8618  Reviews star_rate star_rate star_rate star_rate star_half

Secure Coding and Threat Modeling for Software Developers

This Security fundamentals course covers basic security concepts and more advanced topics, such as threat modeling and risk management. By the end of this course, students understand the principles...

Read More
By Request
$1,195 USD
Duration 3 days
Course Code WA3358
Available Formats Classroom

Overview

This Security fundamentals course covers basic security concepts and more advanced topics, such as threat modeling and risk management. By the end of this course, students understand the principles of information security, apply security concepts to real-world situations, implement security controls to protect information assets, evaluate the security of information systems, and manage information security risks.

Skills Gained

  • Understand fundamental security principles
  • Apply the Zero Trust model to enhance security
  • Mitigate the OWASP Top 10 web application vulnerabilities
  • Apply encryption and decryption techniques to protect data
  • Implement secure authentication and authorization mechanisms
  • Manage identities and privileged accounts effectively
  • Securely manage and protect sensitive information
  • Implement security best practices specific to the MERN stack
  • Adopt a proactive security mindset throughout the development lifecycle

Who Can Benefit

  • New software developers
  • Experienced software developers needing security concepts
  • Software development managers
  • Database and data analysts tasked with development support

Prerequisites

  • Basic to advanced programming skills in a common development language such as but not limited to C, Java, JavaScript, or Python
  • Understanding of the software development lifecycle

Course Details

Security Concepts

  • CIA Triad: Confidentiality, Integrity, Availability
  • Authentication, Authorization, and Accounting (AAA)
  • Principle of Least Privilege
  • Defense in Depth
  • Software Security Terminology
  • Common Threats and Attacks

Zero Trust

  • Core Principles: Never Trust, Always Verify
  • Zero Trust Maturity Model
  • Identities, Devices, Network
  • Applications and Workloads
  • Data Protection
  • Zero Trust for Developers

OWASP Top Ten

  • OWASP Top 10 and Testing Framework
  • Injection and Broken Authentication
  • Sensitive Data Exposure and XML External Entities (XXE)
  • Broken Access Control and Security Misconfigurations
  • Cross-Site Scripting (XSS) and Insecure Deserialization
  • Using Components with Known Vulnerabilities

Encryption and Decryption

  • Symmetric and Asymmetric Encryption
  • Cryptographic Terminology and Hashing
  • Public Key Infrastructure and Digital Certificates
  • Secure Sockets Layer/Transport Security Layer
  • HTTPS and Digital Signatures

Authentication and Authorization

  • Authentication Factors and SSO Workflow
  • Implementing SSO for MERN Stack
  • OAuth 2 and OpenID Connect

IAM and PAM

  • Identity and Access Management (IAM)
  • Privileged Account Management (PAM)
  • IAM and PAM Tools and Libraries

Secrets Management

  • Guidelines and Secure Configuration
  • Encryption for Secrets
  • Secrets Management Tools

JSON Web Tokens

  • JWT Guidelines and Best Practices
  • Signing JWTs
  • JWT Dos and Don'ts

Risk Management, Governance, and Compliance

  • Secure Architecture and Design
  • NIST Cybersecurity Framework
  • Open-source Vulnerability Management

Data Classification and Protection

  • Classification Controls
  • Information Types: Restricted, Regulated, Confidential

Threat Modeling

  • Basic Steps and STRIDE Overview
  • DREAD Risk Assessment
  • Data Flow

MongoDB Security Best Practices

  • Authentication Mechanisms and Access Control
  • Data Encryption and Input Validation
  • Auditing, Monitoring, and Encryption in MongoDB

HTTP Security Headers

  • What are HTTP Security Headers?
  • helmet.js: Installation and Implementation
  • Content Security Policy (CSP) and X-XSS-Protection

React Security Best Practices

  • Third-party Packages and Dependencies
  • Input Validation and Sanitation
  • Session Management and Security Testing

Node Security Best Practices

  • Packages and Dependencies
  • Access Control and Permissions
  • Logging, Monitoring, and Security Testing
Read Less

Schedule

Upcoming Course Dates

There are currently no scheduled dates for this course. If you are interested in this course, contact us with the form below.

Contact Information
Ascendient Learning would like to occasionally share news about our services and career opportunities via e-mail when we believe it would be relevant to you. Would you like to opt-in to these communications? You may withdraw your consent at any time using the opt-out/preferences link in the emails sent.

FAQ

Does the course schedule include a Lunchbreak?

Classes typically include a 1-hour lunch break around midday. However, the exact break times and duration can vary depending on the specific class. Your instructor will provide detailed information at the start of the course.

What languages are used to deliver training?

Most courses are conducted in English, unless otherwise specified. Some courses will have the word "FRENCH" marked in red beside the scheduled date(s) indicating the language of instruction.

What does GTR stand for?

GTR stands for Guaranteed to Run; if you see a course with this status, it means this event is confirmed to run. View our GTR page to see our full list of Guaranteed to Run courses.

Does Ascendient Learning deliver group training?

Yes, we provide training for groups, individuals and private on sites. View our group training page for more information.

What does vendor-authorized training mean?

As a vendor-authorized training partner, we offer a curriculum that our partners have vetted. We use the same course materials and facilitate the same labs as our vendor-delivered training. These courses are considered the gold standard and, as such, are priced accordingly.

Is the training too basic, or will you go deep into technology?

It depends on your requirements, your role in your company, and your depth of knowledge. The good news about many of our learning paths, you can start from the fundamentals to highly specialized training.

How up-to-date are your courses and support materials?

We continuously work with our vendors to evaluate and refresh course material to reflect the latest training courses and best practices.

Are your instructors seasoned trainers who have deep knowledge of the training topic?

Ascendient Learning instructors have an average of 27 years of practical IT experience and have also served as consultants for an average of 15 years. To stay current, instructors spend at least 25 percent of their time learning new, emerging technologies and courses.

Do you provide hands-on training and exercises in an actual lab environment?

Lab access is dependent on the vendor and the type of training you sign up for. However, many of our top vendors will provide lab access to students to test and practice. The course description will specify lab access.

Will you customize the training for our company’s specific needs and goals?

We will work with you to identify training needs and areas of growth.  We offer a variety of training methods, such as private group training, on-site of your choice, and virtually. We provide courses and certifications that are aligned with your business goals.

How do I get started with certification?

Getting started on a certification pathway depends on your goals and the vendor you choose to get certified in. Many vendors offer entry-level IT certification to advanced IT certification that can boost your career. To get access to certification vouchers and discounts, please contact info@ascendientlearning.com.

Will I get access to content after I complete a course?

You will get access to the PDF of course books and guides, but access to the recording and slides will depend on the vendor and type of training you receive.

How do I request a W9 for Ascendient Learning?

View our filing status and how to request a W9.

Reviews

The training was good but needed the basic skills of maximo before getting deep in the configuration of it.

This is my second course with ExitCertified. This course exceeded my expectations. The teacher was great and the class was fun.

Brandon was a great instructor. The virtual course materials and labs provided were very informative.

ExitCertified provided a very organized way to learn and provided materials to follow along.

very good and spcecific course and above all a very good instructor. In few days I have learned a lot.