Software Security & Secure Coding Course Description
EC-Council Certified Secure Programmer
lays the basic foundation required by all application developers and development organizations to produce applications with greater stability and posing lesser security risks to the consumer. The Certified Secure Application Developer standardizes the knowledge base for application development by incorporating the best practices followed by experienced experts in the various domains.
The distinguishing aspect of software security course ECSP is that unlike vendor or domain specific certifications, it exposes the aspirant to various programming languages from a security perspective. This drives greater appreciation for the platform / architecture / language one specializes on as well as an overview on related ones.
Who Should Attend
The ECSP certification is intended for programmers who are responsible for designing and building secure Windows/Web based applications with .NET/Java Framework. It is designed for developers who have C#, C++, Java, PHP, ASP, .NET and SQL development skills.
You must have programming fundamental knowledge.
5 days (9:00 – 5:00)
The secure coding course
ECSP 312-92 exam will be conducted on the last day of training. Students need to pass the online Prometric exam to receive the ECSP certification.
Module I: Introduction to Secure Coding
- Software Security Scenario
- Secure Coding
- Common Security Mistakes
- Why Security Mistakes Are Made
- Need for Secure Programming
- Building Blocks of Software Security
- Types of Security Vulnerabilities
- Vulnerability Cycle
- Types of Attacks
- Hackers and Crackers or Attackers
- Risk Assessment and Threat Modeling
- STRIDE Threat Model
- Common Criteria
- Security Architecture
- Security Principles
- Secure Development Checklists:
- Use of Privilege
- Data, Configuration, and Temporary Files
- Network Port Use
- Audit Logs
- User-Server Authentication