eLearning - Other Courses

Information Security Courses

Fundamentals of Secure Development - 60 minutes

In this course, students will learn an overview of software security and its latest trends, as well as the importance of software security for business. Students will also learn to perform threat modeling to identify threats proactively, create threat trees for application components, use threat trees to find vulnerabilities, classify vulnerabilities, and perform risk analysis and prioritize security fixes.

Adopting the Six Fundamentals of Information Security - 60 minutes

Experts in the security field tend to agree that the human factor is the weakest link in information security. Don't allow yourself to aid and abet a breach; rather, get the knowledge you need to help protect your organization's assets. This eLearning course describes and reinforces the importance of adopting a security-conscious behavior and prescribes a set of security best practices you can easily integrate into your daily workplace activities.

Application Security Fundamentals - 120 minutes

Application Security Fundamentals (ASF) is a language-neutral course targeted to developers. This course is designed to give a developer a baseline understanding of application security, what they are up against and how to defend against the most common attacks against software.

Introduction to Cryptography - 60 minutes

Cryptography is an essential part of protecting information. Learn how cryptography works, what its pitfalls are, and how to securely use cryptography in your systems. This course provides you with the necessary information to understand the fundamentals of cryptography, identify the threats that affect two or more communicating parties, and determine the proper cryptographic solution to mitigate these threats.

Intro to XSS with ASP.NET Examples- 30 minutes

Don't leave your Web applications exposed. Learn about the most common vulnerability on the Web - Cross-site scripting (XSS). This eLearning course will help you understand the root causes for cross-site scripting vulnerabilities, explain how such vulnerabilities can be exploited, and it will ultimately enable you to prevent such vulnerabilities from being in your ASP.NET code.

Intro to XSS with JSP Examples - 30 minutes

Software Security Awareness - 60 minutes

Secure Software Awareness is a language-neutral course targeted to developers, qa engineers and architects. This course is designed to give you a baseline understanding of application security and the SDLC.

Fundamentals of Secure Development - 60 minutes

Secure Development Courses - Process and Design Phase

How to Define Software Security Requirements and Design - 60 minutes

Security is an important component of application quality. To preserve the confidentiality, integrity, and availability of application data, software applications must be engineered with security in mind beginning with the design phase. Without defined security requirements, design choices will be made without security guidance and security testing cannot be effective. This course provides technical and non-technical personnel with the tools to understand, create, and articulate security requirements as part of a software requirement document.

SDLC Gap Analysis and Remediation Techniques - 45 minutes

Security is a crucial component of application quality. To preserve the confidentiality, integrity, and availability of your application data, your applications must be engineered with security in mind from inception through deployment. To implement security in your development life cycle, it is important that you understand and know your security goals and assess your existing process against those goals. A gap analysis helps you understand the security improvements you can make in your development process. Based on the results of your gap analysis, you can create a remediation plan for improving the security practices in your development life cycle.

Fundamentals of Secure Architecture - 60 minutes

In the past, software applications were created with little thought to the importance of security. In recent times, businesses have become more rigorous about how the buy software. When looking at applications and solutions, companies do not just look at features, functionality, and ease of use. They focus on the total cost of ownership (TCO) of what they purchase. Security is a large and visible part of the TCO equation.

Attack Surface Analysis and Reduction - 60 minutes

The attack surface of your system represents the number of entry points you expose to a potential attacker - for example, user interfaces, Web services, database access, and so on. Fewer entry points means less chance of an attacker finding a vulnerability in your code. Therefore, it is important that you understand what an attack surface is and then see how you can measure and reduce the attack surface of your application.

Introduction to Threat Modeling - 120 minutes

This course is an introduction to threat modeling, its primary goals, and its role within the Security Development Life Cycle. Once you are familiar with the main ideas behind threat modeling, the entire threat modeling process is demonstrated. This will enable you to apply threat modeling to your own products and thus be able to design and develop more secure code.

Secure Development Lifecycle: Introduction to the SDL - 60 minutes

This course covers all the security concepts that will enable you to design and implement products that meet your organization's security needs.

Classes of Security Defects - 60 minutes

This course provides all the information required to assist students in defending against common security defects. Students taking this course will be provided with background knowledge on why and how security defects are introduced into software. Common classes of security defects are then presented to the students, each class being closely defined and described. Along with examples of real-life security bugs, various techniques are outlined in order to help students spot common security issues in source code as well as during testing. Additional mitigation techniques and technologies are described for each class of security defect.

Secure Development Lifecycle: SDL for Management - 60 minutes

This course will help you identify the Security Development Life Cycle (SDL) requirements that need to be met for shipping secure products and services. The course demonstrates the benefits product teams gain by following the SDL, and provides you with information regarding your role and responsibilities in ensuring your team properly follows this process. Additionally, this course will introduce you to the common problems that can delay or stop product shipping and provide you with information that will enable you to evaluate whether or not your team is on track.

Secure Development Courses - Implementation Phase

Understanding Secure Code C++ - 75 minutes

In this course, students will learn how to write secure code in C/C++ for Windows and Unix platforms, robust code development, and secure socket programming, and learn to apply time-tested defensive coding principles to develop secure applications. Students will also learn the nine defensive coding principles and how to use them to prevent common security vulnerabilities.

Creating Secure Code C++ - 90 minutes

This course examines the main security issues associated with the development of C/C++ applications, specifically, an overview of memory management and other C/C++ problems that differ from Java and .NET languages. The course presents ways to avoid those vulnerabilities in C/C++ code. In the hands-on section, students will discover the vulnerabilities for themselves and find ways to address them, greatly enhancing the security of their code.

Secure C/C++ Coding - 60 minutes

This course examines the main security issues associated with the development of C/C++ applications. The course provides an overview of memory management and other C/C++ problems that are different from Java and .NET. The course presents ways to avoid those vulnerabilities in C/C++ code. In the hands-on section, students will discover the vulnerabilities for themselves and find ways to address them, greatly enhancing the security of their code.

Secure Java Coding - 240 minutes

Understanding Secure Code - J2EE - 60 minutes

In this course, students will learn to recognize and remediate common Java Web software security vulnerabilities. After completing this course, students will be able to recognize data leakage, injection attacks, client/server protocol manipulation attacks, and authentication exploitations, and mitigate these security vulnerabilities. Prerequisite: Fundamentals of Secure Development (COD 101).

Creating Secure Code - J2EE - 120 minutes

This course examines in depth the development of secure web applications in Java. It provides an overview of common web application vulnerabilities and presents ways to avoid those vulnerabilities in Java code. In the hands-on section, students will discover the vulnerabilities themselves and find ways to address them, greatly enhancing the security of their code. Upon completion of this course, participants will be able to identify why software security matters to their business, recognize the root causes of the more common vulnerabilities, identify the symptoms of common vulnerabilities, and use security best practices to prevent common vulnerabilities. Prerequisite: Understanding Secure Code - JRE (COD 211)

Secure .NET Coding - 240 minutes

This course examines in depth the development of secure applications in ASP.NET/C#. It provides an overview of common web application vulnerabilities and presents ways to avoid those vulnerabilities in C# code. In the hands-on section, students will discover the vulnerabilities for themselves and find ways to address them, greatly enhancing the security of their code.

.NET Security - 90 minutes

This course examines in depth the development of secure web applications in C#. It provides an overview of common web application vulnerabilities and presents ways to avoid those vulnerabilities in C# code. In the hands-on section, students will discover the vulnerabilities for themselves and find ways to address them, greatly enhancing the security of their code.

Exploiting Buffer Overflows - 60 minutes

This course provides you with all the required information to help you understand and mitigate buffer overflow exploits. The course first introduces the concepts necessary to recognize the threats posed by buffer overflow exploits and to comprehend the mechanisms behind exploitation of stack-based and heap-based overflows. The course then delves into the different challenges faced by exploit code and how different exploitation techniques overcome environmental limitations. Finally, mitigation techniques designed to prevent the exploitation of buffer overflows are presented, including the use of secure coding best practices and built-in operating system defenses.

Introduction to Integer Overflows - 60 minutes

This course provides all the information required to understand, avoid, and mitigate the risks posed by integer overflows. The students are first provided with detailed background information about the nature of integer overflows and the risks deriving from their exploitation. The course then delves into techniques that help avoid and detect integer overflows in production code.

Web Vulnerabilities - Threats and Mitigations - 60 minutes

This course provides all the required information to understand, avoid, and mitigate the risks posed by Web vulnerabilities. You will be first provided with detailed background information on common attacks against Web-based applications, such as cross-site scripting attacks and cross-site request forgery attacks. The course will then delve into practical advices on how to avoid and/or mitigate Web vulnerabilities. Practical examples are provided throughout the course to help you understand and defend against Web vulnerabilities.

Vista Security - 60 minutes

This course provides you with the necessary knowledge and skills to understand Windows Vista security features and to enable you to build applications that leverage Windows Vista’s built-in security mechanisms.

Secure Development Courses - Testing Phase

How to Perform a Security Code Review - 60 minutes

Application developers may use a variety of tools to identify flaws in their software. Many of these tools, however, cannot be deployed until late in the development lifecycle; dynamic analysis tools require a staging site and sample data, and some static analysis tools require a compiled build. Manual code reviews, in contrast, can begin at any time and require no specialized tools, only secure coding knowledge. Manual code reviews can also be laborious if every line of source code is reviewed. This course provides students with guidance on how to best organize code reviews, prioritize those code segments that will be reviewed, best practices for reviewing source code and maximize security resources.

How to Break Software Security - 240 minutes

This course examines how to conceptualize security bugs and understand 19 common attacks that will expose vulnerabilities in any type of software.

Fundamentals of Security Testing - 120 minutes

This course introduces security testing concepts and processes based on the Security Development Life Cycle, and provides you with the concepts necessary to analyze an application form a security perspective and to conduct effective security testing. The course focuses on the different categories of security vulnerabilities and the various testing approached that target these classes of vulnerabilities. Various testing techniques are discussed in order to help students spot common security issues during testing and identify real-life examples of security bugs uncovered using these techniques.