Secure Programming Core Concepts: beginner
Expertise:
- 11 Courses | 9h 18m 50s
- 12 Courses | 10h 5m 39s
Secure Programming is a key methodology for the security and reliability of code. Explore the core concepts of Secure Programming here.
GETTING STARTED
Secure Programmer: Intro to Programming Standards
-
3m 2s
-
9m 34s
COURSES INCLUDED
Secure Programmer: Security Concepts
This 6-video course guides learners to discover the basics of secure programming, including common security concepts, authentication and authorization, and shows how to avoid common programming errors that can undermine security, as well as how to incorporate validation and verification into programming. These are the core security concepts that you need to master to ensure that your programs are produced in a secure fashion. To begin, you will examine secure programmer security concepts, including confidentiality, integrity, and availability, known as the CIA triangle, least privileges, and separation of duties. The next tutorial covers secure programmer authentication and authorization, looking at general authentication models such as discretionary access controls (DACs), mandatory access control (MAC), rule-based access control (RBAC), and attribute-based access control (ABAC). Next, you will explore and learn how to avoid common programming errors that can undermine security. The final tutorial in this course looks at the process and techniques of secure programming verification and validation.
6 videos |
24m
Assessment
Badge
Secure Programmer: Vulnerabilities
Explore various software vulnerability topics in this 19-video, which opens with a look at specific security vulnerabilities and how to program counter techniques. Then learners receive three tutorials on the OWASP (Open Web Application Security Project) Top 10 vulnerabilities: SQL injection, broken authentication, and cross-site scripting; broken access control, security misconfiguration, sensitive data exposure, and insufficient attack protection; and cross-site request forgery, using components with known vulnerabilities, and under protected application programming interfaces (APIs). Examine use of threat models including STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation), PASTA (the Process for Attack Simulation and Threat Analysis), DREAD (Damage, Reproductibility, Exploitability, Affected Users, Discoverability), and SQUARE (Security Quality Requirements Engineering). Use CVE (common vulnerabilities and exposures) vulnerability scoring, and examine Java, Python, C#, and Javascript SQL secure coding examples. Implement Python secure coding to combat SQL vulnerability; C# to combat common code vulnerabilities, and Javascript to combat Cross Site Scripting attacks. Use Common Vulnerability Scoring System (CVSS), and finally, use OWASP Zap and Vega vulnerability scanners to test websites for common vulnerabilities.
19 videos |
1h 11m
Assessment
Badge
Secure Programmer: Encryption
In this 5-video course, learners discover the basics of cryptographic algorithms. You will receive a general overview of symmetric algorithms such as AES, Blowfish, and Serpent. You will also examine asymmetric algorithms such as RSA (Rivest, Sharmir, and Adelman), Diffie-Hellman, and elliptic-curve cryptography (ECC). More importantly, you will learn when to use which algorithm and what algorithms are better for specific purposes. You will then move on to integrity algorithms, including hashes like SHA (Secure Hash Algorithm 1), MD5 (Message Digest 5), and 6, RIPEMD (Ripe Message Digest), and HAVAL, as well as message authentication codes (MACs) and HMACs (keyed-hash message authentication codes). You will also examine the strengths and weaknesses of these different approaches. The goal is whether one can make intelligent choices about which algorithms to implement for which purpose; whether one's concerns are about confidentiality; if one needs to do key exchange; is message integrity an issue; are you storing passwords? These will each require different algorithms.
5 videos |
21m
Assessment
Badge
Secure Programmer: Attacks
You will focus primarily on actual common software attacks in this 21-video course, which means you will be shown how the SQL format string attack affects your programs and coding mistakes that make software vulnerable to them. In some of these examples, learners will examine the vulnerable code and learn how to correct it. In other examples, learners will explore how someone carries out the attack, which will help lead one to learn how to defend against it. Begin by learning how to code against format string attacks in Java, in Python, and in C#. Then move on to coding against SQL injection attacks in Java, in Python, in C#, and in Javascript. Next, explore coding against buffer overflow attacks in Java, in Python, in C#, and in Javascript. Further tutorials examine how to code against cross-site scripting attacks in Java, in Python, in C#, and in Javascript. Also, learn how to code against password cracking attacks in Java, in Python, in C#, and in Javascript.
21 videos |
1h 8m
Assessment
Badge
Secure Programmer: Resiliency Coding
This 7-video course helps learners explore resiliency concepts such as stability, recovery, and defensive coding. In it, you will discover how to ensure Java resiliency, Python resiliency, C# resiliency, and Javascript resiliency. One of the cornerstones of secure programming is to create resilient software, which means software that is far less likely to have failures. You will begin by looking at the resilient concepts such as stability, recovery, and defensive coding. Begin with stability, so software functions as desired, reliably and consistently. Then should something go wrong, it will readily recover. It will be able to accommodate whatever went wrong and continue normal operations as soon as possible. Then you have to write defensive code, code that is expecting both malicious attacks and just general errors. Defensive coding is a large part of secure coding. This leads into learning how to write resilient code in Java, in Python, in C#, and finally, writing resilient code in Javascript.
7 videos |
26m
Assessment
Badge
Security Architect: Secure Coding Concepts
Explore secure coding from the standpoint of a security architect, including best practices for both security design and architecture implementation, and the level of influence needed by a security architect to influence secure coding practices, in this 14-video course. Key concepts covered in this course include principles that define a security architecture; examining the issues and steps involved in security design; and learning the process and potential security flaws in security architecture implementation. Next, you will learn about considerations for deploying and operating an application in secure environments; learn methods and tools that can be used to help secure software through automation and testing; and learn approaches to assessing the risk of an application. Continue by examining the lifecycle of vulnerabilities in software; common coding pitfalls that lead to security vulnerabilities; and industry standards and the application domains they apply to. Finally, you will learn security concerns when adopting new technologies, coding languages, and platforms; learn secure coding architecture when deploying cloud applications; and learn practical approaches to secure coding practices.
14 videos |
56m
Assessment
Badge
Secure Programming for C#
In this course, you'll explore techniques for writing secure code, including how to use assertions, create defensible methods, write proper if and switch statements, use exceptions, and anticipate and handle errors in your C# code. During the course you will discover how to employ iterative design, pseudo code, assertions, pre- and post-conditions, testable code, parameters, return values, and variable declarations. Find out how to apply IF and SWITCH statements. Learn to create a C# application that incorporates error codes and messages into its error handlers. Recognize how to anticipate errors. Finally, learn to develop error processes, use global objects, and apply local error handlers.
16 videos |
1h 15m
Assessment
Badge
Securing C# Applications
Discover how to protect your applications from attacks and bad data! During this course, you'll learn how to identify and defend your C#+ applications from potential risks and control user input to reduce the possibility of bad data entry. Topics include how to address potential UI application risks, such as buffer overflows, code injection attacks, formatted string attacks, and DLL hijacks. Next, specify how to handle bad data in your C# applications, and learn how to constrain user input to keep out malicious entries that can break your code. From there, you will learn how to validate user input through regular expressions, and write effective exception handlers. Finally, as a review exercise, you will create a C#/ASP.NET application that runs a contact page that applies defensive code and requires validated user input.
11 videos |
58m
Assessment
Badge
Creating Secure C# Code
During this course, you'll explore techniques that help you secure your C# code, and a number of best practices. You'll begin by learning how to safely connect strings and apply common data validation techniques for C# applications. Next, you will identify why casting in the C# style is preferred to the C style. From there, learn how to recognize proper C# operator overloading, and how to follow the correct way to access internal class data. Other topics include working with loops, and understanding why for-loops are preferred to while-loops. Other topics include how to study concise, focused, readable C# function examples; how to identify the best way to use references and pointers. Finally, as a review exercise, you will create a C# application that casts correctly, uses proper data validation, and offers concise functions and methods.
10 videos |
43m
Assessment
Badge
Application Security in .NET
Explore the concepts related to securing a .NET application, including authentication, .NET security namespaces, permissions, role-based security, and impersonation. This course introduces you to .NET framework security, authentication, secure code, and security namespaces. Next, you will learn about the Microsoft Security Development Lifecycle (SDL), permissions and role-based security, the WindowsPrincipal object, and how to replace principal objects. Examine GenericPrincipal and GenericIdentity objects. Recognize .NET impersonation. Discover the benefits of claims-based security. Finally, as a review exercise, you will identify key features of .NET application security and how security is implemented.
12 videos |
46m
Assessment
Badge
Code Access Security & Cryptography in .NET
Discover how to configure Code Access Security (CAS) and cryptography in your .NET applications. Learn how to secure data access and your ASP.NET web forms. This course introduces you to ASP.NET Code Access Security (CAS), security-transparent code in .NET, partially trusted code in .NET, link demands and CAS, CAS configuration, the .NET cryptography model, encryption keys for .NET, encryption and decryption in .NET, data integrity hash codes, common threats, security tools, ASP.NET web forms, and Windows .NET authentication. Finally, as a review exercise, you will identify three of the top ten OWASP threats to .NET apps.
14 videos |
1h 5m
Assessment
Badge
SHOW MORE
FREE ACCESS
COURSES INCLUDED
Secure Programmer: Intro to Programming Standards
In this course, learners can explore various IEEE programming standards, software requirement types, and requirements gathering techniques. Discover how software quality is defined and steps to take in the change management process. Begin this 10-video course with an introduction to basic programming and software engineering concepts. Then move on to a three-part tutorial on programming standards-part A on recalling IEEE programming standards including general, testing and quality, and maintenance and documentation standards; part B on IEEE standards, including NIST SP 800-27, ISO/IEC 15504 and 24744:2014, and ISO 29110; and part C on recalling IEEE and ISO programming standards. This leads into identifying software requirement types, the functionality, usability, reliability, performance, and supportability (FURPS) model, and the requirements gathering techniques. Next, you will explore requirements gathering techniques such as brainstorming, interviews, focus groups, and reverse engineering, and examine quality and the change management process. In the final tutorial, learners observe how to apply the IEEE Std 730 standard for software quality.
10 videos |
55m
Assessment
Badge
Secure Programmer: Software Design Techniques
In this 13-video course, learners will discover a range of software engineering techniques used to design software. This includes modular, resiliency, architectural, component-level, model-driven, and pattern-based design. You will also explore how to identify well-designed code and script. Learners begin by observing modular design, which starts with the premise that code should be encapsulated into independent modules. This leads into learning about resiliency design. The various design approaches examined here are not mutually exclusive, and can be used together, particularly resiliency design, which often goes hand in hand with other design approaches to augment and enhance them. Next, study architectural design, with a look at the architecture process and how to apply it. Following on from this, you will learn how to apply both component-level design and pattern-based design. You will delve into Well Designed Java Example, and explore what makes it well designed. Also, Well Designed Python Example, which contains some nuances not common to other languages. Well Designed C# Example, Well Designed Javascript, and model-driven design are also covered.
13 videos |
1h 16m
Assessment
Badge
Secure Programmer: Software Modeling Techniques
This course extensively covers Unified Modeling language (UML), which is commonly used in software engineering to help design, understand, and work with software. It can be considered one of the core tools in a software engineer's toolbox. In this 6-video course, learners will delve into specific UML diagrams in order to obtain a deeper understanding, and some of which users will be able to use in their own software design. These diagrams will include class diagrams, activity diagrams, use case diagrams, and sequence diagrams. Next, follow an overview of Systems Modeling language (SysML), which is similar to UML but broader, so not only can it be used for software, but it can also be used for hardware, networks, or any system. Then discover how it can be used. In the final tutorial in this course, you will take a look at specific SysML diagrams, including block definition diagrams, internal block diagrams, and parametric diagrams.
6 videos |
26m
Assessment
Badge
Secure Programmer: Coding Practices
In this 12-video course, learners explore best practices for good coding along with exercises showcasing related examples. This includes good programming practices for Java, Python, C#, and Javascript. Begin with a look at how to perform software estimation of resources and time. One fundamental practice that learners need to know is how to estimate how long something will take and what resources one needs in place. You will then examine coding best practices, and some specific techniques to improve code, along with good coding examples. Following on from this, observe how to recognize bad coding examples, and examine Java code that is poorly written. Next, you will take a look at bad coding examples in Python, and recognizing bad Python programming; bad C# programming, and bad Javascript programing. This leads into learning about applying good coding examples in Java, in Python, in C#, and Javascript. The two most important takeaways from this course are understanding and recognizing both good and bad code, and the other is having a basic understanding of estimating and allocating resources.
12 videos |
46m
Assessment
Badge
Secure Programmer: Software Testing
Explore key aspects of software testing, software validation, and bug tracking methods in this 14-video course, beginning with a look at very specific testing methodologies, and an in-depth introduction into how to do testing. This leads learners into observing how to apply unit testing; integration testing; regression testing, and user acceptance testing. Another tutorial will explore the roles and responsibilities in testing, or who in one's team is responsible for what aspect of testing. You will also learn about specific testing methods, and how to do the individual test, regardless of what type it is. Following on from this, learners will examine test cases and reporting, where formalized testing requires some level of reporting and specific test cases. Then discover how to apply software metrics and explore software verification and software validation. To complete the course, you will learn about the concepts of bug tracking and how to use various bug tracking methods.
14 videos |
1h 11m
Assessment
Badge
Defensive Programmer: Defensive Concepts
Explore key defensive programming concepts including the Cert Top 10 practices for secure coding, along with other topics covered in this 9-video course. To begin, take a look at the general defense coding concepts, the basic concepts and principles that permeate defensive programming. The next two-part tutorial concerns CERT top 10 secure coding practices: Part A on the first five CERT top 10 secure coding practices-validate input, Heed compiler warnings, Architect and design for security, keep it simple, and the default deny. Part B covers the last five CERT top 10 secure coding practices-adhere to the principles of least privilege, sanitize data sent to other systems, practice defense in depth, use effective quality assurance techniques, and adopt a secure coding standard. This leads learners into learning how to apply defensive coding; using Open Source Security Testing Methodology Manual concepts for secure testing, and applying the Flaw Hypothesis Method. The final tutorial in this course looks at the role of Six Sigma in producing better quality, secure programming.
9 videos |
43m
Assessment
Badge
Defensive Programmer: Defensive Techniques
In this course, learners discover the importance of exception handling, validation, and parameter checking in programming. Explore how to handle exceptions and apply validation in Java, Python, C#, and Javascript, as well as how to configure component trust and reuse code, in this 17-video course. Begin by learning how to apply exception handling effectively, and then take a look at validation techniques and procedures. Learners will explore reliability, resiliency, and recoverability and how it can be achieved in software engineering. Next, you will look at CDI/UDI (constrained data item/unrestrained data item), why it is important, and how it should be done. You will delve into parameter checking; using Java exception handling; using Python exception handling, and using Javascript exception handling. You will then explore using Java validation; Python validation; C# validation, and Javascript validation. In the final tutorials you will examine component trust, including when and how to achieve trust of components, and learn how to reuse code effectively and defensively.
17 videos |
1h 16m
Assessment
Badge
Defensive Programmer: Cryptography
This 8-video course helps learners explore the basics of programming cryptography, cryptography types, and applications, and also examines encryption implementation code examples. In the first of two tutorials on encryption concepts, you will explore the critical concepts of symmetric versus asymmetric cryptography, and when to use one as opposed to another, by learning the benefits of one over the other. In the second tutorial, learners will continue by examining specific algorithms such as AES, DES, RSA, Diffie-Hellman, and Elliptic Curve, and by looking into the strengths and weaknesses of these particular algorithms. Next, you will take a careful look at the important concepts of confidentiality and integrity, the use of hash codes, message authentication codes, and HMACs (hash message authentication codes). In the final four tutorials in this course, learners will explore specific code samples, where one can see Java cryptography, Python cryptography, C# cryptography, and Javascript cryptography being implemented.
8 videos |
31m
Assessment
Badge
Defensive Programmer: Advanced Concepts
Learners can explore advanced defensive coding concepts and practices such as session and risk management, assertive programming, and intelligible exceptions in this 6-video course. In the first tutorial, you will examine better ways to carry out secure session management, which is particularly pertinent for those that work on e-commerce sites or web programming. You will then move on to a study of risk management; risk is unfortunately a part of every project, including programming. Everyone would like to reduce risk to a zero level, but that is simply not realistic, so risk must be analyzed and quantified, to bring it down to a level that is acceptable and manageable. In this tutorial, you will therefore observe how to define risk management and learn how to apply risk management to software projects. Next, you will learn about assertive programming, take an overview and discover how to implement assertions. The final tutorial in this course covers intelligible exceptions, and learning how to implement meaningful and actionable exception handling.
6 videos |
18m
Assessment
Badge
Defensive Programmer: Code Samples
In this course, learners will discover how to implement defensive coding techniques such as filtering, resilient code, recoverable code, parameter checking, and validation by examining Java, Python, C#, and Javascript code examples. The tutorials in this 22-video course all entail walking through code samples step by step, so by examining code samples in these diverse languages, learners will become better able to apply these techniques to their own programming projects. Begin by learning how to implement Java filtering; Python filtering; C# filtering, and Javascript filtering. Then move on to implementing Java resilient code; Python resilient code; C# resilient code, and Javascript resilient code. Next, discover how to implement Java recoverable code; Python recoverable code; C# recoverable code, and Javascript recoverable code. This leads learners into implementing Java parameter checking; Python parameter checking; C# parameter checking, and Javascript parameter checking. In the final set of tutorials, you will discover how to implement validation in Java; in Python; in C#, and in Javascript.
22 videos |
1h
Assessment
Badge
Defensive Programmer: Secure Testing
In this 8-video course, explore the basics of secure testing methodologies such as unit, regression, and integration testing. Discover how to work with security metrics and track security bugs. Begin by looking at the concepts of security testing, and the goals of testing. The course offers an overview and a framework with which to conduct security testing. This framework is applicable to any particular approach to testing-whether automated or manual, unit, integration, or regression testing, the same conceptual framework will apply. Then learners move on to secure unit testing, and how to apply it, including how secure testing is done and who should do it. The next tutorial involves secure regression testing, which is, in general, a term for testing after a change has been made, so you will learn how to apply effective and secure regression testing. You will also explore secure integration testing, how to apply it and when and who conducts integration testing. Then discover how to use effective security metrics, and finally, how to effectively track security bugs.
8 videos |
28m
Assessment
Badge
Introduction to Secure Programming
Explore the basic concepts of the secure programming methodology, including identifying potential security risks. This course introduces you to defensive and secure programming, and the importance of testing your code. You will begin by learning how to identify potential risk sources from user input, external data sources, weak access security, inadequate input validation, poor code, and unhandled exceptions. Next, see how to initiate defensive programming in all stages of the software life cycle. From there you will study the purpose of software tests, test guidelines, the software testing process, and low-level design inspection steps. Conclude by learning the levels, steps, guidelines, and benefits of unit testing.
8 videos |
37m
Assessment
Badge
SHOW MORE
FREE ACCESS
EARN A DIGITAL BADGE WHEN YOU COMPLETE THESE COURSES
Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.
Digital badges are yours to keep, forever.SKILL BENCHMARKS INCLUDED
Secure Programming Competency (Intermediate Level)
The Secure Programming Competency (Intermediate Level) benchmark evaluates your ability to describe and apply secure coding concepts. You will be assessed on your skills in recognizing and evaluating vulnerabilities. Learners who score high on this benchmark demonstrate that they have the skills to avoid common programming errors that can undermine security and are able to recognize the OWASP Top 10 commonly encountered vulnerabilities.
16m
| 16 questions
Secure Programming Proficiency (Advanced Level)
The Secure Programming Proficiency (Advanced Level) benchmark measures your knowledge of common cryptographic algorithms. You will be assessed on your ability to recognize common attacks and the coding mistakes that make software vulnerable to attacks and apply software resiliency techniques. Learners who score high on this benchmark demonstrate that they have the skills to apply encryption and resilient coding technique.
16m
| 16 questions
SKILL BENCHMARKS INCLUDED
Defensive Programming Literacy (Beginner Level)
The Defensive Programming Literacy (Beginner Level) benchmark evaluates your knowledge of fundamental defensive programming concepts and practices, cryptography concepts, and how to implement them in code. You will be assessed on your skills in applying specific defensive coding techniques such as exception handling, parameter checking, validation, component trust, and reuse. Learners who score high on this benchmark demonstrate that they have the skills to apply defensive and cryptographic techniques in programs.
20m
| 20 questions
Defensive Programming Competency (Intermediate Level)
The Defensive Programming Competency (Intermediate Level) benchmark measures your knowledge of advanced defensive coding practices such as session and risk management, assertive programming, and intelligible exceptions. You will be assessed on your ability to apply defensive coding techniques such as filtering, resilient code, recoverable code, parameter checking, and validation and apply secure coding concepts and processes. Learners who score high on this benchmark demonstrate that they have the skills to apply advanced defensive coding techniques and secure coding practices.
20m
| 20 questions
Secure Programming Awareness (Entry Level)
The Secure Programming Awareness (Entry Level) benchmark measures your knowledge of key concepts related to the standards and methodologies of programming and software engineering. You will be assessed on your skills in designing software using well-established software engineering techniques. Learners who score high on this benchmark demonstrate that they have an awareness of programming standards.
12m
| 12 questions
Secure Programming Literacy (Beginner Level)
The Secure Programming Literacy (Beginner Level) benchmark measures your knowledge of basic software modeling techniques. You will be assessed on your skills in applying good coding practices, recognizing bad coding, and describing and applying software testing methodologies. Learners who score high on this benchmark demonstrate that they have the skills to follow good coding practices and software methodologies.
15m
| 15 questions
SHOW MORE
FREE ACCESS
YOU MIGHT ALSO LIKE
Channel
Wintellect IT Security