Secure Code Training - SSDLC

Learn how to develop more secure products while saving precious time and resources

The importance of integrating the Secure Software Development lifecycle (SSDLC) in your development and testing phases is crucial, both from a security and a business standpoint.

The benefit of these process improvements is to reduce the number and severity of security vulnerabilities in the services provided to customers, as well as producing software that is more secure.

Working with Comsec’s dedicated training team, you can provide developers a secure code development understanding, including:

  • Defining a methodology for implementing security into the development process.
  • Meeting security levels in accordance with the organization’s policy and in accordance to acceptable standards in the industry for products and services that are being developed by the company.

What Comsec’s Secure Code Training experts can teach your business

We are confident that our tailored training sessions, as described below and carried out by Comsec’s team of experts, will help to improve and maintain a high degree of security for your organization needs.

Syllabus

An intractive theoretical lecture. Length: 3-4 hours

Why we need secure code?

  • Attacks in the cyber world
  • Defense in Depth
  • Web application security overview
  • Security controls introduction
  • Threats – STRIDE
OWASP Top 10 security risks
  1. Injection (SQL, LDAP, OS)
  2. Broken Authentication (Password cracking\stealing, authentication flaws etc.)
  3. Sensitive Data Exposure (Credit cards, passwords, IDs etc.)
  4. XML External Entities (XXE)
  5. Broken Access Control (Parameter tampering, Authorization bypass)
  6. Security Misconfiguration (unpatched systems, default passwords, old files etc.)
  7. XSS (Persistent, Reflected, DOM Based)
  8. Insecure Deserialization
  9. Using Components with Known Vulnerabilities
  10. Insufficient Logging and Monitoring
Note: Each attack is supported with demonstrations of code examples & mitigations techniques.
Guided Hands-on Hacking Exercise
  • Implementing the attacks, as demonstrated in the sessions of the first part – Find the hacker inside of you (optional – 4 hours)
  • Fixing the code to prevent the attacks from being executed (optional – 4 hours)

Over 30 years of cybersecurity experience

  • Comsec is trusted by over 1,000 clients including Fortune 500 companies
  • Our international offices ensure quick response times, any day of the week
  • Work with enterprise-level, certified professionals with top-tier credentials
  • Find solutions quickly based on Comsec’s gold-standard Isreali cybersecurity expertise
  • Comsec is certified as a QSA for PCI-DSS, PCI-PA, and HIPAA compliance and is a lead auditor for ISO 2700 standards

Get started with your Secure Code Training experts today

Contact our team and we’ll respond swiftly to get your business secure, compliant, and operating efficiently.
Close Menu
Comsec is now offering a few unique packages, should you order by the end of 2019:
  •  For ordering one of our Cybersecurity Services, you’ll be able to choose between: Hardening procedure documentation / SSDLC guidelines / Awareness training session (1.5 hours) / CISO advisory session (3 hours)
  • For ordering our Incident Response Service (IRP / IRT): CISO advisory session (3 hours)
  •  For ordering our Table Top exercise, you’ll be able to choose between: A session by a senior Comsec Information Security expert / Hardening procedure documentation
  •  For ordering our Red Team service: Attack simulation by a senior Comsec Information Security expert
  •  For ordering our Secure Code Review service, you’ll be able to choose between: 2 system re-tests / Additional scan (of the same system)
  •  For ordering Comsec Hour Bank, you’ll be able to choose between:
  • Additional 10% hours of the value of the package / Hardening procedure documentation / SSDLC guidelines
 

If you’re interested, please drop us an email:
salespromotions@comsecglobal.com