Education & Training Awareness

Secure Code Training

Learn how to develop more secure products and applications while saving precious time and resources
The importance of integrating the Secure code best practices in your development and testing phases is crucial, both from a security and a business standpoint. The benefit of these process improvements is to reduce the number and severity of security vulnerabilities in the services provided to customers, as well as producing software that is more secure. Working with Comsec’s dedicated training team, you can provide developers a secure code development understanding, including:
  • Defining a methodology for implementing security into the development process.
  • Meeting security levels in accordance with the organization’s policy and in accordance to acceptable standards in the industry for products and services that are being developed by the company.

What Comsec’s Secure Code Training experts can teach your business

We are confident that our tailored training sessions, as described below and carried out by Comsec’s team of experts, will help to improve and maintain a high degree of security for your organization needs.

Syllabus

An intractive theoretical lecture. Length: 3-4 hours

Why we need secure code?

  • Attacks in the cyber world
  • Defense in Depth
  • Web application security overview
  • Security controls introduction
  • Threats – STRIDE
OWASP Top 10 security risks
  1. Injection (SQL, LDAP, OS)
  2. Broken Authentication (Password cracking\stealing, authentication flaws etc.)
  3. Sensitive Data Exposure (Credit cards, passwords, IDs etc.)
  4. XML External Entities (XXE)
  5. Broken Access Control (Parameter tampering, Authorization bypass)
  6. Security Misconfiguration (unpatched systems, default passwords, old files etc.)
  7. XSS (Persistent, Reflected, DOM Based)
  8. Insecure Deserialization
  9. Using Components with Known Vulnerabilities
  10. Insufficient Logging and Monitoring
Note: Each attack is supported with demonstrations of code examples & mitigations techniques.
Guided Hands-on Hacking Exercise
  • Implementing the attacks, as demonstrated in the sessions of the first part – Find the hacker inside of you (optional – 4 hours)
  • Fixing the code to prevent the attacks from being executed (optional – 4 hours)

Over 30 years of cybersecurity experience

  • Comsec is trusted by over 1,000 clients including Fortune 500 companies
  • Our international offices ensure quick response times, any day of the week
  • Work with enterprise-level, certified professionals with top-tier credentials
  • Find solutions quickly based on Comsec’s gold-standard Isreali cybersecurity expertise
  • Comsec is certified as a QSA for PCI-DSS, PCI-PA, and HIPAA compliance and is a lead auditor for ISO 2700 standards

Get started with your Secure Code Training experts today

Contact our team and we’ll respond swiftly to get your business secure, compliant, and operating efficiently.