Detailed Course Outline
Day 1
- Cyber security basics
- What is security?
- Threat and risk
- Cyber security threat types – the CIA triad
- Cyber security threat types – the STRIDE model
- Consequences of insecure software
- Memory management vulnerabilities
- Assembly basics and calling conventions
- Buffer overflow
- Best practices and some typical mistakes
Day 2
- Memory management hardening
- Runtime protections
- Security testing
- Security testing methodology
- Common software security weaknesses
- Security features
- Authentication
- Password management
- Security features
Day 3
- Common software security weaknesses
- Input validation
- Input validation principles
- What to validate – the attack surface
- Where to validate – defense in depth
- When to validate – validation vs transformations
- Validation with regex
- Injection
- Integer handling problems
- Files and streams
- Input validation
- Security testing
- Security testing techniques and tools
- Code analysis
- Dynamic analysis
- Security testing techniques and tools
- Wrap up
- Secure coding principles
- And now what?