Courses

Attack

SEC 542 - Web App Penetration Testing and Ethical Hacking

Assess Your Web Apps in Depth Web applications are a major point of vulnerability in organizations today. Web app holes have resulted in the theft of millions of credit cards, major financial and reputational damage for hundreds of enterprises, and even the compromise of thousands of browsing machines that visited Web sites altered by attackers. In this intermediate to advanced level class, you'll learn the art of exploiting Web applications so you can find flaws in your... Read More

Defense

DEV 522 - Defending Web Applications Security Essentials

This is the course to take if you have to defend web applications! Traditional network defenses, such as firewalls, fail to secure web applications. The quantity and importance of data entrusted to web applications is growing, and defenders need to learn how to secure it. DEV522 covers the OWASP Top 10 and will help you to better understand web application vulnerabilities, thus enabling you to properly defend y... Read More

DEV 304 - Software Security Awareness

This awareness course discusses design and implementation of software applications to reduce the risk from hackers and attacks. The concept is to engineer software so that it continues to function correctly under malicious attack. This course introduces defensive coding and tips to avoid creating problems or vulnerabilities. We also examine the most common flaws of software design and implementation, and you will learn about specific practices to avoid those flaws. This is an introdu... Read More

Secure Coding

DEV 541 - Secure Coding in Java/JEE: Developing Defensible Applications

The Difference between Good and Great Programmers Great programmers have traditionally distinguished themselves by the elegance, effectiveness, and reliability of their code. That's still true, but elegance, effectiveness, and reliability have now been joined by security. Major financial institutions and government agencies have informed their internal development teams and outsourcers that programmers must demonstrate mastery of secure coding skills and knowledge through reliable th... Read More

DEV 568 - Secure Mobile Applications Development: Android App Security

Important Note to Students:This courses focuses on security threats specific to Android mobile applications. However, mobile apps are often backed by the same infrastructure and software used to create web applications. As a result, this course will be useful for students who have previously taken SANS application security courses but are looking to learn about securing mobile application developm... Read More

DEV 551 - Secure Mobile Applications Development: iOS App Security

The iOS App Store is currently the biggest mobile application store, with over 300,000 apps and 10 billion downloads. The iPhone and iPad have become household names, and companies are being founded solely around iOS apps. With increasing adoption of the platform for both commercial and corporate in-house offerings, developers, managers, and testers need to be aware of the security threats and mitigations unique to this platform. This course is designed to educate developers on secur... Read More

DEV 544 - Secure Coding in .NET: Developing Defensible Applications

ASP.NET and the .NET framework have provided web developers with tools that allow them an unprecedented degree of flexibility and productivity. On the other hand, these sophisticated tools make it easier than ever to miss the little details that allow security vulnerabilities to creep into an application. Since ASP.NET, 2.0 Microsoft has done a fantastic job of integrating security into the ASP.NET framework, but the onus is still on application developers to understand the limitations of th... Read More

DEV 543 - Secure Coding in C & C++

The C and C++ programming languages are the bedrock for most operating systems, major network services, embedded systems and system utilities. Even though C and, to a lesser extent, C++ are well understood languages, the flexibility of the language and inconsistencies in the standard C libraries have led to an enormous number of discovered vulnerabilities over the years. The unfortunate truth is that there are probably more undiscovered vulnerabilities than there are known vulnerabilities!... Read More

DEV 545 - Secure Coding in PHP: Developing Defensible Applications

This course targets PHP programmers interested in learning more about how to code in PHP securely. It does require a good understanding of PHP and some experience writing PHP code. The code targets both beginning and advanced PHP programmers, but it is not appropriate for those who have not written any PHP code yet. We will not cover how to program PHP, only how to program PHP securely. PHP as a programming language has a very easy learning curve. You can get started in minutes writ... Read More

DEV 536 - Secure Coding for PCI Compliance

The audit procedure documents for PCI 1.2 tell the auditor that they should look for evidence that web application programmers in a PCI environment have had "training for secure coding techniques." The problem that many business are facing, however, is, "What is that and where can I get it?" This course packs a thorough explanation and examination of the OWASP top ten issues, which are the foundation of the PCI requirement, into a two day course. Throughout the course we will look... Read More

DEV 530 - Essential Secure Coding in Java/JEE

Please note that this two-day course is a subset of the material covered in the four-day DEV541. This two-day version is intended to cover the essential Java/JEE topics that are relevant to a large number of web application developers and therefore does not cover all the material that may be present on the GSSP-Java certification exam. DEV541: Secure Coding in Java/JEE: Developing Defensible Applications is recommended for students who wish to pursue the GSSP-Java certification.... Read More

DEV 532 - Essential Secure Coding in ASP.NET

Please note that this course is a subset of the material covered in the four-day DEV544: Secure Coding in .NET course. This two-day version is intended to cover the essential ASP.NET topics that are relevant to a large number of web application developers and does not cov... Read More

Other

(ISC)2® Certified Secure Software Lifecycle Professional (CSSLP®) CBK® Education Program

It's no secret that security is not being addressed from a holistic perspective throughout the software lifecycle. Some 80% of all security breaches are application related equating to more than 226 million records being disclosed and fines reaching astronomical amounts. Together we have a solution that establishes industry standards and instills best practices in the software lifecycle (SLC). The (ISC)2 5-day CSSLP CBK Education Program is the exclusive way to learn secur... Read More

SANS AppSec 2012 Summit

Latest Blog Posts

Software Security starts with Software Quality
January 25, 2012 - 4:29 PM

ASP.Net Forms Authentication Bypass
January 12, 2012 - 4:34 AM

ASP.Net Insecure Redirect
January 12, 2012 - 4:34 AM

View More »

Latest Tweets

@sansappsec: Sign up now and save $500 on DEV544 Secure Codin [...]
February 06, 2012 - 2:20 PM

@sansappsec: New blog post: "Software Security starts with So [...]
January 25, 2012 - 4:52 PM

@sansappsec: Last day to save 250 on DEV522 Defending Web #Ap [...]
January 25, 2012 - 11:20 AM

View More »

Latest Papers

Securing Blackboard Learn on Linux
By David Lyon

Mass SQL Injection for Malware Distribution
By Larry Wichman

Four Attacks on OAuth - How to Secure Your OAuth Implementation
By Khash Kiani

View More »

"Great course. Very valuable information that I can apply to my job immediately. Thank you!"
- Jeffrey Flagg, Command Information

"Wow, I had no idea, and I've been doing this for close to a decade."
- Michael Knopf, Abacus Technology

"The course filled in several gaps and helped me regain a focus on relevant security issues and strategies."
- Steve McIlwain, AppRiver