Secure Coding

Location: Various

Network Intelligence (I) Pvt. Ltd.

http://www.nii.co.in/services/training.html

At the end of the day, the large majority of security vulnerabilities are primarily related to poorly software design and coding. This course goes to heart of the problem and educates developers about secure application design, development, and testing. It not only covers the standard secure coding practices, but also discusses the Common Criteria for IT Security. The application security evaluation methodology on day two provides a structured framework for application developers and testers to thoroughly test the security of their application.

Duration: 2 days

Information Updated: 19 Aug 2004

Exploit Development Techniques

Core Security Technologies 

http://www.coresecurity.com/services/training/index.php

This course is aimed at attendees with knowledge of information security and a basic understanding of networking protocols and high-level programming languages such as C/Python. The course has been developed to deliver a strong and in-depth knowledge of exploitation techniques and the ability to develop exploit code ranging from commonly exploited system vulnerabilities to state-of-the-art exploits. An instructor-led lecture mixed with hands-on practical application will be used to deliver a brief overview of common vulnerabilities and how to exploit them. Emphasis on development within CORE IMPACT will be used as this environment contains all of the necessary components required to rapidly develop system exploits.

Duration  - n/k

Information Updated: 5 Apr 2003

Advanced Exploit Development Techniques

Core Security Technologies 

http://www.coresecurity.com/services/training/index.php

This instructor-led course serves as a continuation of the Basic Exploit Development course, which is a pre-requisite for all attendants to the present course.  This course has been developed to deliver a strong and in-depth knowledge of advanced vulnerabilities exploitation, focusing on the techniques needed to develop commercial grade exploits to be used by professional penetration testing consultants. CORE IMPACT will be used as main developing environment, where an in-depth explanation of the different components of IMPACT's exploit development framework will be presented.

Duration  - 3 days

Information Updated:5 Apr 2003

Ultimate Hacking: Expert

Location : US

Foundstone, Inc.

http://www.foundstone.com/index.htm?
subnav=education/navigation.htm&subcontent=
/education/course_template.htm%3Findexid%3D9

If you are an experienced security administrator, security auditor and/or security consultant, then you should take this course. Students who have completed Ultimate Hacking are also encouraged to take this course. Advanced UNIX and Windows competency is required for the course to be fully beneficial. includes:
Programming for hackers, Writing buffer overflows / manipulating the egg, Cross compilers, Cygwin

Duration  - 4 days

Information Updated:18 Apr 2003

Ultimate Hacking: Secure Coding 

Location : US

Foundstone now McAfee

http://www.foundstone.com/index.htm?subnav=
education/navigation.htm&subcontent=/educatio
n/course_template.htm%3Findexid%3D8

In response to this shift in the arms-race, Foundstone has provided application security assessments for numerous corporations over the past few years and have identified common security flaws in many applications. More importantly, we have formulated countermeasures to defend against these types of attacks. The result is Secure Coding, a course designed to address security problems in application code during the development cycle to prevent security flaws from creeping into applications.

Duration  - 3 days

Information Updated:18 Apr 2003

5 Day Software Security BOOTCAMP

Location : US

Security University, Inc.

http://www.securityuniversity.net

This 3 Part, 5 day class delivers the best of all the Software Security classes and more. It includes items that are classed as defensive in nature (e.g. checking error return codes before using,other data structures that should have been created, or protecting against using a pointer after it has been released). It also includes items how to prevent attacks and a step by step process to FIX software and lastly provides Solutions and Counter Measures to protect your code.

Lastly, its about the web as the internet's killer app. Web servers ARE the target of choice for hackers. 97% of all web applications are vulnerable and better network security isn't the only answer. We will explore a model for web application testing as well as web application concerns including accountability, availability, confidentiality and integrity. We will go well beyond the OWASP 10 to look at 19 specific web application attacks including attacking the client, state, data and the server

Duration  - 5 days

Information Updated:24 Aug 2006

Software Security Penetration Testing

Location : US

Security University, Inc.

http://www.securityuniversity.net

This 3-day hands-on workshop introduces you to "How to penetrate your software," a step by step methodology to effectively and efficiently attack software. You will learn a very applied and non-rigid approach to test software for common bugs. It's a departure from conventional network penetration in which porgrammers prepare a written attack plan and then use it as a script when attacking the software. The class teaches you how to plan attacks "on the fly" by providing you with insight, experience, and a nose for where bugs are hiding.This workshop is presented in an "interwoven" format where each topic has a hands-on component so that you can explore the attacking techniques and software tools using real software.

Duration  - 3 days

Information Updated:24 Aug 2006

Software Security Testing BootCamp

Location : US

Security University, Inc.

http://www.securityuniversity.net

This class is unique in the security industry. As a follow on to the class How to Attack Software Security, this class is less lecture and more hands on with your project for labs. In this class, attendees work together on the actual project applications, attacking for security vulnerabilities that they are programming day in and day out.

The security testing bootcamp takes top quality assurance testers and makes them into software security attackers with passion, knowledge and experience to test applications.

Duration  - 5 days

Information Updated:24 Aug 2006

How to Break & FIX Web Software Security

Location : US

Security University, Inc.

http://www.securityuniversity.net

In this 5 day class, its all about the web as the internet's killer app. Web servers ARE the target of choice for hackers. 97% of all web applications are vulnerable and better network security isn't the only answer. We will explore a model for web application testing as well as web application concerns including accountability, availability, confidentiality and integrity. We will go well beyond the OWASP 10 to look at 19 specific web application attacks including attacking the client, state, data and the server.

Duration  - 5 days

Information Updated:24 Aug 2006

How to Break & FIX Software

Location : US

Security University, Inc.

http://www.securityuniversity.net

This 5-day hands-on workshop introduces you to "How To Break and FIX Software," a 17-step methodology to effectively and efficiently test software. You will learn a very applied and non-rigid approach to test software for common bugs. It's a departure from conventional testing in which testers prepare a written test plan and then use it as a script when testing the software. The class teaches you how to plan tests "on the fly" by providing you with insight, experience, and a nose for where bugs are hiding. This workshop is presented in an "interwoven" format where each topic has a hands-on component so that you can explore the testing techniques and software tools using real software.

Duration  - 5 days

Information Updated:24 Aug 2006

5 Day Fundamentals of Secure Software Programming

Location : US

Security University, Inc.

http://www.securityuniversity.net

Everyone, whether they write protocols or internal processes is responsible for using secure coding techniques to minimize the adverse effects of attacks, whether those attacks are intentional or accidental. In this 5 day class you will learn if a process deep in the lines crashes because it receives bad data or because a resource that should have been there was not, it still causes a crash and reduces the availability.

Secure software coding is the process of reducing the susceptibility of software to vulnerabilities either intentional or unintentional. It includes items that are classed as defensive in nature (e.g. checking error return codes before using handles and other data structures that should have been created, or protecting against using a pointer after it has been released). It also includes items that may be more normally associated with cryptographic procedures (e,g. random number generation, encryption algorithms, etc.)

Duration  - 5 days

Information Updated:24 Aug 2006

Hacking Software - Attacker Techniques Exposed

Location : US

Security University, Inc.

http://www.securityuniversity.net

This 5 day class begins with examples of security breaches, to current day exploits and vulnerabilites of real software code. The case studies will illustrate the broad range of threats that organizations face from both external attackers as well as insiders. For each attack scenario, we will go through the underlying flaws, exploits, vulnerabilities, consequences and mitigation techniques.

Duration  - 5 days

Information Updated:24 Aug 2006

Software Security Testing Best Practices

Location : US

Security University, Inc.

http://www.securityuniversity.net

How do you find security flaws beyond simple ones like buffer overflows? Most of the current software security testing falls into one of two categories: random corruption of files or network protocols and re-executing existing, known vulnerabilities against new versions of software.

This 5 day class brings you to the forfront of Hacking code. Hackers find subtle and innovative flaws and exploit them and you need a more regimented, more creative process to find them before you do. Identify and root out harmful security defects in both commercial and internal software applications. Get the basics on how to conduct an allpication security threat assessment of your systems before or after they go live. Learn how to develop a comprehensive security test strategy and build a team with the right mix of skills and experience to execute it. Discover novel yet disciplined approaches for using fault injection to find application security vulnerabilities before your software is exposed to hackers.

Duration  - 5 days

Information Updated:24 Aug 2006

Introduction to Reverse Engineering

Location : US

Security University, Inc.

http://www.securityuniversity.net

Rapidly identify areas of vulnerability in software then target those areas with surgical precision? How can you exercise specific code paths with assurance while monitoring precisely your applications behavior? How can you log bug after bug while your teammates watch with envy? The answer lies in one of the most powerful techniques you can apply to software. A technology so lethal to executing software, that it is almost not fair.

This class is designed to give software testers, developers an entirely new and complimentary skill set that will immediately set you apart from your peers. The course content is a top level version of Security Innovation's reverse engineering training that has been successfully delivered to some of the best and most elite Red Teams' in the country. This is strong Kung Fu and once the student has been exposed to the potential of the technique they will never look at software quite the same again. As an introduction, the course lays the foundation for acquiring the skills that when collectively applied are known as reverse engineering. The course covers the complimentary techniques of static and dynamic analysis and how together they can be used to identify vulnerable hot spots' in your application. You will be exposed to the tools of the trade; hex editors, disassemblers, resource editors, debuggers and more. You will lean from the pros what it takes to break even the most secure applications.

Lets face it, when deployed your software executes in an unknown hostile environment. The adversary trying to break your software uses these skills. Attend this course and deny them the advantage while truly advancing your ability to understand software and how to test more effectively.

Duration  - 3 days

Information Updated:24 Aug 2006