Certified Secure Programmer v1.0 (CSP) | New Horizons of Des Moines

> Nearby Locations

Des Moines
515-226-3265

My Account | View Cart

Search: CoursesSite

Download our latest Applications Schedule.

Download our latest Technical Schedule.

Class Outline*

| Request Info | Contact Us

Certified Secure Programmer v1.0

Duration:
5 Days

Overview:
EC-Council's Certified Secure Programmer and Certified Secure Application Developer are being offered to provide essential and fundamental skills to programmers and application developers in secure programming. The most prevalent reason behind buggy code and vulnerabilities being exploited by hackers and malicious code is the lack of adoption of secure coding practices.

The Certified Secure Programmer and Certified Secure Application Developer programs will ensure that programmers and developers are exposed to inherent security drawbacks in various programming languages or architectures. They will be further trained to exercise secure programming practices to overcome these inherent drawbacks in order to preempt bugs from the code.

Certified Secure Programmer lays the basic foundation required by all application developers and development organizations to produce applications with greater stability and posing lesser security risks to the consumer. The Certified Secure Application Developer standardizes the knowledge base for application development by incorporating the best practices followed by experienced experts in various domains.

The distinguishing aspect of ECSP and CSAD is that, unlike vendor or domain specific certifications, it exposes the aspirant to various programming languages from a security perspective. This drives greater appreciation for the platform / architecture / language one specializes on as well as an overview on related ones.

Audience:

The ECSP certification is intended for programmers who are responsible for designing and building secure Windows/Web based applications with .NET/Java Framework. It is designed for developers who have C#, C++, Java, PHP, ASP, .NET, and SQL development skills.

Prerequisites:

Students must have fundamental programming knowledge.

Topics
Lesson 1: Introduction to Secure Coding
Secure Coding Common Security Mistakes Why Security Mistakes Are Made Need for Secure Programming Building Blocks of Software Security Types of Security Vulnerabilities Vulnerability Cycle Types of Attacks Hackers and Attackers Risk Assessment and Threat Modeling STRIDE Threat Model Common Criteria Security Architecture Security Principles Secure Development Checklists Use of Privilege
Lesson 2: Designing Secure Architecture
Introduction to Secure Architecture Application Security Factors Affecting Application Security Software Engineering and System Development Life Cycle (SDLC) Software Development Life Cycle (SDLC) Phases Software Methodology Models Agile Methodologies Extreme Programming (XP) Unified Modeling Language (UML) Vulnerabilities and Other Security Issues in a Software Applications Security Through Obscurity Buffer Overflows Format String Vulnerabilities and Race Conditions Locking Problems Exception Handling Fundamentals of Control Granularity Fail Safe Design Strategies Concepts Input and Parameter Validation Encrypting Secrets in Memory and Storage Scrubbing Information Privilege Levels for Information Access Loose Coupling High Cohesion Change Management and Version Control Software Development Best Practices
Lesson 3: Cryptography
Introduction to Cryptography Encryption Decryption Use Of Cryptography Classical Cryptographic Techniques Modern Cryptographic Techniques Cipher RSA (Rivest Shamir Adleman) Example: RSA Algorithm RSA Attacks Implementing RSA in C++ Data Encryption Standard (DES) DES Overview Implementation of DES in Java RC4, RC5, RC6, Blowfish Overview RC5 Blowfish Algorithm in C Message Digest Functions One-way Bash Functions MD5 Implementing MD5 in Java Secure Hash Algorithm Implementing SHA in Java SSL (Secure Sockets Layer) What is SSH? Algorithms and Security Disk Encryption Government Access to Keys (GAK) Digital Signature Components of a Digital Signature Method of Digital Signature Technology Use of Digital Signature Digital Signature Standard Digital Signature Algorithm: Signature Generation/Verification Digital Signature Algorithms: ECDSA, ElGamal Signature Scheme Challenges and Opportunities Digital Certificates Creating and Verifying a Simple XML Digital Signature in C# Cleversafe Grid Builder Pretty Good Privacy CypherCalc Command Line Scriptor CryptoHeaven Cryptanalysis Cryptography Attacks Brute-Force Attack The distributed.net Organization Summary
Lesson 4: Buffer Overflows
Buffer Overflows Reasons for Buffer Overflow Attacks Why Are Programs/Applications Vulnerable? Understanding Stacks Understanding Heaps Stack-based Buffer Overflow Heap-based Buffer Overflow How to Detect Buffer Overflows in a Program Attacking a Real Program Defense Against Buffer Overflows Return Address Defender (RAD) Tool to Defend Buffer Overflow: StackGuard Tool to Defend Buffer Overflow: Immunix System Vulnerability Search – ICAT Valgrind Insure++ Buffer Overflow Protection Solution: Libsafe Comparing Functions of libc and Libsafe Simple Buffer Overflow in C Code Analysis Summary
Lesson 5: Secure C and C++ Programming
Introduction of C/C++ Vulnerable C/C++ Functions C/C++ Vulnerabilities GCC Extension to Protect Stack-Smashing Attacks Heap-Based Buffer Overflow Off By One/Five Errors Double Free Vulnerablility Secure Memory Allocation Tips Symmetric Encryption Blowfish Algorithm in C Public Key Cryptography Networking Creating an SSL Client in C++ Creating an SSL Server Random Number Generation Problem Random Number API Anti-Tampering Erasing Data from Memory Securely Using C/C++ Preventing Memory From Being Paged to Disk Using Variable Arguments Properly Signal Handling Encapsulation in C++ Best Practices for Input Validation Code Profiling And Memory Debugging Tool: Val grind Summary
Lesson 6: Secure Java and JSP Programming
Introduction to Java Java Virtual Machine (JVM) Java Security Sandbox Model Security Issues with Java SQL Injection Attack Preventive Measures for SQL Injection URL Tampering Denial-of-Service (DoS) Attack on Applet DoS from Opening Untrusted Windows Preventing DOS Attacks .Class File Format Byte Code Attack Reverse Engineering/ Decompilation by Mocha Obfuscation Tools: Jmangle Cinnabar Canner Byte Code Verifier Class Loader Building a SimpleClassLoader Security Manager jarsigner - JAR Signing and Verification Tool Signing an Applet Using RSA-Signed Certificates Signing Tools Getting RSA Certificates Bundling Java Applets as JAR Files Signing Java Applets Using Jarsigner Signing Java Applets Using Netscape Signing Tool Security Extensions Java Authentication and Authorization Service (JAAS) Java Cryptographic Extension (JCE) Java(TM) Secure Socket Extension (JSSE) Creating Secure Client Sockets Creating Secure Server Sockets Choosing the Cipher Suites Java GSS Security Security From Untrusted User Input Cross Site Scripting Overcoming Cross Site Scripting Problem Permissions in Java How to create new types of permissions? Security Policy Specifying an additional Policy File at runtime Policy Tool Best practices for developing secure Java Code Summary
Lesson 7: Secure Java Script and VB Script Programming
Script: Introduction JavaScript Vulnerability XSS Attacks Avoiding XSS? JavaScript Hijacking Defending Against JavaScript Hijacking Decline Malicious Requests Prevent Direct Execution of the JavaScript Response Malicious Script Embedded in Client Web Requests Malicious Script Embedded in Client Web Requests: Effects Malicious Script Embedded in Client Web Requests: Solution Tool: Thicket Obfuscator for JavaScript JavaScript Security in Mozilla Netscape's SignTool Privileges Tool for Encryption: TagsLock Pro Jash: Javascript Command-Line Debugging Tool Tool: Script Encoder Tool: Scrambler VBScript: CryptoAPI Tools Signing A Script (Windows Script Host) Verifying a Script Signature Verification Policy Software Restriction Policies for Windows XP Designing a Software Restriction Policy Creating Additional Rules Blocking Malicious Scripts Summary
Lesson 8: Secure ASP Programming
ASP- Introduction Improving ASP Design Using Server-Side Includes Taking Advantage of VBScript Classes Using Server.Execute Using Server.Transfer The #include Directive .BAK Files on the Server Programming Errors Detecting Exceptions with Scripting Language Error-Handling Mechanisms Using VBScript to Detect an Error Using Jscript to Detect an Error Notifying the Support Team When an Error Occurs Using CheckForError Attacks on ASP ASP DypsAntiSpam: A CAPTCHA for ASP Preventing Automatic Submission With DypsAntiSpam CAPTCHA: Examples Using Database and ASP Sessions to Implement ASP Security Step 1: Create A User Database Table Step 2: Create And Configure The Virtual Directory Step 3: Create The Sample Pages Step 4: Add Validation Code To Pages Protecting Your ASP Pages Encoding ASP Code: Script Encoder Protecting Passwords of ASP Pages with a One-way Hash Function ASP Best Practices ASP Best Practices: Error Handling Summary
Lesson 9: Secure Microsoft.NET Programming
Common Terminology Microsoft .NET: Introduction .NET Framework Security Policy Levels Security Features in .NET Key Concepts in .NET Security Code Access Security (CAS) Evidence-Based Security Role-Based Security Declarative and Imperative Security Cryptography Generate Key for Encryption and Decryption Symmetric Encryption in .Net Asymmetric Encryption in .Net Symmetric Decryption in .Net Asymmetric Decryption in .Net Protecting Client and Server Data Using Encryption Cryptographic Signatures Write a Signature in .Net Verify a Signature in .Net Ensuring Data Integrity with Hash Codes Hash Code Generation Verification of Hash Code Permissions Code Access Permissions Identity Permissions Role-Based Security Permissions SkipVerification Stack Walk Writing Secure Class Libraries Runtime Security Policy Step-By-Step Configuration of Runtime Security Policies Creating a Security Policy Deployment Package Type Safety Canonicalization Access Control List Editor Securing User Credentials and Logon Information Obfuscation Dotfuscator: .NET Obfuscator Tool Administration Tool: Authorization Manager (AzMan) with ASP.Net ASP.NET Security Architecture Authentication and Authorization Strategies URL Authorization File Authorization Windows Authentication Forms Authentication Passport Authentication Custom Authentication Implementing Custom Authentication Scheme Configuring Security with Mscorcfg.msc Process Identity for ASP.NET Impersonation Impersonation Sample Code Secure Communication Storing Secrets Options for Storing Secrets in ASP.NET Web.config Vulnerabilities Securing Session and View State Web Form Considerations Securing Web Services Secure Remoting Create a Remotable Object Secure Data Access .NET Security Tools Code Access Security Policy Tool: Caspol.exe Certificate Creation Tool: Makecert.exe Certificate Manager Tool: Certmgr.exe Certificate Verification Tool: Chktrust.exe Permissions View Tool: Permview.exe PEVerify Tool: Peverify.exe Best Practices for .NET Security Summary
Lesson 10: Secure PHP Programming
Introduction to PHP (Hypertext Preprocessor) PHP Security Blunders Security Sensitive PHP Functions: File Functions Security Sensitive PHP Functions: ezmlm_hash PHP Vulnerabilities Common PHP Attacks Secure PHP Practices Best Practices for PHP Security Acunetix Web Vulnerability Scanner Encryption Software: PHP Codelock Zend Guard POBS Summary
Lesson 11: Secure PERL Programming
Introduction: Practical Extraction and Report Language (PERL) Common Terminology Security Issues in Perl Scripts Basic User Input Vulnerabilities Overcoming Basic User Input Vulnerabilities Insecure Environmental Variables Algorithmic Complexity Attacks Perl: Taint, Strict, and Warnings Taint Mode How Does Taint Mode Work? Taint Checking Using Tainted Data Securing the Program Using Taint Strict Pragma The Setuid Command The Perl crypt() Function Logging Into a Secure Web Site with Perl Script Secure Log-in Checklist Program for Secure Log-in Securing open() Function Unicodes Displaying Unicode As Text Summary
Lesson 12: Secure XML, Web Services, and AJAX Programming
Web Application and Web Services Web Application Vulnerabilities XML- Introduction XSLT and XPath XML Signature An Enveloped, Enveloping and Detached XML Signature Simultaneously XML Encryption Security Considerations for the XML Encryption Syntax Canonicalization Validation Process in XML XML Web Services Security XML-aware Network Devices Expand Network Layer Security Security of URI in XML Security of Opaque Data in XML Growth of XML as Percentage of Network Traffic XML Web Services Security Best Practices XML Security Tools V-Sentry Vordel SOAPbox AJAX- Introduction Anatomy of an AJAX Interaction (Input Validation Example) AJAX: Security Issues How to Prevent AJAX Attacks Tool: HTML Guardian ™ Tool: Sprajax- AJAX Security Scanner Tool: DevInspect Summary
Lesson 13: Secure RPC, ActiveX, and DCOM Programming
RPC Introduction RPC Authentication RPC Authentication Protocol NULL Authentication UNIX Authentication Data Encryption Standard (DES) Authentication Diffie-Hellman Encryption Security Methods Security Support Provider Interface (SSPI) Security Support Providers (SSPs) Secure RPC Protocol RpcServerRegisterAuthInfo Prevents Unauthorized Users from Calling your Server RPC Programming Best Practices Make RPC Function Calls RPC and the Network Writing a Secure RPC Client or Server ActiveX Programming: Introduction Preventing Repurposing SiteLock Template IObjectSafety Interface Code Signing Creating a Code Signing Certificate and Signing an ActiveX Component in Windows Protecting ActiveX Controls DCOM: Introduction Security in DCOM Application-Level Security Security by Configuration Programmatic Security Run As a Launching user Run As a Interactive User Run As a Specific User Security Problem on the Internet Security on the Internet Heap Overflow Vulnerability Workarounds for Heap Overflow Vulnerability Tool: DCOMbobulator DCOM Security Best Practices Summary
Lesson 14: Secure Linux Programming
Introduction Open Source and Security Linux File Structure Basic Linux Commands Linux Networking Commands Linux Processes POSIX Capabilities UTF-8 Security Issues UTF-8 Legal Values Security Linux Programming Advantages Requirements for Security Measure Assurance Enabling Source Address Verification Linux iptables and ipchains Controlling Access by MAC Address Permitting SSH Access Only Network Access Control Layers of Security for Incoming Network Connections Prohibiting Root Logins on Terminal Devices Authentication Techniques Authorization Controls Running a Root Login Shell Protecting Outgoing Network Connections Logging in to a Remote Host Invoking Remote Programs Copying Remote Files Public-key Authentication between OpenSSH Client and Server Authenticating in Cron Jobs Protecting Files File Permissions Shared Directory Encrypting Files Listing Your Keyring Signing and Encrypting Files Encrypting Directories POP/IMAP Mail Server Testing an SSL Mail Connection Securing POP/IMAP with SSL and Pine SMTP Server Testing and Monitoring Testing Login Passwords (John the Ripper) Testing Login Passwords (CrackLib) Testing Search Path Searching Filesystems Effectively Finding Setuid (or Setgid) Programs Securing Device Special Files Looking for Rootkits Tracing Processes Observing Network Traffic Detecting Insecure Network Protocols Detecting Intrusions with Snort Log Files (syslog) Testing a Syslog Configuration Logwatch Filter Structure Program Internals and Approach Minimize Privileges Sample Code Filter Cross-Site Malicious Content on Input Filter HTML/URIs that may be Re-Presented Avoid Buffer Overflow Language-Specific Issues Linux Application Auditing Tool: grsecurity Summary
Lesson 15: Secure Linux Kernel Programming
Introduction to Kernels Building a Linux Kernel Procedures to Follow Post-Build Compiling a Linux Kernel Summary
Lesson 16: Secure Xcode Programming
Introduction to Xcode Mac OS X applications Cocoa Carbon AppleScript Script Editor Script Window Common Data Security Architecture (CDSA) Secure Transport API Set and Cryptographic Service Provider (CSP) Creating SSL Certificate on Mac OS X Server Using SSL with the Web Server Setting up SSL for LDAP rotecting Security Information Security in Mac OS X Security Management Using System Preferences Authentication Methods Encrypted disk images Networking Security Standards Personal firewall Checklist of Recommended steps required to secure Mac OS X Summary
Lesson 17: Secure Oracle PL/SQL Programming
Introduction: PL/SQL Security Issues in Oracle SQL Injection Attacks Defending Against SQL Injection Attacks SQL Manipulation Code Injection Attack Function Call Injection Attack Buffer Overflow and Other Vulnerabilities DBMS_SQL Vulnerabilities in PL/SQL Protecting DBMS_SQL in PL/SQL Types of Database Vulnerability/Attacks Password Management Policy Auditing Policy Oracle Policy Manager Oracle Label Security (OLS) Create an Oracle Label Security Policy Step 1: Define the Policy Step 2: Define the Components of the Labels Step 3: Identify the Set of Valid Data Labels Step 4: Apply Policy to Tables and Schemas Step 5: Authorize Users Step 6: Create and Authorize Trusted Program Units (Optional) Step 7: Configure Auditing (Optional) Oracle Identity Management Security Tools Secure Backups: Tool Obfuscation Obfuscation Sample Code Encryption Using DBMS_CRYPTO Advanced Security Option Row Level Security Oracle Database Vaults: Tool Auditing Auditing Methods Audit Options View Audit Trail Fine-Grained Auditing (FGA) Oracle Auditing Tools (OAT) Testing PL/SQL Programs SQL Unit Testing Tools: SPUnit SQL Unit Testing Tools: TSQLUnit SQL Unit Testing Tools: utPLSQL Steps to Use utPLSQL Summary
Lesson 18: Secure SQL Server Programming
Introduction SQL Server Security Model: Login Creating an SQL Server Login Database User Guest User Permissions Database Engine Permissions Hierarchy Roles User-Defined Roles Application roles Security Features of MS-SQL Server 2005 SQL Server Security Vulnerabilities SQL Injection Attacks Preventing SQL Injection Attacks Sqlninja: SQL Server Injection Tool Data Encryption Built-in Encryption Capabilities Encryption Keys Encryption Hierarchy Transact-SQL Create Symmetric Key in T-SQL Create Asymmetric Key in T-SQL Certificates Create Certificate in T-SQL SQL Server Security: Administrator Checklist SQL Server Installation Best Practices for Database Object Authorization Auditing and Intrusion Detection Enabling Auditing Database Security Auditing Tools Summary
Lesson 19: Secure Network Programming
Basic Network Concepts Basic Web Concepts Network Programming Benefits of Secure Network Programming Network Interface Securing Sockets Ports UDP Datagram and Sockets Internet Address Connecting to secure websites URL Decoder Reading Directly from a URL Content Handler Cookie Policy RMI Connector .Net : Internet Authentication Network Scanning Tool: ScanFi Network Programming Best Practices Summary
Lesson 20: Windows Socket Programming
Introduction to Windows Sockets Windows NT and Windows 2000 Sockets Architecture Socket Programming Client Side Socket Programming Initializing a Socket and Connecting Server-Side Socket Programming Creating a Server Winsock 2.0 Winsock Linking Methods Starting a Winsock 2 API Accepting Connections: AcceptEx WinSock: TransmitFile and TransmitPackets Grabbing a Web Page Using Winsock Generic File – Grabbing Application Writing Client Applications TCP Client Application Sample Code Writing Server Applications TCP Server Application Sample Code Winsock Secure Socket Extensions WSADeleteSocketPeerTargetName Function WSAImpersonateSocketPeer Function WSAQuerySocketSecurity WSARevertImpersonation Function WSASetSocketPeerTargetName Function WSASetSocketSecurity Function SOCKET_SECURITY_SETTINGS Using WinSock to Execute a Web Attack Using Winsock to Execute a Remote Buffer Overflow MDACDos Application Summary
Lesson 21: Writing Shellcodes
Shellcode Introduction Shellcode Development Tools Remote Shellcode Port Binding Shellcode FreeBSD Port Binding Shellcode Clean Port Binding Shellcode Socket Descriptor Reuse Shellcode Local Shellcode The execve Shellcode Executing /bin/sh Byte Code The setuid Shellcode The chroot Shellcode Breaking of chroot jails (Traditional Method) Breaking Out of Chroot Jails on Linux Kernels Windows Shellcode Shellcode Examples Steps to Execute Shell Code Assembly The Write System Call Linux Shellcode for “Hello, world!” The Write System Call in FreeBSD The execve Shellcode in C FreeBSD execve jmp/call Style FreeBSD execve Push Style FreeBSD execve Push Style, Several Arguments Implementation of execve on Linux Linux Push execve Shellcode System Calls The Socket System Call The Bind System Call The Listen System Call The Accept System Call The dup2 System Calls The execve System Call Linux Port Binding Shellcode Compile, Print, and Test Shellcode Reverse Connection Shellcode Socket Reusing Shellcode Linux Implementation of Socket Reusing Shellcode Reusing File Descriptors Using the setuid Root Using the ltrace utility Using GDB Assembly Implementation SysCall Trace RW Shellcode Encoding Shellcode Decoder Implementation and Analysis Decoder Implementation Program Results of Implementation Program OS-Spanning Shellcode Assembly Creation Summary
Lesson 22: Writing Exploits
Introduction to Writing Exploits Targeting Vulnerabilities Remote and Local Exploits Remote and Local Exploits A Two-Stage Exploit Format String Attacks Using %n Character Fixing Format String Bugs User-Supplied Format String Vulnerability CVE-2000-0763 TCP/IP Vulnerabilities Race Conditions File Race Conditions Signal Race Conditions Input Validation Error in a man Program Case Study: ‘man’ Input Validation Error (Snippet 1) Case Study: ‘man’ Input Validation Error (Snippet 2) Writing Exploits and Vulnerability Checking Programs Stack Overflow Exploits Memory Organization Stack Overflows Finding Exploitable Stack Overflows in Open-Source Software Finding Exploitable Stack Overflows in Closed-Source Software Heap Corruption Exploits Doug Lea Malloc Figure: Dlmalloc Chunk Figures: Fake Chunk, Overwritten Chunk OpenSSL SSLv2 Malformed Client Key Remote Buffer Overflow Vulnerability CAN-2002-0656 Exploitation Exploitation Sample Code The Complication Improving the Exploit Integer Bug Exploits Integer Wrapping Program: Addition-Based Integer Wrapping Multiplication-Based Integer Wrapping Bypassing Size Checks Using the Metasploit Framework Determining Attack Vector Finding the Offset: Overwriting the Return Address The First Attack String Overwriting EIP with a Known Pattern Selecting a Control Vector Finding a Return Address Selecting the Search Method in the Metasploit Opcode Database Search Method in Metasploit Opcode Database Using the Return Address Increasing Reliability with a Nop Sled Choosing a Payload and Encoder List of Available Encoders Choosing a Payload and Encoder: msfencode Results The msfweb Payload Generation Setting msfweb Payload Options msfweb Generated and Encoded Payload Integrating Exploits into Framework Summary
Lesson 23: Programming Port Scanners and Hacking Tools
Port Scanner libpcap Packet Capturing Example Saving Captured Packets to a File The wiretap Library Adding a new file format to the wiretap library The wtap Struct Creating a New Dissector Programming the Dissector Adding a tap Module Nessus Attack Scripting Language (NASL) Writing Personal-Use Tools in NASL Programming in the Nessus Framework Porting to and from NASL Metasploit Framework (MSF) msfweb Interface Selecting the Exploit Module The msfconsole Interface The msfcli Interface Updating the MSF Writing Basic Rules The Rule Header Rule Options Writing Advanced Rules: Perl-Compatible Regular Expressions (PCRE) The Byte_test and Byte_jump Function Optimizing Rules Testing Rules Writing Detection Plugins Netcat Source Code Summary
Lesson 24: Secure Mobile phone and PDA Programming
Mobile Phone Programming Different OS Structure in Mobile Phone Symbian Operating System Guidelines for Securing Symbian OS PalmOS PalmOS Vulnerabilities HotSync Vulnerability Creator ID Switching Windows Mobile Calling Secure Web Services Security Practices for Windows Mobile Programming Comparison of Common Programming Tasks PDA Programming PDA Security Issues Security Policies for PDAs PDA Security Products PDA Security Vendors Java 2 Micro Edition (J2ME) J2ME Architecture J2ME Security Issues CLDC Security Mobile Information Device Profile (MIDP) MIDP Security Programming the BlackBerry With J2ME Security and Trust Services API (SATSA) for J2ME: The Security APIs Certificate Enrollment in SATSA Generating a Private Key and Certificate Signing Request in SATSA Verifying the CSR Storing a Certificate into the Certificate Local Store Data Integrity with Message Digests Generating a Message Digest Verifying a Message Digest Authentication With Digital Signatures Signing a byte Array for Authentication Purposes Verifying a Digital Signature using SATSA Data Confidentiality - Using Ciphers for Data Encryption Using Cipher to Encrypt Data using a Symmetric Encryption Using Cipher to Decrypt Data using a Symmetric Encryption Security Issues in Bluetooth Security Attacks in Bluetooth Devices Bluetooth security Bluetooth Security : Key Management Tool: Bluekey Tool: BlueWatch Tool: BlueSweep Tool: Bluediving Tool: Smartphone Security Client Tool: BlueFire Mobile Security Enterprise Edition Mobile Phone Security Tips Defending Cell Phones and PDAs Against Attack Antivirus Tools for Mobile Devices F-Secure Antivirus for Palm OS Summary
Lesson 25: Secure Game Designing
Game Designing Introduction Threats to Online Gaming Game Authoring Tools Game Engine Best Practices for Secure Game Designing Summary
Lesson 26: Securing E-Commerce Applications
Purpose of Secure E-Commerce Application E-Business Concepts: Secure Electronic Transaction (SET) Using SET Secure Socket Layer (SSL) SSL Certificates VeriSign SSL Certificates Entrust SSL Certificates Digital Certificates Digital Signature Digital Signature Algorithms: ECDSA, ElGamal Signature Scheme HACKER SAFE® Certification HACKER SAFE Technology Guidelines for Developing Secure E-Commerce Applications Summary
Lesson 27: Software Activation, Piracy Blocking, and Automatic Updates
Software Activation: Introduction Software Activation Process Software Activation: Advantages Activation Explained Online License Management Server Activation Policies Policy Control Parameters Piracy The Effects of piracy Piracy Blocking Digital Right Management (DRM) Software Piracy Protection Strategies Copy protection for DVDs Application Framework –DVD Copy Protection System Content Protection During Digital Transmission Watermark System Design Issues Costs Effectiveness False Positives Rate Interaction with MPEG compression Detector Placement Copy Generation Management Tool: Crypkey EnTrial Key Generation EnTrial Distribution File EnTrial Product & Package Initialization Dialog Windows Automatic Updates Summary
Lesson 28: Secure Application Testing
Software Development Life Cycle (SDLC) Introduction to Testing Types of Testing White Box Testing Types of White Box Testing Dynamic White-Box Testing Integration Test Regression Testing System Testing Black Box Testing Load Testing Strategies For Load Testing Functional Testing Testing Steps Creating Test Strategy Creating Test Plan Creating Test Cases and Test Data Executing, Bug Fixing and Retesting Classic Testing Mistakes User Interface Errors Good User Interfaces Use Automatic Testing and Tools Generic Code Review Che Software Testing Best Practices Testing Tool Real Time Testing Summary
Lesson 29: Writing Secure Documentation and Error Messages
Error Message Common Error Messages Error Messages: Categories Good Error Message Error Message in a Well-designed Application Good Error Message Example Miscommunications in Error Messages Error Message Usability Checklist Guidelines For Creating Effective Error Messages Best Practices for Designing Error Messages Error Messages: Examples Security Issues in an Error Message Security Precautions in Documentation Summary

*Content, days, and times vary depending on your location. Please view the outline prior to purchase or contact the local center for more information.