Application Security Training through Secure Coding Best Practices
Secure coding / application security is the practice of developing applications, whether for computers, mobile devices or the web, in such a manner as to provide defense-in-depth against malicious attacks. Although security and threat modeling discussions often focus on the network and hardware resources to be implemented, software should be written with an approach of defensive coding as well. Best practices are in place for coders, but many in the application development field either don’t know these best practices, or don’t know them well enough to move quickly through the development process enough to reach their application launch goals. That’s where this class comes in. We teach an all encompassing secure coding best practices course that prepares developers for quick know-how when meeting tough application demands. Plus, this class is mapped to the EC-Council Certified Secure Programmer (ECSP) certification.
EC-Council ECSP Certification based Secure Coding Training in Maryland, Washington D.C. or Northern Virginia
Delivery Style: 80% Hands-On, 20% Lecture
If you are looking for an application security / secure coding training class, then we have the solution. You can request a proposal for training for your group. We can perform the class on a Monday through Friday, daytime schedule at your location or ours. to request a training proposal, just fill out the request information form to the right.
Secure Coding Training Course Cost: $2,995 Per Enrollment
This is an Advanced Security course. You must meet specific prerequisites in order to enroll in this course. Please speak to your account manager for more details.
Custom Secure Coding Training For Your Organization
Secure coding training can include an overall best practices class like what we offer on as a regular, open enrollment schedule, or it can include specific languages such as Java, C++, .Net, AJAX, Coldfusion, ASP and others. We have the ability to provide your organization with an application security course that is customized to any one language or even multiple languages. We can provide custom training at any location around the globe!
If your organization needs secure coding and application security training other than what we have listed as open enrollment, no problem! Just fill out the request information form to the right and tell us more about your training needs, your ideal start-date, your location preference, your unique set of challenges and the expected outcome, and we will develop a customized training course proposal targeted to the specific needs of your staff within your scheduling constraints! We will gladly do this quickly and free of any obligation.
Topics and Concepts Covered in our ECSP Secure Coding Training
Secure coding is not intended to be a practice that creates invulnerable systems. However, it is expected to reduce risk and mitigate damage from a security breach. As an example of mitigation of risk, consider that an application often requires database access in order to store and manipulate data. The credentials available to the application should be only provided limited access to the database in question, so that if the application is compromised the breach, while not prevented, is still hopefully limited. The intention of secure coding is to attempt to provide a ‘last resort’ defense tactic, which is not intended to replace hardware and network level security, but add additional layers to the existing strategy.
Some of the best practices for secure coding, regardless of language, include items such as consistent input validation and least privilege. Checking inputs not only for expected values but for attempts to pass in malicious data is a must for effective security. In addition to validation, compiler warnings often indicate potential areas that should be addressed. It is, unfortunately, all too common for developers to become inured to the compiler messages that don’t cause a build to fail.
Additionally, usage of a ‘default deny’ method for access is considered best practice. An example of this would be a white list of allowed users or data as opposed to a black list of blocked users. Simplicity in design is an effective tool to prevent overly engineered code, which may inadvertently expose areas that could be compromised.