Target Audience: Developers, Architects and Development Managers
Attendance Prerequisites: No specific requirements. 1-2 years development (ideally in Java or .NET) a significant advantage
Course Outline
* Introduction & Outline
– About The Instructor
– Assets and Data
– Intellectual Property and Secrets
– Physical Assets
– Asset Classification and Replaceability
* Risks and Threats
– Top Data Breaches
– Risks
– Key components of a Risk
– Top Sectors for Attacks
* Security Primer
– Risks & Threat Glossary
– Encryption Glossary
– Cryptography Glossary
– Hashing – Digital Signature
– Breaking a cryptographic system
* Four Case Studies
– SWIFT Messaging
– Bitcoin & Ransomware
– Sony Pictures
– Stuxnet
* Security Basics
– Infrastructure Attacks
– Why Use Risk Metrics?
– Cognitive Biases
– Attack Types
– Operational Security (OpSec)
– The Rugged Manifesto
* Security in the Enterprise
– Legal aspects and related definitions
– Understanding Technical and Operational Risk
– Complexity of Enterprise Environment
– Legacy, Lifetime and “Crossing the Chasm”
– Complex Threat Landscape
– Vendor Risk
* Application Security Architecture
– Separation of concerns
– Authentication and Authorisation
– Entitlement systems
– Defence in Depth
– Static Analysis Techniques
– OWASP project
* Web Security
– What’s Good About the Web?
– What’s Bad About the Web?
– XSS & CSRF
– Javascript is Really Evil
– SQL Injection
– Introduction to TLS
– TLS proxying
* Case Studies
– HMRC Web Rebate
– Heartbleed
– Shellshock
– Mobile Security
* The Future of the Web
– HTTP and HTTP/2
– Future Web Architecture