CertNexus Cyber Secure Coder (CSC-110)
Course Overview
Cyber Secure Coder will aid in developing an appropriate understanding of secure development practices and how those practices protect against various types of vulnerabilities. You will learn the types of vulnerabilities, the exploits that can occur from those vulnerabilities, and the programming practices that will help prevent exploitation in an application.
Audience
This course is designed for software developers, testers, and architects who design and develop software in various programming languages and platforms including desktop, web, cloud, and mobile, and who want to improve their ability to deliver software that is of high quality, particularly regarding security and privacy.
This course is also designed for students who are seeking the Logical Operations Cyber Secure Coder (CSC) Exam CSC-110 certification.
Course Outline
Overview
Prior Knowledge And Expectations
Gather Software Requirements
Assignment: Identity Requirments
Activity: Identify Requirements
Factors that Undermine Software Security
Software Vulnerabilities And Attack Phases
Attack Patterns
Assignment: Find Vulnerabilities
Activity: Find Vulnerabilities
Assignment: New Password Requirements
Activity: New Password Requirements
Assignment: Hashing Passwords
Activity: Hashing Passwords
Vulnerability Intelligence
Assignment: Vulnerability Search
Activity: Vulnerability Search
Bugs In Software
External Libraries And Services
Handling Errors Securely
Human-Related Security
Security Requirements And Design
Security Through The Software Lifecycle
Assignment: Exploring Leftover Artifacts
Activity: Exploring Leftover Artifacts
Principles Of Secure Design
Avoid Common Mistakes
Assignment: Common Security Design Flaws
Activity: Common Security Design Flaws
Understand Risk And Threats
Risk Response Strategies
Exploit Countermeasures
Guidelines For Secure Coding
Buffer Overflows And Prevention
Race Conditions
Assignment Using Locks Remediate Race Condition
Activity Using Locks To Remediate Race Condition
OWASP Top Ten Platform Vulnerabilities
Web Application Vulnerabilities Deep Dive
Mobile Application Vulnerabilities Deep Dive
IoT Vulnerabilities Deep Dive
Desktop Vulnerabilities Deep Dive
Privacy Vulnerability Defects
Secure Session Management
Users, Protections And Passwords
Encryption And Data Protections
Error Handling And Protections
Testing Software for Security
Monitoring And Logging Of Production Applications