YoVDO

Secure Coding

Offered By: Cybrary

Tags

Software Development Courses Cybersecurity Courses Web Application Security Courses Threat Modeling Courses Secure Coding Courses Active Defense Courses

Course Description

Overview

The virtual machine shown in the course is not offered by Cybrary and will not be provided.

What is Secure Coding?

Secure coding is the method in which developers write code for software or applications so that it’s protected from various types of vulnerabilities, risks, and cyberattacks. Secure coding is sometimes also called secure programming.

The main principle of secure coding is to assist software developers, engineers, and other relevant professionals in anticipating potential issues and accounting for those challenges in the design of the application or program. This principle is supported by multiple strategies, including validating input, which makes sure that input is from trusted sources, and checking for buffer overflow vulnerability. Generally speaking, with secure coding, developers strive to create a secure user interface that minimizes loopholes, backdoors, and other vulnerabilities that may appeal to cybercriminals.

Why is Secure Coding Important?

As technology and the IT security community become more aware of common cyberattack and hacking strategies, it’s essential that organizations look for platforms and devices with security measures built in. As a result, using secure coding practices to find and mitigate vulnerabilities is extremely important for the protection of an organization’s sensitive data. When vulnerabilities exist in finished code, they can be exploited by cyber attackers. Developing secure code makes it much more difficult for cybercriminals to hack code and gain access to systems and applications, thus reducing the risk of data breaches.

What Does this Secure Coding Training Entail?

In this Secure Coding training course, learners will be introduced to secure coding best practices, lab tools, the OWASP (Open Web Application Security Project) top ten web application security risks, and SANS Common Weakness Enumeration (CWE) 25 most dangerous software weaknesses, threat modeling, and active defenses of secure coding.

The course is considered to be of intermediate difficulty. While there are no prerequisites for this training, basic coding knowledge is recommended before taking the course. Total time for Secure Coding training is nine and a half hours, for which students will earn ten CEU/CPE and a Certificate of Completion.

What Are OWASP Secure Coding Practices?

Standards for secure coding and best practices allow developers to create and improve software and applications securely. Following these standards and best practices ensures that vulnerabilities that cybercriminals may exploit are minimized.

There are numerous ways to develop applications and software securely. One way is by following the OWASP secure coding checklist. It is a checklist of best practices for securing the code on applications but can also be applied as a security protocol for every software deployment platform and software development life cycle as well. The checklist of secure coding practices has multiple prevention techniques by which attack damages can be reduced and/or mitigated.

Why Learn Secure Coding Practices with Cybrary?

Knowing secure coding practices is an important skill for today’s cybersecurity professionals and learning them is simple with Cybrary. Our training courses are self-paced and online, making it easy and convenient for busy IT professionals to learn new skills even with their busy schedules.

The Secure Coding training course is a great way for learners to add knowledge to their professional toolbox, enhance their careers, and become even more valuable to employers.


Syllabus

  • Introduction
    • Part 1 Intro
    • Part 2 Lab Setup
    • Part 3 BurpSuite
    • Part 4 Mutillidae
  • Module 01 OWASP Top 10 A1 Injection
    • Part 1 Intro
    • Part 2 Explanations
    • Part 3 SQL Injection Demo
    • Part 4 Command Injection Demo
    • Part 5 JSON Injection Demo
    • Part 6 Defenses
    • Part 7 Lab Solution
  • Module 02 OWASP Top 10 A2 Broken Authentication and Session Management
    • Part 1 Intro
    • Part 2 Explanations
    • Part 3 CookieManipulation Demo
    • Part 4 Username Enum Demo
    • Part 5 BruteForce Demo
    • Part 6 Defenses
    • Part 7 Lab Solution 1
    • Part 8 Lab Solutions 2
    • Part 9 Lab Solutions 3
  • Module 03 OWASP Top 10 A3 Cross-site Scripting
    • Part 1 Intro
    • Part 2 Explanations
    • Part 3 Reflected XSS HTML context Demo
    • Part 4 Reflected XSS JS context Demo
    • Part 5 Stored Demo
    • Part 6 Defenses
    • Part 7 Lab Solutions 1
    • Part 8 Lab Solutions 2
  • Module 04 OWASP Top 10 A4 Insecure Direct Object Reference
    • Part 1 Intro
    • Part 2 Explanations
    • Part 3 IDOR files tokens Demo
    • Part 4 IDO urls tokens Demo
    • Part 5 Defenses
    • Part 6 Lab Solutions
  • Module 05 OWASP Top 10 A5 Security Misconfiguration
    • Part 1 Intro
    • Part 2 Explanations
    • Part 3 Dir Demo
    • Part 4 XXE Demo
    • Part 5 User Agent Demo
    • Part 6 Defenses
    • Part 7 Lab Solutions
  • Module 06 OWASP Top 10 A6 Sensitive Data Exposure
    • Part 1 Intro
    • Part 2 Explanations
    • Part 3 Comments Demo
    • Part 4 HiddenPages Demo
    • Part 5 HTMLS Web Storage Demo
    • Part 6 Defenses
  • Module 07 OWASP Top 10 A7 Missing Function Level Access Control
    • Part 1 Intro
    • Part 2 Explanations
    • Part 3 Role Demo
    • Part 4 Defenses
    • Part 5 Missing FL AC Lab
  • Module 08 OWASP Top 10 A8 Cross-site Request Forgery
    • Part 1 Intro
    • Part 2 Explanations
    • Part 3 CSRF JS Demo
    • Part 4 Entropy Demo
    • Part 5 CSRF Defenses
    • Part 6 CSRF Lab Solution
  • Module 09 OWASP Top 10 A9 Using Components with Known Vulns
    • Part 1 Intro
    • Part 2 Explanations
    • Part 3 Libraries & CVSS Demo
    • Part 4 Defenses
    • Part 5 WebGoat Library CVSS Lab
  • Module 10 OWASP Top 10 A10 Unvalidated Redirects and Forwards
    • Part 1 Intro
    • Part 2 Explanations
    • Part 3 Unvalidated URLs Demo
    • Part 4 Defenses
    • Part 5 JS redirect Lab
  • Module 11 CWE SANS Top 25 Buffer Overflows
    • Part 1 Intro
    • Part 2 Explanations
    • Part 3 Classic BufferOverflow Demo
    • Part 4 Defenses
    • Part 5 WebGoat BO OffByOne Lab
  • Module 12 CWE SANS Top 25 Insecure Interaction Between Components
    • Part 1 Intro
    • Part 2 Explanations
    • Part 3 FileUpload Demo
    • Part 4 Defenses
    • Part 5 WebGoat FileUpload Lab
  • Module 13 CWE SANS Top 25 Risky Resource Management
    • Part 1 Intro
    • Part 2 Explanations
    • Part 3 Risky Resource Mgmt Demo
    • Part 4 Defenses
    • Part 5 Lab Defenses
  • Module 14 CWE SANS Top 25 Porous Defenses
    • Part 1 Intro
    • Part 2 Explanations
    • Part 3 JS Validation Bypass Demo
    • Part 4 Defenses
    • Part 5 HTTP Response Splitting Lab
  • Module 15 Honorable Mentions
    • Part 1 Intro
    • Part 2 Explanations
    • Part 3 Lab
  • Module 16 Active Defenses
    • Part 1 Intro
    • Part 2 Explanations
  • Module 17 Threat Modeling
    • Part 1 Intro
    • Part 2 Explanations
    • Part 3 Card Game Demo

Taught by

Sunny Wear

Related Courses

Security Principles
(ISC)² via Coursera
A Strategic Approach to Cybersecurity
University of Maryland, College Park via Coursera
FinTech for Finance and Business Leaders
ACCA via edX
Access Control Concepts
(ISC)² via Coursera
Access Controls
(ISC)² via Coursera