Secure Coding Bootcamp

This one day developer secure coding bootcamp will cover a wide variety of secure coding techniques and positive design patterns which will assist a developer in building secure web, webservice and mobile applications. Although Java and .NET will be the focus, developers with a background in any web-centric programming language will benefit. This course is ideal for the developer (or software engineering support staff) who is new to software security. Defensive techniques and positive security design patterns will be the focus.

The following topics will be covered.
* HTTP Basics

* HTTP/S Security Headers
* SQL, LDAP and Command Injection

* Authentication Best Practices

* Basic XSS Defense Principles

* Advanced XSS Defense Techniques

* Content Spoofing and HTML Hacking

* Access Control Design Best Practices

* Cross Site Request Forgery Defense

* Clickjacking Defense

* TLS Best Practices

* Mobile Security Defense Basics

* App Layer Intrusion Detection

* Workflow Security Considerations

TargetLevel: Intermediate (Some knowledge required)

Take Aways: HSTS use including browser preloading initiative
Importance of forward secrecy ciphers
Certificate pinning and monitoring for abuse
Revocation best practices

Location: Date: 27th May 2015 Time: 9:00 am - 5:00 pm Jim Manico