DEV536: Secure Coding: Developing Defensible Applications
The audit procedure documents for PCI 1.2 tell auditors that they should look for evidence that web application programmers in a PCI environment have had "training for secure coding techniques." The problem that many businesses are facing, however, is, "What is that and where can I get it?" This course packs a thorough explanation and examination of the OWASP top ten issues, which are the foundation of the PCI requirement, into a two day course.
Throughout the course we will look at examples of the types of flaws that secure coding protects against, examine how the flaw might be exploited and then focus on how to correct that code. Coupled with the lectures, there are more than ten hands on exercises where the students will have the opportunity to test out their new skills identifying flaws in code, fixing code and writing secure code. All of the exercises are available in Perl, PHP, C/C++, Ruby and Java. This will allow the student to try their hand at any of the major web application coding languages that they work with in addition to some of the supporting languages that might be at work behind the scenes. Students are not required to be familiar with all of these languages but should be proficient in at least one of them. Lectures are presented using a more or less code-neutral format.
For more information on this course, visit author Dave Hoelzer's Blog: http://www.sans.org/info/29399
Students should bring a laptop with their current development environment pre-installed so that they can work through the programming problems in an environment that they are comfortable in. We strongly recommend that the system be well patched in the event that the student chooses to participate in the extensive group exercises that will require a wireless 802.11 adapter. We will provide all of the exercise materials, a fallback development environment, and a virtual Apache appliance on a CD with all of the exercise materials.
If you have additional questions about the laptop specifications, please contact email@example.com.
Students should have at least several months of coding experience, preferably web application coding experience. It is best if the student is familiar with one of the following languages: Perl, PHP, C, C++, Java or Ruby.
*CPE/CMU credits not offered for the SelfStudy delivery method