Q/SSE® Qualified/ Software Security Expert Certification Bootcamp
Everyone, no matter what software you write, software protocols, internal processes or you're responsible for secure programming. You all need to know secure coding techniques that minimize the adverse effects of SQL or other malicious hacker attacks on code.
This class is for everyone! If you want to learn how add Microsoft's SDL, sanitize inputs and test code this class is for you, if you write code this class is for you because everyone needs to know software security and how to BREAK & FIX software.
This 3-part, 5day class delivers the best of all of the Qualified Software Security Expert classes and more. It includes items that are defensive in nature (e.g. checking error return codes before using, other data structures that should have been created, or protecting against using a pointer after it has been released), process-related and risk- related, hacking and XSS . Also included are items on how to prevent attacks with a step-by-step process how to FIX software with counter measures that protect your code.
Passing the Q/SSE classes and exams qualifies you to take the Q/SSE exam. The Q/SSE exam is made up questions you have seen from the Q/SSE classes that you take before the Q/SSE 100 multiple choice EXAM. Or you can Master the Q/SSE EXAM without taking any Q/SSE classes by passing the Q/SSE exam with a 80 or better and prove you have mastered the tactical software security skills labs from each Q/SEE class that proves your "qualified" for the job.
|Time:||8:00 am -5pm|
|Prerequisites:||Understanding of TCP/IP protocols|
|Instructor:||Highly qualified Software Security instructors, actively involved in the Application Security community|
Method of Delivery - Residential On Ground
Method of Evaluation: 1. 95 % attendance 2. 100 % completion of Lab
Grading: Pass = 95% Attendance and 100% Completion of Labs and Practical
Fail => 95% Attendance and > 100% Completion of Labs and Practical
Learning Level: Basic Programmer - Intermediate Programmer to Advanced
Who Should Attend
Software testers, software developers, development and test managers, security auditors and anyone involved in software production for resale or internal use will find it valuable. Information Security and IT managers; Information Assurance Programmers; Information Security Analysts and Consultants; Internal Auditors and Audit Consultants; QA Specialists.
What Is CWE? Want more info on CWE?
Click here for: What is CWE? PDF
Targeted to developers and security practitioners, CWE is a formal list of software weaknesses, idiosyncrasies, faults, and flaws created to:
Serve as a common language for describing the source code, software design, or software architecture causes of software security vulnerabilities.
Serve as a standard measuring stick for software security tools targeting these issues.
Provide a common baseline standard for identification, mitigation, and prevention of these weaknesses.
I. Intro to Software Security
Common Software Coding and Design Errors and Flaws
Students will learn about the range of software development errors and flaws that create application security, reliability, availability and confidentiality failures. Specifically in this section we will deal with those vulnerabilities that are common across language implementations (C, C++ and Java). For each vulnerability type, the course will cover real-world examples illustrated in code - of failures along with methods to find, fix and prevent each type of flaw.
- Accepting Arbitrary Files as Parameters; Default or Weak Passwords; Permitting Relative and Default Paths
- Administrative, Software and Service Back Doors; Dynamic Linking and Loading; Shells, Scripts and Macros
- Parsing Problems
- Integer Overflows
- Storing Passwords in Plain Text
- The Swap File and Incomplete Deletes
- Creating Temporary Files
- Leaving Things in Memory
- Weakly-Seeded Keys and Random Number Generation
On the Wire
- Trusting the Identity of a Remote Host (Spoofing)
- Volunteering Too Much Information
- Proprietary Protocols
- Loops, Self References and Race Conditions
II. Web Vulnerabilities . The web is different. We will address common web vulnerabilities, how to find them, how to prevent them.
- Cross Site Scripting; Forceful Browsing; Parameter Tampering;
- Cookie Poisoning; Trusting SSL; Hidden Field Manipulation;
- SQL Injection; Security on the Client; Trusting the Domain Security Model
III. Defensive Coding Principles
This section is designed to educate developers and testers on the general principles of secure coding. This includes a historical perspective on software failure, when good design goes bad, and 18 defensive coding principles to live by.
IV. Security Testing and Quality Assurance
This includes the difference between functional and security testing, understanding and application's entry points, and spotting three classes of security bugs: dangerous inputs, rigged environment and logic vulnerabilities.
Each section will have an in depth hands on lab
Gathering information on the target
- How web apps are built
- Attack 1: Looking for information in HTML comments
- Attack 2: Guessing filenames and directories
- Attack 3: Vulnerabilities in example applications
Tools and Threats.
Attacking the client
- The need for a rich UI
- Attack 4: Selections outside of ranges
- Attack 5: Client side validation
- Fault Injection and Fuzzing
- Java security managers, policy files, and JAAS
- ASP.NET Security
- XOR, Base64 and Garbage Data Obfuscation
- Session fixation
- Advanced SQL Injection
- Oracle PL/SQL Injection
- .Net Security tokens, XML signature, XML canonicalization, and XML encryption
- .Net WS-Trust and WS-SecureConversation
- Error Control Verbosity Abuse
A attacking State
- Why state is important
- Attack 6: Hidden fields
- Attack 7: cgi parameters
- Attack 8: cookies
- Attack 8: Forceful browsing
- Attack 9: session hijacking
- Attack 10: Cross-site scripting
- Attack 11: SQL Injection
- Attack 12: Directory traversal
- Attack 13: Buffer overflows
- Attack 14: Canonicalization
- Attack 15: Null-string attacks
Attacking the server
- Attack 17: SQL injection II stored procedures
- Attack 18: Command injection
- Attack 19: fingerprinting the server
- Attack 20: Death by 1,000 cuts (DOS)
- Attack 19: Fake cryptography
- Attack 20: Breaking basic authentication
- Attack 21: Cross Site Tracing
- SQL Server: Exploitation and Defense
- Network Transmission Security with the JSSE API/SSL
- Moving to web services
- Common Attacks
- Constraints on input and output
- Attack 22: web services specific attacks
- Code Origin Access Control Methods
- WS Security, XKMS, and WS-I Basic security profile
- SecureXML Libraries
- Privilege Escalation Opportunities
- Race Conditions
- Cross Site Scripting Injection
- .Net Secure Remoting
- Windows Forms Security
- Securely Maintaining Session State – Best Practices
- Who you are, where have you been
- Methods for gathering data
- A review of web security/vulnerability scanning tools
- Introduction to HolodeckWeb/ WebGoat form the OWASP WebGoat Project / Web Scarab from the OWASP WebScarab Project
- A step by step methodology and models for effective software testing
- A plan for on-the-fly testing
- How to develop an insight to find those hard-to-find bugs
- How to attack Inputs and Outputs from the User Interface
- How to attack Data and Computation from the User Interface
- How to attack the File System Interface
- How to attack the Software/OS Interface
- How to use tools to inject faults for File System and OS testing
Live vulnerability and exploit tour! This is the core of the class. In this section, attendees will go through a wide range of software vulnerabilities and labs to show sample exploits of these vulnerabilities live. Labs include: cross-site scripting, SQL injection, buffer overflows, format string vulnerabilities, and many others software vulnerabilities. Attendees gain awareness and key insights into these vulnerability type, the ease with which the attacker community can exploit them and what to do to prevent these critical attacks. check out the
OWASP Top Ten Project
You'll use open source tools from OWASP in class - OWASP Tools Project
Tools and Threats. The threat is growing and so is the number of tools that lower the bar for attackers. This section takes the attendees inside the underground world of the attacker tools.
Thinking Like the Attacker: Threat Modeling. A critical step in securing software or system is to methodically think through threats. In this section we present several techniques for threat modeling and also walk the audience through the process of modeling threats against several systems.
Incorporating Threats Into Software/System Design, Development, Testing and Deployment. By thinking about threats at each stage of the development lifecycle, we can make software and systems that are more resilient to attack. Attendees will walk away with an introduction to tools and techniques to build security in.
We sneak in Reverse Engineering too!
*Class fees are subject to change