Secure Programming Core Concepts: Beginner

https://www.skillsoft.com/channel/secure-programming-core-concepts-e5dae4c4-53bb-402a-ba30-1336fd2184d1?expertiselevel=51281 https://www.skillsoft.com/channel/secure-programming-core-concepts-e5dae4c4-53bb-402a-ba30-1336fd2184d1?expertiselevel=51282
  • 11 Courses | 10h 17m 50s
  • 12 Courses | 11h 7m 39s
Likes 32 Likes 32
 
Secure Programming is a key methodology for the security and reliability of code. Explore the core concepts of Secure Programming here.

GETTING STARTED

Secure Programmer: Security Concepts

  • Playable
    1. 
    Course Overview
    1m 39s
    NOW PLAYING
  • Playable
    2. 
    Security Concepts
    5m 43s
    UP NEXT

GETTING STARTED

Secure Programmer: Intro to Programming Standards

  • Playable
    1. 
    Course Overview
    3m 2s
    NOW PLAYING
  • Playable
    2. 
    Introduction to Programming
    9m 34s
    UP NEXT

COURSES INCLUDED

Secure Programmer: Security Concepts
This 6-video course guides learners to discover the basics of secure programming, including common security concepts, authentication and authorization, and shows how to avoid common programming errors that can undermine security, as well as how to incorporate validation and verification into programming. These are the core security concepts that you need to master to ensure that your programs are produced in a secure fashion. To begin, you will examine secure programmer security concepts, including confidentiality, integrity, and availability, known as the CIA triangle, least privileges, and separation of duties. The next tutorial covers secure programmer authentication and authorization, looking at general authentication models such as discretionary access controls (DACs), mandatory access control (MAC), rule-based access control (RBAC), and attribute-based access control (ABAC). Next, you will explore and learn how to avoid common programming errors that can undermine security. The final tutorial in this course looks at the process and techniques of secure programming verification and validation. 
6 videos | 26m
has Assessment available Badge
Secure Programmer: Vulnerabilities
Explore various software vulnerability topics in this 19-video, which opens with a look at specific security vulnerabilities and how to program counter techniques. Then learners receive three tutorials on the OWASP (Open Web Application Security Project) Top 10 vulnerabilities: SQL injection, broken authentication, and cross-site scripting; broken access control, security misconfiguration, sensitive data exposure, and insufficient attack protection; and cross-site request forgery, using components with known vulnerabilities, and under protected application programming interfaces (APIs). Examine use of threat models including STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation), PASTA (the Process for Attack Simulation and Threat Analysis), DREAD (Damage, Reproductibility, Exploitability, Affected Users, Discoverability), and SQUARE (Security Quality Requirements Engineering). Use CVE (common vulnerabilities and exposures) vulnerability scoring, and examine Java, Python, C#, and Javascript SQL secure coding examples. Implement Python secure coding to combat SQL vulnerability; C# to combat common code vulnerabilities, and Javascript to combat Cross Site Scripting attacks. Use Common Vulnerability Scoring System (CVSS), and finally, use OWASP Zap and Vega vulnerability scanners to test websites for common vulnerabilities.
19 videos | 1h 20m
has Assessment available Badge
Secure Programmer: Encryption
In this 5-video course, learners discover the basics of cryptographic algorithms. You will receive a general overview of symmetric algorithms such as AES, Blowfish, and Serpent. You will also examine asymmetric algorithms such as RSA (Rivest, Sharmir, and Adelman), Diffie-Hellman, and elliptic-curve cryptography (ECC). More importantly, you will learn when to use which algorithm and what algorithms are better for specific purposes. You will then move on to integrity algorithms, including hashes like SHA (Secure Hash Algorithm 1), MD5 (Message Digest 5), and 6, RIPEMD (Ripe Message Digest), and HAVAL, as well as message authentication codes (MACs) and HMACs (keyed-hash message authentication codes). You will also examine the strengths and weaknesses of these different approaches. The goal is whether one can make intelligent choices about which algorithms to implement for which purpose; whether one's concerns are about confidentiality; if one needs to do key exchange; is message integrity an issue; are you storing passwords? These will each require different algorithms.
5 videos | 22m
has Assessment available Badge
Secure Programmer: Attacks
You will focus primarily on actual common software attacks in this 21-video course, which means you will be shown how the SQL format string attack affects your programs and coding mistakes that make software vulnerable to them. In some of these examples, learners will examine the vulnerable code and learn how to correct it. In other examples, learners will explore how someone carries out the attack, which will help lead one to learn how to defend against it. Begin by learning how to code against format string attacks in Java, in Python, and in C#. Then move on to coding against SQL injection attacks in Java, in Python, in C#, and in Javascript. Next, explore coding against buffer overflow attacks in Java, in Python, in C#, and in Javascript. Further tutorials examine how to code against cross-site scripting attacks in Java, in Python, in C#, and in Javascript. Also, learn how to code against password cracking attacks in Java, in Python, in C#, and in Javascript.
21 videos | 1h 17m
has Assessment available Badge
Secure Programmer: Resiliency Coding
This 7-video course helps learners explore resiliency concepts such as stability, recovery, and defensive coding. In it, you will discover how to ensure Java resiliency, Python resiliency, C# resiliency, and Javascript resiliency. One of the cornerstones of secure programming is to create resilient software, which means software that is far less likely to have failures. You will begin by looking at the resilient concepts such as stability, recovery, and defensive coding. Begin with stability, so software functions as desired, reliably and consistently. Then should something go wrong, it will readily recover. It will be able to accommodate whatever went wrong and continue normal operations as soon as possible. Then you have to write defensive code, code that is expecting both malicious attacks and just general errors. Defensive coding is a large part of secure coding. This leads into learning how to write resilient code in Java, in Python, in C#, and finally, writing resilient code in Javascript.