programmers, and the essential skill set of secure programmers

Certified Secure Programming in Java

ECSP-Java is comprehensive course that provides hands-on training covering Java security features, policies, strengths, and weaknesses. It helps developers understand how to write secure and robust Java applications and provides advanced knowledge in various aspects of secure Java development that can effectively prevent hostile and buggy code.

Course Outline

• Java security principles and secure coding practices Java Security Platform, Sandbox, JVM, Class loading, Bytecode verifier, Security Manager, security policies, and Java Security Framework
• Secure Software Development Lifecycle, threat modelling, software security frameworks, and secure software architectures
• Best practices and standards and guidelines for secure file input/output and serialization
• Java input validation techniques, validation errors, and best practices
• Java exceptions, erroneous behaviors, and the best practices to handle or avoid them
• Secure authentication and authorization processes
• Java Authentication and Authorization Service (JAAS), its architecture, Pluggable Authentication Module (PAM) Framework, and access permissions through Java Security Model
• Secure Java concurrency and session management that includes Java Memory Model, Java Thread Implementation methods, secure coding practices, and guidelines for handling threads, race conditions, and deadlocks
• Core security coding practices of Java Cryptography that includes Encryption, KeyGenerator, implementation of Cipher Class,
• Digital Signatures, Secret Keys, and key management
• Various Java application vulnerabilities such as Cross-Site Scripting (XSS), Cross Site Request Forgery (CSRF), Directory Traversal vulnerability, HTTP Response Splitting attack, Parameter Manipulation, Injection Attacks and their countermeasures Coding testing and review techniques and practices