Login



Forgot Password?

Close Panel
title 1 title 3

Free On-Demand Training Courses

Scroll Left

NEW! Secure Java Programming 101

This is a 101-level course that provides a basic introduction to secure coding in Java. Viewers will be introduced to the most frequent attacks and pitfalls that a Java programmer may encounter, along with techniques to avoid them. It is designed to be a starting point for those new to Java security.

The primary intended audiences for this course are architects, developers, and testers who are not familiar or may be only slightly familiar with Java security. Development managers and people handling priorities and deferrals will also benefit from this material.

. Review NEW! Secure Java Programming 101

NEW! Cross Site Scripting (XSS) 101

This introductory course provides viewers with a basic understanding of the core concepts behind XSS. It will help viewers recognize where in a web application they may expect to find XSS and provide guidance on preventing and remediating XSS.

The primary intended audiences for this course are architects, developers, and testers of web applications, who are not familiar or may be only slightly familiar with XSS. Development managers and people handling priorities and deferrals will also benefit from this material.
. Review NEW! Cross Site Scripting (XSS) 101

NEW! Product Penetration Testing 101

This course provides a foundation for security penetration testing of products. It reviews the important penetration testing concepts, and shares insight into common elements of an attacker's mindset. It will also cover the use of test inputs against a target to achieve an attack against security safeguards.

The primary intended audience for this course is product validators.
. Review NEW! Product Penetration Testing 101

Auth 101: A Passwords Backgrounder for Everyone

This course provides an introduction to user password handling best practices. Viewers will learn steps for risk reduction in checking, transmission and storage of passwords. The course also aims to help them identify opportunities for making authentication a worthwhile and practical part of their architecture.

The primary intended audiences for this course are software architects, developers, quality engineers and testers. Experienced software designers, development managers and product managers seeking a basic understanding of password handling complexity will also benefit from this material.
. Review Auth 101: A Passwords Backgrounder for Everyone

DOH: Default, Obscure and Hidden Content for Everyone

This course serves as an introduction to Default, Obscured, and Hidden content – or DOH. The goals of this course are to help viewers become familiar with the risks association with DOH and promote a basic understanding of effective methods to detect and mitigate those risks.

The primary intended audiences for this course are software developers, testers, and system administrators.
. Review DOH: Default, Obscure and Hidden Content for Everyone

An Introduction to Windows Access Controls

This course serves as an introduction to Windows Access Controls. It aims to provide viewers with a basic understanding of common Windows Access Control terms and concepts, and reviews best practices for ensuring that an application’s use of access controls is secure. It also outlines testing strategies to validate that proper access controls are in place.

The primary intended audiences for this course are software architects, developers, quality engineers and testers.
. Review An Introduction to Windows Access Controls

File Permissions 101: Linux and OS X

Focused on Linux and OS X, this course is a basic introduction to Unix file permission concepts. It presents best practices that mitigate related security issues, and provides a high-level overview of traditional Unix permissions and setuid/setgid. It also describes OS X Access Control Lists.

The primary intended audiences for this course are software architects, developers, quality engineers and testers.
. Review File Permissions 101: Linux and OS X

Injections 101: SQL and Beyond

This introductory course will provide a basic understanding of SQL injection as a pattern of attack and a special case of an overall pattern of injection attacks. The course will explain how that pattern applies to Shell injection, LDAP, XML, JSON and other languages and domains. It will also provide strategies for preventing and fixing injections when testing them in an application.

The primary intended audiences for this course are architects, developers and testers who are either unfamiliar or only somewhat familiar with SQL injections and other injection attacks. Development managers and others in positions to set defect resolution priorities and make implementation solution decisions will also benefit from this material.
. Review Injections 101: SQL and Beyond

CSRF 101: Cross Site Request Forgery for Everyone

An introduction to cross site request forgery that aims to help viewers understand CSRF as a pattern of attack and become aware of certain “hotspots” in an application where CSRF can be of particular concern. It also provides basic strategies to prevent CSRF in design and implementation.

The primary intended audiences for this course are architects, developers, and testers of web applications or other software deploying web technologies. Development managers will also benefit from this material.
. Review CSRF 101: Cross Site Request Forgery for Everyone

Scroll Right

See Free On-Demand Training Courses

SAFECode, a Non-Profit Organization

The Software Assurance Forum for Excellence in Code (SAFECode) is a non-profit organization exclusively dedicated to increasing trust in information and communications technology products and services through the advancement of proven software assurance methods. SAFECode is a global, industy-led effort to identify and promote best practices for developing and delivering more secure and reliable software, hardware and services.

SAFECode Members

  • Adobe
  • CA Technologies
  • EMC
  • Intel
  • Microsoft
  • SAP
  • Siemens
  • Symantec

© 2007-2014 Software Assurance Forum for Excellence in Code (SAFECode) - All Rights Reserved. Site Map
Creative Commons Licence This work is licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.