Sign Up For Emails Register | Sign in
System Hardening 101
This course provides an introduction to the security concept of hardening. One of most important concepts in security overall, the training will provide information about what hardening means as well as which measures are commonly applied for hardening. While primarily targeted for systems administrators, this course also has benefit to software developers who can learn how hardening affects software applications and software design.
Length: 48.21 Comments (0)
Basic Practices for Secure Development of Cloud Applications Part 1 of 2
SAFECode Training: Basic Practices for Secure Development of Cloud Applications Part 1 of 2.This training module will teach students about different Cloud models as well as basic practices and aspects of secure development of Cloud applications.
Length: 16.48 Comments (0)
Basic Practices for Secure Development of Cloud Applications Part 2 of 2
SAFECode Training: Basic Practices for Secure Development of Cloud Applications Part 2 of 2. This training module will teach students about different Cloud models as well as basic practices and aspects of secure development of Cloud applications.
Length: 32.27 Comments (0)
Introduction to Cryptography
This course provides an insight into the correct use of cryptography in applications, along with an overview of the most important cryptographic concepts. When you have finished this course, you will be able to choose the right cryptographic algorithms for your needs. This course will show the differences between encryption and hashing, and their correct uses.The primary targets for this course are software developers and software designers; architects and test engineers may also benefit from its content.
Length: 42.15 Comments (0)
Secure Memory Handling in C 101
This course shows how to write more secure code in C and C++, and how to spot common mistakes during code reviews. It will review a few common myths about the security of certain practices in programming C and C++. The primary audiences for this course are developers and anyone involved in activities like manual code audit or code peer review. It might also be useful to quality managers or others who make prioritization decisions about bug deferrals or security.
Length: 32.16 Comments (0)
Threat Modeling 101
The goal of this course is to provide information about threat modeling. By the end of the course, you will be able to execute a basic threat model yourself. By understanding threats, risk and risk rankings you will also be able to interpret the results of an executed threat model. The primary audience for the course is software developers, architects, and test engineers. Anyone involved in the software development process could benefit from it as well.
Length: 46.04 Comments (0)
Secure Java Programming 101
This is a 101-level course that provides a basic introduction to secure coding in Java. Viewers will be introduced to the most frequent attacks and pitfalls that a Java programmer may encounter, along with techniques to avoid them. It is designed to be a starting point for those new to Java security.The primary intended audiences for this course are architects, developers, and testers who are not familiar or may be only slightly familiar with Java security. Development managers and people handling priorities and deferrals will also benefit from this material.
Length: 32.29 Comments (0)
Cross Site Scripting (XSS) 101
This introductory course provides viewers with a basic understanding of the core concepts behind XSS. It will help viewers recognize where in a web application they may expect to find XSS and provide guidance on preventing and remediating XSS.The primary intended audiences for this course are architects, developers, and testers of web applications, who are not familiar or may be only slightly familiar with XSS. Development managers and people handling priorities and deferrals will also benefit from this material.
Length: 34.07 Comments (0)
Product Penetration Testing 101
This course provides a foundation for security penetration testing of products. It reviews the important penetration testing concepts, and shares insight into common elements of an attacker's mindset. It will also cover the use of test inputs against a target to achieve an attack against security safeguards.The primary intended audience for this course is product validators.
Length: 38.28 Comments (0)
Auth 101: A Passwords Backgrounder for Everyone
This course provides an introduction to user password handling best practices. Viewers will learn steps for risk reduction in checking, transmission and storage of passwords. The course also aims to help them identify opportunities for making authentication a worthwhile and practical part of their architecture. The primary intended audiences for this course are software architects, developers, quality engineers and testers. Experienced software designers, development managers and product managers seeking a basic understanding of password handling complexity will also benefit from this material.
Length: 26.27 Comments (1)
DOH: Default, Obscure and Hidden Content for Everyone
This course serves as an introduction to Default, Obscured, and Hidden content or DOH. The goals of this course are to help viewers become familiar with the risks association with DOH and promote a basic understanding of effective methods to detect and mitigate those risks.The primary intended audiences for this course are software developers, testers, and system administrators.
Length: 20.22 Comments (0)
An Introduction to Windows Access Controls
This course serves as an introduction to Windows Access Controls. It aims to provide viewers with a basic understanding of common Windows Access Control terms and concepts, and reviews best practices for ensuring that an applications use of access controls is secure. It also outlines testing strategies to validate that proper access controls are in place.The primary intended audiences for this course are software architects, developers, quality engineers and testers.
Length: 19.44 Comments (1)
File Permissions 101: Linux and OS X
Focused on Linux and OS X, this course is a basic introduction to Unix file permission concepts. It presents best practices that mitigate related security issues, and provides a high-level overview of traditional Unix permissions and setuid/setgid. It also describes OS X Access Control Lists. The primary intended audiences for this course are software architects, developers, quality engineers and testers.
Length: 21.26 Comments (0)
Injections 101: SQL and Beyond
This introductory course will provide a basic understanding of SQL injection as a pattern of attack and a special case of an overall pattern of injection attacks. The course will explain how that pattern applies to Shell injection, LDAP, XML, JSON and other languages and domains. It will also provide strategies for preventing and fixing injections when testing them in an application. The primary intended audiences for this course are architects, developers and testers who are either unfamiliar or only somewhat familiar with SQL injections and other injection attacks. Development managers and others in positions to set defect resolution priorities and make implementation solution decisions will also benefit from this material.
Length: 29.57 Comments (0)
CSRF 101: Cross Site Request Forgery for Everyone
An introduction to cross site request forgery that aims to help viewers understand CSRF as a pattern of attack and become aware of certain hotspots in an application where CSRF can be of particular concern. It also provides basic strategies to prevent CSRF in design and implementation. The primary intended audiences for this course are architects, developers, and testers of web applications or other software deploying web technologies. Development managers will also benefit from this material.
Length: 26.07 Comments (0)
© 2007-2017 Software Assurance Forum for Excellence in Code (SAFECode) - All Rights Reserved. Site Map
This work is licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.