Everyone, whether they write protocols or internal processes is responsible for using secure programming techniques to minimize the adverse effects of attacks, whether those attacks are intentional or accidental. If a process deep in the lines of a product crashes because it receives bad data or because a resource that should have been there was not, it is still a crash and reduces the availability. It includes items that are classed as defensive in nature (e.g. checking error return codes before using handles and other data structures that should have been created, or protecting against using a pointer after it has been released). It also includes items that may be more normally associated with cryptographic procedures (e,g. random number generation, encryption algorithms, etc.)
|Contact Hours:||37 hr Lecture 35 hr labs|
|Prerequisites:||Understanding of TCP/IP Protocols|
|Credits:||72 CPE / 3 CEU|
|Method of Delivery:||Residential (100% face-to-face) or Hybrid|
|Method of Evaluation:||95 % attendance 2. 100 % completion of Lab|
|Grading:||Pass = Attendance+ labs & quizzes Fail > 95% Attendance|
Sample Job Titles:
IA Operational Engineer
IA Security Officer
IS Manager/ IS Specialist
IS Security Engineer
IS Systems Security Manager
Platform Specialist/ Security Administrator
Security Analyst/ Security Control Assessor
This 72 hour accelerated class is taught using face to face modality or hybrid modality. Class includes 72 hours of contact studies, labs, reading assignments and final exam - passing the final exam is a requirement for graduation.
Who Should Attend: Software testers, software developers, development and test managers, security auditors and anyone involved in software production for resale or internal use will find it valuable. Information Security and IT managers; Information Assurance Programmers; Information Security Analysts and Consultants; Internal Auditors and Audit Consultants; QA Specialists.
Text Materials: labs, SU Pen Testing & Software testing Materials, resource CD’s and attack handouts.
Machines a Dual Core 4M Ram, 350 Gig drives, running MS OS, linux, and VMWare Workstation
Tools for class - Whois, Google Hacking, Nslookup, Sam Spade, Traceroute, NMap, HTTrack, Superscan, Nessus, PSTool, Nbtstat, Solarwinds, Netcat, John the ripper, Nikto/Wikto, Web Scarab, HTTP Tunnel (hts.exe), LCP, Cain and Abel, Ettercap system hacking, John the Ripper Wireshark sniffers, TCP dump, D sniff, tcpdump, Metasploit, ISS exploit, web app, Core Impact, Snort, Infostego, Etherape, Firefox with plugins (Hackbar, XSSme...), ebgoat, IDA pro, Fortify, Web Inspect, X Wget, Cyrpto tool, 'Curl'
- Students will be able to produce software components that satisfy their functional requirements without introducing vulnerabilities
- Students will be able to describe the characteristics of secure programming
- Discover the infrastructure within the application
- Identify the machines and operating systems
- SSL configurations and weaknesses
- Explore virtual hosting and its impact on testing
- Learn methods to identify load balancers
- Software configuration discovery
- Explore external information sources
- Google hacking
- Learn tools to spider a Web site
- Scripting to automate Web requests and spidering
- Application flow charting
- Relationship analysis within an application
Lesson Plan 40 hrs lecture/ 32 hrs labs
Lesson 5 hrs Lecture 5 hr Labs
I. Introduction to Software Security
Common Coding and Design Errors
Students will learn about the range of software development errors that create application security, reliability, availability and confidentiality failures. Specifically in this section we will deal with those vulnerabilities that are common across language implementations (C, C++ and Java). For each vulnerability type, the course will cover real-world examples illustrated in code - of failures along with methods to find, fix and prevent each type of flaw.
System-Level Accepting Arbitrary Files as Parameters; Default or Weak Passwords; Permitting Relative and Default Paths
Offering Administrative, Software and Service Back Doors; Dynamic Linking and Loading; Shells, Scripts and Macros
Storing Passwords in Plain Text
The Swap File and Incomplete Deletes
Creating Temporary Files
Leaving Things in Memory
Weakly-Seeded Keys and Random Number Generation
On the Wire
Trusting the Identity of a Remote Host (Spoofing)
Volunteering Too Much Information
Loops, Self References and Race Conditions
Tools Lesson 3 5 hrs Lecture 5 hr Labs
II. Web Vulnerabilities . The web is different. We will address common web vulnerabilities, how to find them, how to prevent them.
Web sites Cross Site Scripting; Forceful Browsing; Parameter Tampering; Cookie Poisoning; Trusting SSL; Hidden Field Manipulation; SQL injection; Security on the Client; Trusting the Domain Security Model
Lesson 4 5 - 5 hrs Lecture 5 hr Labs
III. Defensive Coding Principles
This section is designed to educate developers and testers on the general principles of secure coding. This includes a historical perspective on software failure, when good design goes bad, and 18 defensive coding principles to live by.
Lesson 5 - 5 hrs Lecture 5 hr Labs
IV. Security Testing and Quality Assurance
This includes the difference between functional and security testing, understanding and application's entry points, and spotting three classes of security bugs: dangerous inputs, rigged environment and logic vulnerabilities. Each section will have an in depth hands on lab
Grades - All students must ordinarily take all quizzes, labs, final exam and submit the class practical in order to be eligible for a Q/ISP, Q/IAP, Q/SSE, or Q/WP credential unless granted an exception in writing by the President. Know that Q/ISP classes draws quite the spectrum of students, including "those less comfortable," "those more comfortable," and those somewhere in between. However, what ultimately matters in this course is not so much where you end up relative to your classmates but where you end up relative to yourself in on Friday of class. The course is graded as a pass or fail solely on your attendance and participation. Those less comfortable and somewhere in between are not at a disadvantage vis-à-vis those more comfortable. Escalating labs help you prepare for real world scenarios. Each labs escalates upon itself, increasing in intensity, rising to the next level, while your mitigating the threat step by step
Books - No books are required for this course. However, you may want to supplement your preparation for or review of some lectures with self-assigned readings relevant to those lectures' content from either of the books below. The first is intended for those inexperienced in (or less comfortable with the idea of) hacking. The second is intended for those experienced in (or more comfortable with the idea of) hacking. Both are available at sites like Amazon.com. Both are avail at the SU Hacker Library. Realize that free, if not superior, resources can be found on the SU website.
Those Less Comfortable - Hacking for Dummies, Kevin Beaver - Publication Date: January 29, 2013 | ISBN-10: 1118380932 | Edition: 4
For Those More Comfortable The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy by Patrick Ngebretson (Jun 24, 2013)