Secure Development

9900 kr

This comprehensive one-day training course is designed for programmers and architects who want to learn how to write and design more secure applications.

The class covers essential concepts and best practices in secure software development, including threat modeling, secure coding techniques, and building code resistant to common security attacks such as input validation vulnerabilities, denial-of-service attacks, and more.

The course provides practical examples and hands-on exercises to reinforce key concepts, ensuring participants can immediately apply what they learn in their daily development work.

Beskrivning

Target Audience
This course is designed for developers and architects who want to learn proven practices for writing more secure applications.

Prerequisites

Participants should have:

  • Basic understanding of programming in an object-oriented language (C#, Java, JavaScript, etc.)
  • Experience with standalone application development
  • Basic understanding of web technologies, APIs, and HTTP (recommended)

 

Course Agenda

  • Introduction to Secure Development 

    We start by examining common security failures developers face in the real world. What are attackers really after? Why do security vulnerabilities occur? We’ll cover the fundamental goals of secure coding, introduce the CIA triad (Confidentiality, Integrity, Availability), and explore STRIDE as a systematic way to think about threats. This foundational session sets the security mindset for the rest of the day.

  • Unicode and Encoding Security

    Improper Unicode handling is a subtle but dangerous vulnerability. This module explains why character encoding matters and how it affects string comparisons, log files, and user input processing. You’ll discover how attackers can exploit applications using mixed encodings and why proper Unicode handling is a critical component of secure input validation.

  • Securing Dependencies and Supply Chain

    Modern applications rely heavily on third-party libraries and packages. But what happens when one of them is compromised? This session covers the growing risks of typosquatting attacks, dependency confusion, and compromised packages. Learn how to secure your build servers, implement dependency scanning, and track your components using a Software Bill of Materials (SBOM). Understand why your supply chain is part of your attack surface.

  • Denial of Service Protection

    Denial of Service (DoS) attacks aren’t limited to network flooding. They can target your application logic directly. We’ll examine real-world examples of DoS vulnerabilities through regular expressions (ReDoS), XML parsing bombs, large file uploads, and other resource-intensive operations. Learn practical techniques to detect these risks and implement protection through rate limiting, input validation, and safe defaults.

  • Session Security and Authentication

    Once users are authenticated, their sessions become high-value targets for attackers. This module explores common attacks on sessions and cookies, how stolen credentials are exploited, and proven methods to protect them. We’ll also cover Multi-Factor Authentication (MFA), phishing-resistant authentication methods, and techniques to detect when your session management has been compromised.

  • Cryptography: Keys, Certificates, and Signatures

    Asymmetric cryptography powers modern security, from secure communications to data integrity verification. This hands-on session explores how private and public keys work in real systems. Learn when and how to apply these tools effectively.

  • Modern Authentication with OpenID Connect

    This final module introduces the fundamentals of OpenID Connect and OAuth 2.0; the backbone of modern authentication systems. Gain a practical understanding of how contemporary authentication flows work, how tokens are used securely, and the role of identity providers in today’s distributed applications. This overview connects theory to real-world implementations and prepares you for deeper exploration of modern identity systems.

 

Kursen levereras i samarbete med

Kontakta oss om denna kurs

Ytterligare information

Kurslängd

1 dag

Lärarledd

Ja

Språk

Svenskt el Engelskt tal, material på engelska

Recensioner

Det finns inga recensioner än.

Endast inloggade kunder som har köpt denna produkt får lämna en recension.