1 / 10

Hack2Secure SECURE SDLC Workshop

<br>Secure Software Development Life Cycle or Secure SDLC is a systematic and structured concept to integrate Security at every phase of Software Development Life Cycle. <br>Ensuring security in a product from scratch, not only helps in ensuring all compliances and basic security requirements but can also assist in implementing Security Controls at Low Cost.It is adopted as a standard procedure by organizations to meet the industry requirements and deliver high-quality<br>and secure software.

Neeranjan
Download Presentation

Hack2Secure SECURE SDLC Workshop

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SECURE SDLC WORKSHOP Explore Security across Software Development Phases Program Reference Guide 5 Days | HANDS ON | 36 CPEs | SWADLP CURRICULUM | LAPTOP REQUIRED 24 - 28 APRIL 2017 | Hack2Secure, Bangalore www.hack2secure.com | training@hack2secure.com

  2. Hack2Secure Secure SDLC Workshop [24-28 April 2017]: Reference Guide 1 Table of Content About Secure Software Development Lifecycle Secure SDLC Workshop: About Secure SDLC Workshop: Curriculum Secure SDLC Workshop: References Secure SDLC Workshop: Schedule & Other Details Page 6 About SWADLP Certification About Hack2Secure Page 2 Page 3 Page 4 Page 5 Page 7 Page 8 For more details, visit www.hack2secure.com/sdlcws www.hack2secure.com | training@hack2secure.com

  3. Hack2Secure Secure SDLC Workshop [24-28 April 2017]: Reference Guide 2 Secure Software Development Lifecycle Hackers are continuously exploring new Tools, Techniques and Measures to attack an application and gain control on it for their malicious purpose. Typically, Security is considered as Developer’s task to implement and Tester’s task to ensure in any application development process. However, their major focus is on Application Functionality and Features and Security is the last preferable item in their list. This approach has been proved disastrous time and again, as it always leads to last minute unplanned changes to incorporate fix for security flaw or requirement, additional complexity in code or distorted functionality, missed out of number of security compliance requirements and may lead to untested shipped vulnerabilities. Moreover, unexplored threat vectors also adds-up to the woes and may result as major reason behind security attack or compromise. Secure Software Development Life Cycle or Secure SDLC is a systematic and structured concept to integrate Security at every phase of Software Development Life security in a product from scratch, not only helps in ensuring all compliances and basic security requirements but can also assist Security Controls at Low Cost. Cycle. Ensuring in implementing It is adopted as a standard procedure by organizations to meet the industry requirements and deliver high-quality and secure software. How it helps? Early Identification and Mitigation of Security Vulnerabilities Reduced Security Control Implementation Cost Awareness of Potential Engineering Challenges Measurable and Comprehensive Security Risk Management Security Assurance and Industry Compliant Software Adoption of Security Standards, Best Practices and Methodologies Effective Security Decision making and Process implementation For more details, visit www.hack2secure.com/securesdlc www.hack2secure.com | | info@hack2secure.com

  4. Hack2Secure Secure SDLC Workshop [24-28 April 2017]: Reference Guide 3 Secure SDLC Workshop: About HANDS ON | 5 DAYS | LAPTOP REQUIRED| 36 CPEs| SWADLPCURRICULUM Date: 24-28 April 2017 | Venue: Hack2Secure, Bangalore Hack2Secure’s Secure Software Development LifeCycle (Secure SDLC or SSDLC) Workshop provides hands-on exposure and relevant Case Studies to assist in integrating Security at every phase of Web Application Development Lifecycle. It ensures exposure on different Application Security standards and best practices from NIST, OWASP, CERT, PCI-DSS etc. Get aligned with Industry Security Standards and Best Practices  PCI DSS, NIST, FIPS, recommended Security Policies and Practices Alignment with BSIMM7 & OpenSAMM based Framework  OWASP Practices OWASP and CERT recommended Secure Coding Practices Web Application Security Testing   Key Take Away    Basic Security Concepts & OWASP Top10 Different phases of SDL from Security prospect Secure Software Development and Assurance Methodologies Gathering Security Establishing Baseline Software Security Risk Management Security Checkpoints & Quality Gates     Product Security Policy Secure Design Principles & Threat Modeling Secure Coding Practices & Review Guidelines Web Application Security Techniques and Methodologies Final Security Review Plan Incident Handling Plan Supply Chain Risk Management Testing Tools,  Requirements and      Who Should Attend? Software Security Team Software Management Development Team Team Security Engineers, Testers and Analyst Application/Software Architects Program / Project / Product Application Penetration Testers Software Developers Managers & Directors Security Consultants QE/QA/Testing Team Team Leads Auditors Software Consultants Assurance Team Product Security Office Research Engineers Application Senior Management Students [Management & Technical Stream] Student Anyone Looking to pursue Career in Secure Software Who wants to explore practices and processes Development and Management in Secure Application Development For more details, visit www.hack2secure.com/sdlcws www.hack2secure.com| training@hack2secure.com

  5. Hack2Secure Secure SDLC Workshop [24-28 April 2017]: Reference Guide 4 Secure SDLC Workshop: Curriculum DAY 1 Secure SDLC Phase#1: Training and Awareness  About Secure SDLC Process, Requirements & Methodologies  Adoption of Secure SDLC in Agile  Core Security Concepts & Related Attacks  C.I.A. Triad, A.A.A. Concept  Public key Infrastructure (PKI), SSL/TLS Protocol, Hashing, Digital Signature  Security Design Principles  Overview on Concepts like Risk, Threat & Vulnerability. Risk Management concept  Security Policies, Procedures, Guidelines & Best Practices  Security Standards, Compliances  Secure SDLC Standards & Frameworks o NIST SP 800-64 o BSIMM7 Framework o OpenSAMM  Security Assurance Methodologies  STRIDE, DREAD & OCTAVE  Common Vulnerability Scoring System (CVSS)  Overview on OWASP Top10 Web Application Security Risk DAY 3 Secure SDLC Phase#4: Secure Implementation (Coding)  Application Coding: Common Security Myths  CWE Top25 Programming Errors  Implementation Level Controls against  OWASP Top10 Web Security Risk  Buffer Overflow  Insecure Cryptographic Storage  Information Leakage and Improper Error Handling  Defensive Coding Practices  Input Validation, Canonicalization, CAS  Declarative vs Programmatic Security  Exception Management  Security Code Review process & Best Practices Regulations and DAY 4 Secure SDLC Phase#5: Web Application Security Testing  Application Security Testing Tools, Techniques & Methodologies  Testing for Core Security Concepts  Testing for OWASP Top10 Web Application Vulnerabilities  Handling Security Defects DAY 2 Secure SDLC Phase#2: Security Requirements  Building Security Requirement Checklist and Defining Security Quality Gates  Core Security Requirements  General Security Requirements  Operational Security Requirements  Creating Product Security Baseline  Addressing Web Vulnerabilities in Requirement gathering phase Secure SDLC Phase#3: Ensuring Secure Design  Secure Design Methodologies  Design Level Security Controls  Threat Modeling [based on STRIDE] DAY 5 Secure SDLC Phase#6: Security Review & Response  Building Final Security Review Plan  Overview on Security Review Processes: o Auditing o Vulnerability Assessment o Penetration Testing  Incident Handling Process  Threats to Supply Chain Software  Software Deployment & Procurement Risk Secure SDLC Phase#7: Security in Maintenance Cycle  Security Patch Management  Handling 3rd Party Library Upgrades  Application Disposal Policy www.pearsonvue.com/hack2secure To Schedule SWADLP Exam,

  6. Hack2Secure Secure SDLC Workshop [24-28 April 2017]: Reference Guide 5 Secure SDLC Workshop: References Based on Industry Security Standard and Best Practices Some References Open Web Application Security Project [OWASP]  Top 10 Web Application Security Risk  Web Application Testing Guide  Code Review Guide  Secure Coding Practices  Developer’s Cheat Sheet National Institute of Standards & Technology [NIST] Security Considerations in System Development Life Cycle [SP 800-64] BSIMM7 Software Security Framework CERT Secure Coding Standards International Organization for Standardization [ISO]  ISO/IEC 12207:2008 : Systems and software engineering -- Software life cycle processes Common Vulnerability Scoring System [CVSS] PCI Security Standards [PCI DSS] Some Reference Secure SDLC Models: Microsoft Security Development Lifecycle Cisco Secure Development Lifecycle  Software Assurance Maturity Model [OpenSAMM] For more details, visit www.hack2secure.com/sdlcws www.hack2secure.com| training@hack2secure.com

  7. Hack2Secure Secure SDLC Workshop [24-28 April 2017]: Reference Guide 6 Secure SDLC Workshop: Some More Details When: Duration : Timing Schedule : Pre-Requisites: Theoretically NONE, but having basic understanding on below topics would be an added advantage:  Software Development Methodologies  Web Technologies  Protocol functionality esp. HTTP  UNIX & WINDOWS Operating System Must-Have: Students need to bring their Laptop to access Lab environment 5 Days 10:30 AM – 5:30 PM 24th– 28th April 2017 : Where: Hack2Secure India Pvt. Ltd. #681, 1st Floor, 15th Cross, 8th Main, 2nd Phase, JP Nagar, Bangalore, Karnataka 560078 Google Map: 12.906517, 77.594583 What to Expect:  5 days on intensive, deep-dive, hands-on session on Security controls across development phases  Max. 12 Students/Batch  Dedicated Lab Setup for each Student  Soft Content: Slide-deck, Lab-Guide  Training Certificate & CPE Credit  Complementary SWADLP Exam attempt voucher  Snacks across the Day  Goodies (Surprises!!) Commercials: INR 40,000/Participant Includes: Workshop Cost (Incl. Lab): 5 Days SWADLP Certificate Attempt: 1 Excludes: Applicable Taxes What NOT to Expect:  Deep-dive on any Application Security Tool, Technique & Methodology apart from Scoped Curriculum  Any distribution of Commercial Security Tool License/Keys  Travel, Accommodation  Breakfast, Dinner (Rather, we are happy to join you!!) Get Complementary Attempt for SWADLP Exam For more details, visit www.hack2secure.com/sdlcws www.hack2secure.com| training@hack2secure.com

  8. Hack2Secure Secure SDLC Workshop [24-28 April 2017]: Reference Guide 7 About SWADLP Certification Globally Available | Proctored | 150mins | 90 MCQ Passing Grade: 60% | Exam Language: English Secure Web Application Development Lifecycle Practitioner (SWADLP) Certificate program evaluates individual's implementation level skills in Security practices required to ensure Secure Application Development.This program ensures candidate's awareness on Application Security Challenges, Threats, Standards, Best Practices and assurance methodologies along with hands-on implementation level knowledge and skill-sets. SWADLP is based on globally recognized Standards and Industry best practices to ensure knowledge and Understanding of Secure Application Development requirements. It walks through 7 phases of Software Development and provides required strategies and processes to integrate Security at every level. Evaluate your Skills in Secure Application Development Seven Phases of Secure SWADLP Certification Benefits Application Development Security Training & Awareness Building Security Requirements Ensuring Secure Design Secure Implementation/Coding Security Verification/Testing Security Review & Response Security in Maintenance Cycle  Validates your expertise and knowledge in Secure Application Development Process Get Global Recognition and Credibility Ensures Real Time skills required to handle Web Application Security Risk Demonstrate knowledge of Industry Standards and Best Practices Ensures effective skills to measure and implement Security Controls     www.pearsonvue.com/hack2secure To Schedule SWADLP Exam, For more details, visit www.hack2secure.com/swadlp www.hack2secure.com | certificate@hack2secure.com

  9. Hack2Secure Secure SDLC Workshop [24-28 April 2017]: Reference Guide 8 About Hack2Secure Hack2Secure “Inspire, Induce, Innovate” The IT Industry has evolved from a standalone desktop and independent applications to a Complex Cloud environment. Today technology have become so advanced to reduce costs in terms of hardware, software, development and maintenance, however this has created an increased risk to SECURITY. Hack2Secureexcels in “Information Security” Domain and offers customised IT Security programs, including Training, Services and Solutions. Our programs are designed by industry experts and tailored as per specific needs. We strive to serve with quality, efficiency, and timely delivery through our team of experienced and certified professionals in Information Security. We help students, professionals and companies with knowledge, tools and guidance required to be at forefront of a vital and rapidly changing IT industry. Security Training Vendor Independent, Customizable, Across Domains, Multiple Levels Hack2Secure excels in delivering intensive, immersion security training sessions designed to master practical steps necessary for defending systems against the dangerous security threats. Our wide range of fully customizable training courses allow individual to master different aspects of Information Security as per their industry requirement and convenience. These theoretical sessions incorporated with real time examples along with unique hands-on lab allows an individual to easily get ready for practice. Delivered Training to more than 15k+ Professionals Globally Customizable Security Training Programs, aligned with Business Requirements Globally Proctored Security Certification programs with PearsonVUE End-to-End Security Services Hack2Secure offers IT Security Professional Services to provide ways to stay ahead of Security Threats through adaptive and proactive Security methods like by providing Secure Design measures, by ensuring Secure Software Development Life Cycle, Risk Assessments, Security Testing, Auditing etc.  Secure Software Development Lifecycle.  Secure Application Design & Threat Modeling.  Application Security Testing.  Application/Network/Infrastructure Risk Assessment. o Auditing o VA-PT  Consulting  Resourcing    For more details, visit www.hack2secure.com/about-us www.hack2secure.com | | info@hack2secure.com

  10. www.hack2secure.com training@hack2secure.com +91 (80) 49 58 32 99 +91 (80) 49 58 33 99 HACK2SECURE @hack2secure Hack2Secure.India Hack2Secure, #681, First Floor, 15th Cross, 8th Main, 2nd Phase, J.P. Nagar, Bangalore, Karnataka, 560078 “Information Security Training, Services & Solutions to keep you at forefront of the IT Industry”

More Related