Training > Cybersecurity > Securing Coding Fundamentals (WSKF601)

INSTRUCTOR-LED COURSE

Empower yourself to write and verify secure software by design. Learn and practice with hands-on labs that build behavior-changing skills fundamental to security implementation, boosting your professional IT security maturity.

Key Benefits for You:

✔ Live, instructor-led hands-on labs
✔ Learn to incorporate security into your software design process
✔ Increase your productivity and the security of your coding

Who Is It For

This course is designed for developers, DevOps, testers, auditors, and security professionals involved in the modern software development process who want to learn to build secure software by design, not an afterthought.

read less read more

What You’ll Learn

Participants will learn to independently test for web application vulnerabilities, perform threat modeling sessions, and prevent business logic vulnerabilities. Hands-on labs will increase your understanding of how to fix vulnerabilities and which design patterns to apply. Participants will also learn to practice security by design using the Security Knowledge Framework and use security automation to add value to the CI/CD pipeline.

read less read more

What It Prepares You For

By completing this course, participants will be prepared to write and independently test for web application and other vulnerabilities, fix vulnerabilities and apply secure design patterns using the Security Knowledge Framework. Participants will grow their security maturity with behavior-changing impact for new career opportunities.

read less read more

Course Outline

Expand All

Collapse All

Module 1: Intro to principles and practice of secdev

- Introduction to vulnerabilities
- Playing with identifying real threats and security requirements

Module 2: Code security

- Common server-side vulnerabilities and their defense
- Injections: SQLi, XML injections, JSON, XPath, XSS, cookie injection, open redirection, http header injection
- Path traversal, XXE, Buffer overflow, Zip bomb, Million laugh, RFI, Insecure file upload, Code execution
- Insecure direct object reference

Module 3: Security design

- Security by design
- Threat modelling
- Separation of duties, trust boundaries, security boundaries, defense in depth, principle of least privilege, minimizing the attack surface, risk driven mitigation
- Business logic vulnerabilities

Prerequisites

Participants should have a basic understanding of web development principles and familiarity with the chosen development language. They will need a computing system with adequate performance specifications and access to the provided demo environments.

$3250

Feb, 12 - 14, 2025

9:00 am - 5:00 pm US/Central

Virtual, Instructor-Led

Enroll Now Get a Quote

Dates don't work? Check out our partner schedule

100% Money Back Guarantee

Includes

Live Online (Virtual) or Live (Classroom)

3 days of Instructor-led class time

Hands-on Labs & Assignments

Resources & Course Manual

Certificate of Completion

Digital Badge

Get help to convince your boss

Experience Level: Intermediate

Training more than 10 people?Get a corporate quote

How To Register Someone Other Than YourselfInstructions

Stay Up to Date

Get early access to the latest Linux Foundation Training news, tutorials and exclusive offers – available only for monthly newsletter subscribers.

Get exclusive discounts, news, and more with our free newsletter

Name*
First Last
Email*
{"image":"/wp-content/themes/lf/images/newsletter.png"}
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

We won’t ever send you spam, promise.

© 2024 Linux Foundation - Education. The Linux Foundation®. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds.
Terms of Use | Privacy Policy | Bylaws | Trademark Usage | Antitrust Policy | Good Standing PolicyAccelerated by