Wednesday, 20 May 2015

Can you deliver this 3 day C++/Java course in the UK?

I was asked to deliver the course below in the UK but it is too structured for my style of training and I don't have the time to delivered it.

So if you have the skills and can do it, ping me and I'll put you in touch with the company organising it


Day 1 – General security considerations:
  • Introduction
o    Basic Security Concepts
o    Hacking Methodologies
o    Techniques and Tools
o    Logical and Technical Flaws
  • Networks considerations
o    Security elements (Firewall, VPN, IPS…) – pros/cons, considerations
  • General infrastructures problems related to our market
o    Routers
o    Operating systems
  • Main threats
o    Information Gathering & Disclosure
o    Forceful Browsing
o    Buffer Overflow
o    Denial of Service
o    Cross Site Scripting & Scripts Injection
o    Flow Bypassing
o    Parameter Tampering and Field Manipulation
o    SQL Injection
o    DoS vs ADoS
o    Client Side Implementation of Logic (JS/VBS/Extension)

  Day 2 – Secure coding and testing for embedded (C/C++) systems:
  • Input Validation and Output Sanitation
o    Input Validation Methods
o    Output Sanitation
  • Errors and Exceptions Handling
o    Exception Handling Overview
o    Log Writing
o    Error messages
o    Handling Errors in the Web/Application Server Layer
  • Event Logging
o    Application Logs Overview
o    What should and should not be logged?
o    Alerts and Monitoring
  • Information Disclosure Prevention
o    Information Disclosure in the Application
o    Protecting the Source Code from Disclosure
o    User Authentication & Authorization
o    User Authentication Mechanisms
  • SSL Based Authentication
o    Proper Session Usage
o    Users and Password Policies
o    Single Sign On Mechanisms
o    Managing User Authorization
  • Minimum Privilege Principle
  • Risks and Mitigations in the Infrastructure Layer
o    Known Vulnerabilities
o    Insecure Deployment and Configuration
  • Hardening System Services
  • Virus, Worms and Trojan Horses
  • Risks and Mitigations in the Communication Layer
  • Eavesdropping
  • Replay Attacks, MITM
  • Flavors of DoS, DDoS

Day 3 – Secure coding and testing for Java:
  • Fundamentals
  • Denial of Service
  • Confidential Information
  • Injection and Inclusion
  • Accessibility and Extensibility
  • Input Validation
  • Mutability
  • Object Construction
  • Serialization and Deserialization
  • Access Control
  • Data base considerations
Posted by at
Labels: