Microsoft SDL Core Training

Microsoft SDL Core Training

Microsoft SDL Core Training

Certificate: N/A
Duration: 2 days
Course Delivery: Classroom
Accreditor: None
Language: English
Credits: N/A

Course Description:
The Combined SDL core training gives an insight into secure software design, development and testing through Microsoft Secure Development Lifecycle (SDL). It provides a level 100 overview of the fundamental building blocks of SDL, followed by design techniques to apply to detect and fix flaws in early stages of the development process.
Dealing with the development phase, the course gives an overview of the typical security relevant programming bugs of both managed and native code. Attack methods are presented for the discussed vulnerabilities along with the associated mitigation techniques, all explained through a number of hands-on exercises providing live hacking fun for the participants. Introduction of different security testing methods is followed by demonstrating the effectiveness of various testing tools. Participants can understand the operation of these tools through a number of practical exercises by applying the tools to the already discussed vulnerable code.

Learning Objectives:
Individuals certified at this level will have demonstrated:
● Understand basic concepts of security, IT security and secure coding
● Get known to the essential steps of Microsoft Secure Development Lifecycle
● Get practical knowledge in threat modelling
● Learn secure design and development practices
● Understand security testing methodology and tools
● Learn about privacy in software development
● Get sources and further reading on secure coding practices

Both the overview and the teacher was good. How he showed explicitly how commonly appearing insecure code constructs can be misused is very effective as eye openers.
Stockholm, Sweden

Prerequisites:
None
Course Materials:
You will receive the following as part of this course:
● A participant handbook with reference materials
● Virtual machine with the exercises (to be distributed by the instructor on a USB drive)

Course Outline:
IT security and secure coding
● Nature of security
● IT security related terms
● Definition of risk
● Different aspects of IT security
● Requirements of different application areas
● IT security vs. secure coding
● From vulnerabilities to botnets and cyber crime
● Classification of security flaws
Introduction to the Microsoft® Security Development Lifecycle (SDL)
● Agenda
● Applications under attack…
● Origins of the Microsoft SDL…
● What is Microsoft doing about the threat?
● Measurable Improvements At Microsoft
Secure Design Principles
● Agenda
● Microsoft Security Development Lifecycle (SDL)
● SDL Secure Design Principles
● SDL Core Principle: Attack Surface Reduction
● Attack Surface Example
● Attack Surface Analysis
● Attack Surface Analysis Tips
● It’s Not Just About Turning Things Off
● Attack Surface Reduction Examples
● SDL Core Principle: Basic Privacy
● Important Note: Security Does Not Always Guarantee Privacy
● Primary Objectives When Developing Privacy-Aware Applications
● Understanding Application Behaviors and Concerns
● Microsoft Privacy Guidelines for Developing Products and Services
● SDL Core Principle: Threat Modeling
● Threat Modeling In a Nutshell
● Microsoft SDL Threat Modeling Tool
● SDL Core Principle: Defense In Depth
● Defense in Depth Example
● SDL Core Principle: Least Privilege
● Least Privilege Example
● Least Privilege Tips
● SDL Core Principle: Secure Defaults
● Secure Defaults Examples
● Conclusion
Threat modeling
● Threat Modeling Principles
● Threat Modeling Tool Principles
Secure Implementation Principles
● Agenda
● Microsoft Security Development Lifecycle (SDL)
● Secure Implementation Overview
● Input Validation Tips
● Buffer Overflows
● Stack Overflows at Work
● The C/C++ n-Functions Are Safe Right?
● Buffer Overflow Remedies
● Integer Arithmetic Errors
● Integer Arithmetic Error Example
● Integer Arithmetic Error Remedies
● Canonicalization Issues
● Canonicalization Example
● Canonicalization Issue Remedies
● Cross-Site Scripting (XSS) Issues
● Cross-Site Scripting Example: Cookie Stealing
● Cross-Site Scripting Remedies
● SQL Injection Issues
● SQL Injection Example
● SQL Injection Example
● SQL Injection Remedies
● Cryptographic Weaknesses
● Top Common Cryptographic Mistakes
● Remedies for Top Common Cryptographic Weaknesses
● Beware, Not All Cryptographic Standards Are Safe!
● Conclusion
Security testing
● Secure Verification Principles
● Introduction to security testing
● Security testing methodology
● Security testing techniques
Advices and principles
● Matt Bishop’s principles of robust programming
● The security principles of Saltzer and Schroeder
Knowledge sources
● Secure coding sources – a starter kit
● Vulnerability databases

Audience:
Project managers, software developers, architects and testers

Examination:
There are no exams associated with this course

You may also like

Değer Mühendisliği Programı

DEĞER MÜHENDİSLİĞİ PROGRAMI Certified Value Engineer – CVE