Secure Java Web Application Development Lifecycle (SDL)
Course Duration
4 Days
Audience
Employees of federal, state and local governments; and businesses working with the government.
Prerequisites
No prerequisites required.
Course Description
PCI Compliant Developer Training This secure coding training addresses common coding vulnerabilities in software development processes. This training is used by one of the principle participants in the PCI DSS. Having passed multiple PCI audits, this course has been shown to meet the PCI requirements. The specification of those training requirements are detailed in 6.5.1 through 6.5.10 on pages 59 through 62 of the PCI DSS Requirements 3.1 document dated April, 2015. This is not "checklist mentality" training as it integrates demonstrations, code flashes, and hands-on labs for vulnerabilities, defenses, and best practices in secure development lifecycle (SDL). The Best Defense™ Security Training Series is a suite of developer-oriented, application security courses that provide complete coverage of the CWE/SANS Top 25 Most Dangerous Programming Errors (http://cwe.mitre.org/top25/), the OWASP Top Ten, the Verizon Data Breach Report, and the WASC Threat Classifications. These errors enable cyber espionage and crime, and this course equips developers with the knowledge and hands-on practice needed to recognize, address, and prevent them.
Learning Objectives
- Teach programmers what these errors are
- Demonstrate, in real terms, the potential impact of each of these errors
- Provide experience in how to recognize and properly address these errors
- Teach stakeholders how to defend against the potential consequences of security breaches in other parts of their IT infrastructure.
- Incorporates the applicable CERT Oracle Java Coding Standards
- Cross-reference materials, vulnerabilities, and attacks that are covered with both the OWASP Top 10 and the WASC Threat Classifications