Plan Szkolenia
Day 1
- IT security and secure coding
- Nature of security
- IT security related terms
- Definition of risk
- Different aspects of IT security
- Requirements of different application areas
- IT security vs. secure coding
- From vulnerabilities to botnets and cybercrime
- Nature of security flaws
- Reasons of difficulty
- From an infected computer to targeted attacks
- Classification of security flaws
- Landwehr’s taxonomy
- The Seven Pernicious Kingdoms
- OWASP Top Ten 2013
- OWASP Top Ten comparison 2003 – 2013
- Introduction to the Microsoft® Security Development Lifecycle (SDL)
- Agenda
- Applications under attack...
- Cybercrime Evolution
- Attacks are focusing on applications
- Most vulnerabilities are in smaller ISV apps
- Origins of the Microsoft SDL...
- Security Timeline at Microsoft...
- Which apps are required to follow SDL?
- Microsoft Security Development Lifecycle (SDL)
- Microsoft Security Development Lifecycle (SDL)
- Pre-SDL Requirements: Security Training
- Phase One: Requirements
- Phase Two: Design
- Phase Three: Implementation
- Phase Four: Verification
- Phase Five: Release – Response Plan
- Phase Five: Release – Final Security Review
- Phase Five: Release – Archive
- Post-SDL Requirement: Response
- SDL Process Guidance for LOB Apps
- SDL Guidance for Agile Methodologies
- Secure Software Development Requires Process Improvement
- Secure design principles
- Attack surface
- Attack surface reduction
- Attack surface – an example
- Attack surface analysis
- Attack surface reduction – examples
- Privacy
- Privacy
- Understanding Application Behaviors and Concerns
- Defense in depth
- SDL Core Principle: Defense In Depth
- Defense in depth – example
- Least privilege principle
- Least privilege – example
- Secure defaults
- Secure defaults – examples
- Attack surface
- Secure implementation principles
- Agenda
- Microsoft Security Development Lifecycle (SDL)
- Buffer overflow basics
- Intel 80x86 Processors – main registers
- The memory address layout
- The function calling mechanism in C/C++ on x86
- The local variables and the stack frame
- Stack overflow
- Buffer overflow on the stack
- Exercises – introduction
- Exercise BOFIntro
- Exercise BOFIntro – determine the stack layout
- Exercise BOFIntro – a simple exploit
- Input validation
- Input validation concepts
- Integer problems
- Representation of negative integers
- Integer overflow
- Arithmetic overflow – guess the output!
- Exercise IntOverflow
- What is the value of Math.Abs(int.MinValue)?
- Integer problem mitigation
- Integer problem mitigation
- Avoiding arithmetic overflow – addition
- Avoiding arithmetic overflow – multiplication
- Detecting overflow with the checked keyword in C#
- Exercise – Using the checked keyword in C#
- Exceptions triggered by overflows in C#
- Case study –Integer overflow in .NET
- A real-world integer overflow vulnerability
- Exploiting the integer overflow vulnerability
- Path traversal vulnerability
- Path traversal mitigation
Day 2
- Secure implementation principles
- Injection
- Typical SQL Injection attack methods
- Blind and time-based SQL injection
- SQL Injection protection methods
- Command injection
- Broken authentication - password management
- Exercise – Weakness of hashed passwords
- Password management and storage
- Special purpose hash algorithms for password storage
- Cross-Site Scripting (XSS)
- Cross-Site Scripting (XSS)
- CSS injection
- Exploitation: injection through other HTML tags
- XSS prevention
- Missing function level access control
- Filtering file uploads
- Practical cryptography
- Providing confidentiality with symmetric cryptography
- Symmetric encryption algorithms
- Block ciphers – modes of operation
- Hash or message digest
- Hash algorithms
- Message Authentication Code (MAC)
- Providing integrity and authenticity with a symmetric key
- Providing confidentiality with public-key encryption
- Rule of thumb – possession of private key
- Typical mistakes in password management
- Exercise – Hard coded passwords
- Conclusion
- Injection
- Secure verification principles
- Functional testing vs. security testing
- Security vulnerabilities
- Prioritization
- Security testing in the SDLC
- Steps of test planning (risk analysis)
- Scoping and information gathering
- Stakeholders
- Assets
- The attack surface
- Security objectives for testing
- Threat modeling
- Threat modeling
- Attacker profiles
- Threat modeling based on attack trees
- Threat modeling based on misuse/abuse cases
- Misuse/abuse cases – a simple Web shop example
- STRIDE per element approach to threat modeling – MS SDL
- Identifying security objectives
- Diagramming – examples of DFD elements
- Data flow diagram – example
- Threat enumeration – MS SDL’s STRIDE and DFD elements
- Risk analysis – classification of threats
- The DREAD threat/risk ranking model
- Security testing techniques and tools
- General testing approaches
- Techniques for various steps of the SDLC
- Code review
- Code review for software security
- Taint analysis
- Heuristics
- Static code analysis
- Static code analysis
- Static code analysis
- Exercise – Using static code analysis tools
- Testing the implementation
- Manual run-time verification
- Manual vs. automated security testing
- Penetration testing
- Stress tests
- Fuzzing
- Automated security testing - fuzzing
- Challenges of fuzzing
- Web vulnerability scanners
- Exercise – Using a vulnerability scanner
- Checking and hardening the environment
- Common Vulnerability Scoring System – CVSS
- Vulnerability scanners
- Public databases
- Case study – Forms Authentication Bypass
- NULL byte termination vulnerability
- The Forms Authentication Bypass vulnerability in the code
- Exploiting the Forms Authentication Bypass
- Knowledge sources
- Secure coding sources – a starter kit
- Vulnerability databases
- .NET secure coding guidelines at MSDN
- .NET secure coding cheat sheets
- Recommended books – .NET and ASP.NET
Opinie uczestników (10)
Pushowanie zmian na bieżąco, jak w 3 dzień zaczęłam się już gubić bardziej niż wcześniej i było ciężej wyłapać błąd na szybko to na szybko byłam w stanie zcheckoutować się na najnowszą zmiane i być na bieżąco z materiałem
Paulina
Szkolenie - Advanced Java Security
the balance between lectures and practice, the rhythm, the trainer knowledge and pedagogic skill
Armando Pinto - EID
Szkolenie - C/C++ Secure Coding
Very good knowledge and character.
Constantinos Michael
Szkolenie - Java and Web Application Security
Bardzo dobrze jest zrozumieć, w jaki sposób haker mógłby potencjalnie analizować witryny pod kątem słabości i narzędzi, które mógłby wykorzystać.
Roger - OTT Mobile
Szkolenie - .NET, C# and ASP.NET Security Development
Przetłumaczone przez sztuczną inteligencję
Beginning by how to hack to better understand how to secure was very interesting and appreciated.
Raphaël Capocasale - Mikron SA Boudry
Szkolenie - Advanced C#, ASP.NET and Web Application Security
Web 的同源策略和跨域的内容,以及XSS 的危害,這個很貼切我們的工作。
Princess Ou - 广东溢达纺织有限公司
Szkolenie - Web Application Security
Trainer willing to answer questions and give bunch of examples for us to learn.
Eldrick Ricamara - Human Edge Software Philippines, Inc. (part of Tribal Group)
Szkolenie - Security Testing
Nauka korzystania z nowych narzędzi. Głównie zobaczenie, jak można przeprowadzić testy bezpieczeństwa
Jason - Kropman
Szkolenie - Secure Web Application Development and Testing
Przetłumaczone przez sztuczną inteligencję
The real life examples.
Marios Prokopiou
Szkolenie - Secure coding in PHP
The Burpe suite i need more training in this