8293  Reviews star_rate star_rate star_rate star_rate star_half

Secure Coding and Threat Modeling for Software Developers

This Security fundamentals course covers basic security concepts and more advanced topics, such as threat modeling and risk management. By the end of this course, students understand the principles...

Read More
By Request
$1,195 USD
Duration 3 days
Course Code WA3358
Available Formats Classroom

Overview

This Security fundamentals course covers basic security concepts and more advanced topics, such as threat modeling and risk management. By the end of this course, students understand the principles of information security, apply security concepts to real-world situations, implement security controls to protect information assets, evaluate the security of information systems, and manage information security risks.

Skills Gained

  • Understand fundamental security principles
  • Apply the Zero Trust model to enhance security
  • Mitigate the OWASP Top 10 web application vulnerabilities
  • Apply encryption and decryption techniques to protect data
  • Implement secure authentication and authorization mechanisms
  • Manage identities and privileged accounts effectively
  • Securely manage and protect sensitive information
  • Implement security best practices specific to the MERN stack
  • Adopt a proactive security mindset throughout the development lifecycle

Who Can Benefit

  • New software developers
  • Experienced software developers needing security concepts
  • Software development managers
  • Database and data analysts tasked with development support

Prerequisites

  • Basic to advanced programming skills in a common development language such as but not limited to C, Java, JavaScript, or Python
  • Understanding of the software development lifecycle

Course Details

Security Concepts

  • Introduction
  • CIA Triad
  • Confidentiality
  • Integrity
  • Availability
  • Identification
  • Authentication, Authorization, and Accounting (AAA)
  • Principle of Least Privilege
  • Separation of Duties
  • Non-repudiation
  • Defense in Depth
  • Defense in Depth as a Developer
  • Software Security Terminology
  • Software Security Terminology
  • Common Threats
  • Common Attacks

Zero Trust

  • Zero Trust Core Principles
  • Never Trust, Always Verify
  • Assume Breach
  • Apply Least-privilege
  • The Zero Trust Maturity Model
  • Identities
  • Devices
  • Network
  • Applications and Workloads
  • Data
  • Zero Trust and Developers

OWASP Top Ten

  • The OWASP Top Ten
  • OWASP Top 10
  • OWASP Testing Framework
  • 2021 OWASP Top 10 Details
  • Injection
  • Broken Authentication
  • Sensitive Data Exposure
  • XML External Entity (XXE)
  • Broken Access Control
  • Security Misconfigurations
  • Cross-Site Scripting (XSS)
  • Insecure Deserialization
  • Insuficient Logging & Monitoring

Encryption and Decryption

  • Encryption and Decryption
  • Three Key Ideas
  • Terminology
  • Cryptographic Terminology
  • Symmetric Encryption
  • Some Common Symmetric Algorithms
  • Asymmetric Encryption
  • Common Asymmetric Algorithms
  • Hashing
  • Secure Hashing Algorithm
  • Public Key Infrastructure
  • Digital Certificates
  • Certificate Authorities
  • X.509 Certificates
  • Parts of a certificate
  • Secure Sockets Layer/Transport Security Layer
  • SSL (TLS) Certificate
  • HTTPS
  • HTTPS Provides
  • How does HTTPS work?
  • HTTPS and Certificates
  • Digital Signatures
  • Code-signing Certificates

Authentication and Authorization

  • What is Authentication?
  • Authentication Factors
  • Authentication vs. Authorization
  • Introduction to Single Sign-On (SSO)
  • SSO Workflow
  • Single Logout (SLO)
  • Advantages of SSO
  • Implementing SSO for MERN Stack
  • Choose an SSO provider
  • Authentication and Authorization in MERN
  • Integrate SSO into your application
  • Test and secure your SSO implementation:
  • OAuth 2
  • OAuth Roles
  • OAuth Protocol Flow
  • OpenID Connect
  • OpenID Connect

IAM and PAM

  • Identity and Access Management (IAM)
  • Privileged Account Management (PAM)
  • PAM User Audience
  • PAM Access Control
  • PAM and IAM Compared
  • IAM Tools and Libraries
  • PAM Tools and Libraries

Secrets Management

  • Secrets Management Guidelines
  • Separate Secrets from Source Code
  • Use a Secure Configuration Approach
  • Employ Encryption for Secrets
  • Utilize Secrets Management Tools
  • Follow Security Best Practices

JSON Web Tokens

  • JSON Web Tokens (JWT)
  • JWT Guidelines
  • JSON Web Tokens Best Practices
  • Signing JWTs
  • Signing Tokens
  • JWT Dos
  • JWT Don’ts

Risk Management, Governance, and Compliance

  • Secure Architecture and Design General Principles
  • Secure Architecture and Design for MERN Principles
  • Supply Chain Security
  • NIST Cybersecurity Framework
  • Identify
  • Protect
  • Detect
  • Respond
  • Recover
  • Open-source Vulnerability Management

Data Classification and Protection

  • Classification Controls
  • Define and Document
  • Travelers Data Classifications
  • Restricted information
  • Regulated Personal Information
  • Confidential information
  • Internal information
  • Public information

Threat Modeling

  • Basic Steps
  • STRIDE Overview
  • DREAD Risk Assessment
  • Data flow

MongoDB Security Best Practices

  • Use strong authentication mechanisms:
  • Limit remote access
  • Implement role-based access control
  • Encrypt your data
  • Keep MongoDB up to date
  • Implement proper input validation
  • Enable auditing and monitoring
  • Encrypting Data in MongoDB
  • What are HTTP Security Headers?
  • helmet.js
  • Why Use helmet.js?
  • Installing helmet.js
  • Implementing helmet.js
  • Content Security Policy (CSP)
  • X-XSS-Protection and X-Frame-Options

React Security Best Practices

  • The React Virtual DOM is not enough
  • Regularly update third-party packages and dependencies
  • Encrypt sensitive data
  • Implement authentication and authorization
  • Validate and sanitize user input
  • Protect against cross-site scripting (XSS) attacks
  • Securely handle session management
  • Implement secure communication
  • Follow React security best practices
  • Keep your code modular and readable
  • Perform security testing

Node Security Best Practices

  • Node in the application flow
  • Regularly update packages and dependencies
  • Encrypt sensitive data
  • Implement secure authentication
  • Use security linters and scanners
  • Secure transmission of data
  • Control access and permissions
  • Validate and sanitize user input
  • Implement logging and monitoring
  • Perform security testing
  • Follow security best practices for the entire MERN stack
  • Security is a PROCESS
Read Less

Schedule

Upcoming Course Dates

There are currently no scheduled dates for this course. If you are interested in this course, contact us with the form below.

Contact Information
Address

FAQ

Does the course schedule include a Lunchbreak?

Classes typically include a 1-hour lunch break around midday. However, the exact break times and duration can vary depending on the specific class. Your instructor will provide detailed information at the start of the course.

What languages are used to deliver training?

Most courses are conducted in English, unless otherwise specified. Some courses will have the word "FRENCH" marked in red beside the scheduled date(s) indicating the language of instruction.

What does GTR stand for?

GTR stands for Guaranteed to Run; if you see a course with this status, it means this event is confirmed to run. View our GTR page to see our full list of Guaranteed to Run courses.

Does Ascendient Learning deliver group training?

Yes, we provide training for groups, individuals and private on sites. View our group training page for more information.

What does vendor-authorized training mean?

As a vendor-authorized training partner, we offer a curriculum that our partners have vetted. We use the same course materials and facilitate the same labs as our vendor-delivered training. These courses are considered the gold standard and, as such, are priced accordingly.

Is the training too basic, or will you go deep into technology?

It depends on your requirements, your role in your company, and your depth of knowledge. The good news about many of our learning paths, you can start from the fundamentals to highly specialized training.

How up-to-date are your courses and support materials?

We continuously work with our vendors to evaluate and refresh course material to reflect the latest training courses and best practices.

Are your instructors seasoned trainers who have deep knowledge of the training topic?

Ascendient Learning instructors have an average of 27 years of practical IT experience and have also served as consultants for an average of 15 years. To stay current, instructors spend at least 25 percent of their time learning new, emerging technologies and courses.

Do you provide hands-on training and exercises in an actual lab environment?

Lab access is dependent on the vendor and the type of training you sign up for. However, many of our top vendors will provide lab access to students to test and practice. The course description will specify lab access.

Will you customize the training for our company’s specific needs and goals?

We will work with you to identify training needs and areas of growth.  We offer a variety of training methods, such as private group training, on-site of your choice, and virtually. We provide courses and certifications that are aligned with your business goals.

How do I get started with certification?

Getting started on a certification pathway depends on your goals and the vendor you choose to get certified in. Many vendors offer entry-level IT certification to advanced IT certification that can boost your career. To get access to certification vouchers and discounts, please contact info@ascendientlearning.com.

Will I get access to content after I complete a course?

You will get access to the PDF of course books and guides, but access to the recording and slides will depend on the vendor and type of training you receive.

How do I request a W9 for Ascendient Learning?

View our filing status and how to request a W9.

Reviews

I was very satisfied about how the course was organized. Sean Did a very good work

Very good material, the instructor was clear explaining the topics, and the labs were easy to follow it.

it was good and very informative. Instructure covered everything in detail.

vary good online learning. instructor is vary good the way he explained every thing.

my experince was great from the day i regetered to the actuall day of the class.