Search
Close this search box.

Introduction to Modern Security

Event type:Tech Skills
Organised by:
360

Event Details

09:30
- 17:00
Fri, December 15 2017
- Fri, December 15 2017

Target Audience: Developers, Architects and Development Managers

Attendance Prerequisites: No specific requirements. 1-2 years development (ideally in Java or .NET) a significant advantage

Course Outline
* Introduction & Outline
– About The Instructor
– Assets and Data
– Intellectual Property and Secrets
– Physical Assets
– Asset Classification and Replaceability

* Risks and Threats
– Top Data Breaches
– Risks
– Key components of a Risk
– Top Sectors for Attacks

* Security Primer
– Risks & Threat Glossary
– Encryption Glossary
– Cryptography Glossary
– Hashing – Digital Signature
– Breaking a cryptographic system

* Four Case Studies
– SWIFT Messaging
– Bitcoin & Ransomware
– Sony Pictures
– Stuxnet

* Security Basics
– Infrastructure Attacks
– Why Use Risk Metrics?
– Cognitive Biases
– Attack Types
– Operational Security (OpSec)
– The Rugged Manifesto

* Security in the Enterprise
– Legal aspects and related definitions
– Understanding Technical and Operational Risk
– Complexity of Enterprise Environment
– Legacy, Lifetime and “Crossing the Chasm”
– Complex Threat Landscape
– Vendor Risk

* Application Security Architecture
– Separation of concerns
– Authentication and Authorisation
– Entitlement systems
– Defence in Depth
– Static Analysis Techniques
– OWASP project

* Web Security
– What’s Good About the Web?
– What’s Bad About the Web?
– XSS & CSRF
– Javascript is Really Evil
– SQL Injection
– Introduction to TLS
– TLS proxying

* Case Studies
– HMRC Web Rebate
– Heartbleed
– Shellshock
– Mobile Security

* The Future of the Web
– HTTP and HTTP/2
– Future Web Architecture

Share with Friends