Secure Coding Collection

Secure Coding

Audience: Technical Employees
Difficulty Level: Beginner/Intermediate
Time: 11 modules, ≈1-5 minutes Videos + 3 Questions per Module

Availability: Available on Training Platform as individual modules. 

Trailer:

Marketing Materials:  Secure Coding Marketing Kit

Major Themes: Technical employees need introductory training too! These short training modules will introduce your developers and other technical employees to various secure coding concepts. For end users who are already familiar with these concepts, Secure Coding is a great reminder of their importance.

Major Learning Concepts:

• Introduction
  • Security in the development process
• Authentication and Authorization
  • Authentication vs authorization
  • Software testing
  • Who You Are tests and What You Can Do tests

• Injection
  • Value of data
  • Basics of injection attacks
  • SQL and OS command injection attacks
  • Preventing injection attacks

• Least Privilege
  • Basics of least privilege
  • Least privilege during the development process
  • Regular review of access

• OWASP Introduction
  • OWASP organization introduction
  • Utilizing the OWASP Top 10
  • ASVS and other OWASP resources

• OWASP Update
  • OWASP Top 10 categories as of 2021
  • New categories
  • Renamed and altered categories

• Patching
  • Importance of patching
  • Consequences of not patching
  • Patch management systems

• Source Code Secrets
  • Dangers of oversharing
  • Data in Github repositories
  • Encryption
  • Identifying source code secrets

• Static Analysis
  • Identifying bugs before deployment
  • Tools available
  • Improving code quality

• Threat Modeling
  • Usage of threat modeling
  • Threat modeling steps
  • Tools and resources available

• Vulnerable Dependencies
  
  • Downsides to using others’ source code
  • Importance of patching
  • Tools that can help identify vulnerabilities