Q/SSE® Qualified/ Software Security Expert Certification Everyone, no matter what software you write, software protocols, internal processes or you're responsible for secure programming. You all need to know secure coding techniques that minimize the adverse effects of SQL or other malicious hacker attacks on code. This class is for everyone! If you want to learn how add Microsoft's SDL, sanitize inputs and test code this class is for you, if you write code this class is for you because everyone needs to know software security and how to BREAK & FIX software. This 3-part, 5 day class delivers the best of all of the Qualified Software Security Expert classes and more. It includes items that are defensive in nature (e.g. checking error return codes before using, other data structures that should have been created, or protecting against using a pointer after it has been released), process-related and risk- related, hacking and XSS . Also included are items on how to prevent attacks with a step-by-step process how to FIX software with counter measures that protect your code. Passing the Q/SSE classes and exams qualifies you to take the Q/SSE exam. The Q/SSE exam is made up questions you have seen from the Q/SSE classes that you take before the Q/SEE 100 multiple choice EXAM. Or you can Master the Q/SSE EXAM without taking any Q/SSE classes by passing the Q/SSE exam with a 80 or better and prove you have mastered the tactical software security skills labs from each Q/SEE class that proves your "qualified" for the job. Lastly, its all about the web killer app. Web servers ARE the target of choice for hackers. 97% of all web applications are vulnerable, and better network security isn't the only answer! We explore a model for web application testing and discuss web application concerns, including accountability, availability, confidentiality and integrity. You will go well beyond the OWASP 10 to look at 19 specific web application attacks, including attacking the client, state, data and the server. When you leave these classes you are ready to defend your c0d3! The best of Security University's Qualified SW Security Expert classes in a 5-day - $2,995 Q/SSE ® Qualified SW Security Expert 5-Day Bootcamp Q/SSP ® Qualified SW Security Penetration Tester SW Testing Onsite Bootcamp How to Break & FIX Web Applications How to Break and FIX Software Fundamentals of Secure Software Programming Q/SSH ® Qualified SW Security Hacker Q/SSBT ® Qualified SW Security Testing Best Practices Introduction to Reverse Engineering Class Price: $2,995     Time: 8am -6pm Location: check schedule Prerequisites: TCPIP CPE Credits: 40 Instructor: Highly qualified Software Security instructors, actively involved in the Application Security community Learning Level : Basic Programmer - Intermediate Programmer to Advanced Who Should Attend Software testers, software developers, development and test managers, security auditors and anyone involved in software production for resale or internal use will find it valuable. Information Security and IT managers; Information Assurance Programmers; Information Security Analysts and Consultants; Internal Auditors and Audit Consultants. What Is CWE? Targeted to developers and security practitioners, CWE is a formal list of software weaknesses, idiosyncrasies, faults, and flaws created to: •  Serve as a common language for describing the source code, software design, or software architecture causes of software security vulnerabilities. •  Serve as a standard measuring stick for software security tools targeting these issues. •  Provide a common baseline standard for identification, mitigation, and prevention of these weaknesses. QA Specialists - Get our What is CWE? PDF now! For additional information about CWE, click here. Introduction to Software Security Common Coding and Design Errors Common Software Vulnerabilities Fixes for Common Software Vulnerabilities Data Issues Information Disclosure Storing Passwords in Plain Text The Swap File and Incomplete Deletes Creating Temporary Files Leaving Things in Memory Weakly-Seeded Keys and Random Number Generation On the Wire Trusting the Identity of a Remote Host (Spoofing) Volunteering Too Much Information Proprietary Protocols Loops, Self References and Race Conditions Web Vulnerabilities Defensive Coding Principles Security Testing and Quality Assurance Web Vulnerabilities Gathering information on the target How web apps are built Attack 1: Looking for information in HTML comments Attack 2: Guessing filenames and directories Attack 3: Vulnerabilities in example applications Attacking the Client The Need for a Rich UI Attack 4: Selections outside of ranges Attack 5: Client Side Validation Attacking State Trusting the Identity of a Remote Host (Spoofing) Volunteering Too Much Information Proprietary Protocols Loops, Self References and Race Conditions Web Services Privacy Attacking Data Attacking the Server Tool Support Defensive Coding Principles Introduction Are you a Hacker or a Tester? Learn the difference Learn about the Three Characteristics of Good Testing Where are the bugs? Learn Methods to seek the “hidden” ones Understanding the Environment Software Capabilities Software Testing An Overview of the Methodology of How to Break Software The User Interface (UI) UI Areas 1 & 2: the Input and Output Domains UI Area 3: Stored Data UI Area 4: Computation The Kernel Interface The File System Interface The Software Interface Security Testing and Quality Assurance Introduction Where does Security Testing fit into the product lifecycle? Definition of a Security Bug Role of the Security Tester in the organization Overview of Security Testing Elements Methodology Security Testing Roles Threat Modeling Risk Assessments Security Test Planning Test Team Organization and Planning Reporting In-Depth Look at Security Vulnerabilities (Labs and Lecture) System Level Data Parsing Information Disclosure On the Wire Websites Know Your Enemy Step by Step Methodology and models for effective software testing How to develop an insight to find those hard to find bugs How to test Inputs and Outputs from the User Interface How to test Data and Computation from the User Interface How to test the File System Interface How to test the Software/OS interface How to use tools to inject faults for the file system and OS testing Gathering Information on the Target Attacking the Client Attacking State Attacking Data Attacking the Server Web Services Privacy Tool Support Know your Security Solutions Web Attacks and Countermeasures Methodology Security Vulnerabilities and Countermeasures Best Practices System Level Data Parsing Information Disclosure On the Wire Web Sites *Class fees are subject to change Top  View Class Schedule