Secure Code Training - SSDLC
The importance of integrating the Secure Software Development lifecycle (SSDLC) in your development and testing phases is crucial, both from a security and a business standpoint.
The benefit of these process improvements is to reduce the number and severity of security vulnerabilities in the services provided to customers, as well as producing software that is more secure.
Working with Comsec’s dedicated training team, you can provide developers a secure code development understanding, including:
- Defining a methodology for implementing security into the development process.
- Meeting security levels in accordance with the organization’s policy and in accordance to acceptable standards in the industry for products and services that are being developed by the company.
What Comsec’s Secure Code Training experts can teach your business
We are confident that our tailored training sessions, as described below and carried out by Comsec’s team of experts, will help to improve and maintain a high degree of security for your organization needs.
An intractive theoretical lecture. Length: 3-4 hours
Why we need secure code?
- Attacks in the cyber world
- Defense in Depth
- Web application security overview
- Security controls introduction
- Threats – STRIDE
- Injection (SQL, LDAP, OS)
- Broken Authentication (Password cracking\stealing, authentication flaws etc.)
- Sensitive Data Exposure (Credit cards, passwords, IDs etc.)
- XML External Entities (XXE)
- Broken Access Control (Parameter tampering, Authorization bypass)
- Security Misconfiguration (unpatched systems, default passwords, old files etc.)
- XSS (Persistent, Reflected, DOM Based)
- Insecure Deserialization
- Using Components with Known Vulnerabilities
- Insufficient Logging and Monitoring
- Implementing the attacks, as demonstrated in the sessions of the first part – Find the hacker inside of you (optional – 4 hours)
- Fixing the code to prevent the attacks from being executed (optional – 4 hours)
Over 30 years of cybersecurity experience
- Comsec is trusted by over 1,000 clients including Fortune 500 companies
- Our international offices ensure quick response times, any day of the week
- Work with enterprise-level, certified professionals with top-tier credentials
- Find solutions quickly based on Comsec’s gold-standard Isreali cybersecurity expertise
- Comsec is certified as a QSA for PCI-DSS, PCI-PA, and HIPAA compliance and is a lead auditor for ISO 2700 standards