Get Q/ualified!

Q/SSE® Qualified/ Software Security Expert Certification

Everyone, no matter what software you write, software protocols, internal processes or you're responsible for secure programming. You all need to know secure coding techniques that minimize the adverse effects of SQL or other malicious hacker attacks on code.

This class is for everyone! If you want to learn how add Microsoft's SDL, sanitize inputs and test code this class is for you, if you write code this class is for you because everyone needs to know software security and how to BREAK & FIX software.

This 3-part, 5 day class delivers the best of all of the Qualified Software Security Expert classes and more. It includes items that are defensive in nature (e.g. checking error return codes before using, other data structures that should have been created, or protecting against using a pointer after it has been released), process-related and risk- related, hacking and XSS . Also included are items on how to prevent attacks with a step-by-step process how to FIX software with counter measures that protect your code.

Passing the Q/SSE classes and exams qualifies you to take the Q/SSE exam. The Q/SSE exam is made up questions you have seen from the Q/SSE classes that you take before the Q/SEE 100 multiple choice EXAM. Or you can Master the Q/SSE EXAM without taking any Q/SSE classes by passing the Q/SSE exam with a 80 or better and prove you have mastered the tactical software security skills labs from each Q/SEE class that proves your "qualified" for the job.

Lastly, its all about the web killer app. Web servers ARE the target of choice for hackers. 97% of all web applications are vulnerable, and better network security isn't the only answer! We explore a model for web application testing and discuss web application concerns, including accountability, availability, confidentiality and integrity. You will go well beyond the OWASP 10 to look at 19 specific web application attacks, including attacking the client, state, data and the server. When you leave these classes you are ready to defend your c0d3!

The best of Security University's Qualified SW Security Expert classes in a 5-day - $2,995
Q/SSE ® Qualified SW Security Expert 5-Day Bootcamp
Q/SSP ® Qualified SW Security Penetration Tester
SW Testing Onsite Bootcamp
How to Break & FIX Web Security
How to Break and FIX Software
Fundamentals of Secure Software Programming
Q/SSH ® Qualified SW Security Hacker
Q/SSBT ® Qualified SW Security Testing Best Practices
Introduction to Reverse Engineering

Class Price: $2,995
Time: 8am -6pm
Location: check schedule
Prerequisites: TCPIP
CPE Credits: 40
Instructor: Highly qualified Software Security instructors, actively involved in the Application Security community

Learning Level : Basic Programmer - Intermediate Programmer to Advanced

Who Should Attend

Software testers, software developers, development and test managers, security auditors and anyone involved in software production for resale or internal use will find it valuable. Information Security and IT managers; Information Assurance Programmers; Information Security Analysts and Consultants; Internal Auditors and Audit Consultants.

What Is CWE?

Targeted to developers and security practitioners, CWE is a formal list of software weaknesses, idiosyncrasies, faults, and flaws created to:

•  Serve as a common language for describing the source code, software design, or software architecture causes of software security vulnerabilities.

•  Serve as a standard measuring stick for software security tools targeting these issues.

•  Provide a common baseline standard for identification, mitigation, and prevention of these weaknesses.

QA Specialists - Get our What is CWE? PDF now!

For additional information about CWE, click here.

Software Security Analysis

This knowledge unit ensures that students will possess the ability to analyze software for the presence of weaknesses that may lead to exploitable vulnerabilities in operational systems.
Source code analysis
Binary code analysis
Static code analysis techniques
Dynamic code analysis techniques
Testing methodologies (Black Box/White Box/Fuzz)

Outcome: Students will be able to perform analysis of existing source code for functional correctness. They will be able to apply industry standard tools that analyze software for security vulnerabilities. Through the application of testing methodologies, students should be able to build test cases that demonstrate the existence of vulnerabilities.

Secure Software Development (Building Secure Software)
This knowledge unit ensures that students are knowledgeable in the methods that lead to the development of robust, secure software.

Secure programming principles and practices
Constructive techniques (What process might provide for “good code.”)

Outcome: Students should be able to demonstrate that they understand the techniques specifying program behavior, the classes of well known defects, how they manifest themselves in various languages, and show that they are capable of authoring programs that are free from defects.

Embedded Systems

Outcome: Students will be able to define requirements which lead to the design and fabrication of an embedded system. They will be able to program the microcontrollers to achieve an application-specific design and identify the security concerns associated with resource constrained devices.
Forensics and Incident Response or Media Exploitation (not focusing on the legal aspect)
Operating system forensics
Media forensics
Network forensics
Component forensics (cell phones, hard drives, etc.)
Outcome: Students will be able to develop a profile of an individual user's activity, determine the manner in which an operating system or application has been subverted, recover “deleted” and/or intentionally hidden information from various types of media, and demonstrate proficiency with handling a large number of different kinds of components.

Systems Programming

This knowledge unit ensures that students will be proficient in programming systems software (i.e., software that interacts with the system hardware and/or other low-level system components that interact with the hardware). Systems programming usually uses a low-level programming language (e.g., C, assembly) that allows efficient use of core resources. Systems programming is sufficiently different from applications programming such that programmers tend to specialize in one or the other.
Kernel internals
Device drivers
Multi-threading
Use of alternate processors (e.g., graphics card processors)

Outcome: Students will be able to build and integrate kernel modules, understand the system call mechanism and how malicious software subverts system calls. They should demonstrate sufficient knowledge of the networking stack to be able to construct network filter components. They will also be able to discuss strengths and weaknesses of alternative processors and demonstrate familiarity of tool sets for making use of alternative processors (e.g., GPUs).

Introduction to Software Security

Web Vulnerabilities

Defensive Coding Principles Security Testing and Quality Assurance Know Your Enemy Know your Security Solutions

*Class fees are subject to change

Hacme Books vs 2.0 Strategic Secure Software Training Application  http://www.foundstone.com/us/resources/whitepapers/hacmebooks_userguide2.pdf
Papers on SoftwareMag.com, such as:  "Implementing a Software Security Training Program" http://www.softwaremag.com/L.cfm?doc=1174-10/2008 "Holistic Approach for Secure Software" http://www.softwaremag.com/L.cfm?doc=1155-8/2008
Roman also published a paper for ISSA Journal, on "How virtualization affects PCI-DSS, A review of Top 5 Issues": https://dev.issa.org/Library/Journals/2010/January/Hau-How%20Virtualization%20Affects%20PCI%20DSS.pdf

View Class Schedule