Training Curriculum 2017-print-edition - Security Compass · on-demand learning courses that teach...
15
TRAINING CURRICULUM 2017 Q2
Transcript of Training Curriculum 2017-print-edition - Security Compass · on-demand learning courses that teach...
TRAINING CURRICULUM
2017 Q2
3 Why Security Compass?4 Discover Role Based Training6 SSP Suites 7 CSSLP Training 8 Course Catalogue14 What Can We Do For You?
Index
Why Security Compass?
COPYRIGHT © 2017. SECURITY COMPASS. 3
Bite-sized modules work around your students’ busy schedules. They can track their progress to record what they learned and how many more steps to completion.
Modular InteractiveExperience the most personable teachings. Stimulate the mind with the most relevant and up-to-date material.
Role-Based TrainingSecurity Compass provides AppSec focused Training for Developers, Architects, QA, and PM. Theses suites can be tailored to meet your needs.
CertificateSecurity Compass has been selected as the software security training partner of (ISC)². Students have the opportunity to gain an industry recognized certificate, while organizations have the ability to demonstrate their AppSec robustness.
AdaptiveWhether your students are beginners or experts, they can study at their own pace. Our smart learning allows them to skip ahead to the quiz or slow down and focus on key topics.
Discover Role-Based TrainingThe Secure Software Practitioner Suites are a series of on-demand learning courses that teach foundational elements of software security and language-specific secure coding. Each suite caters to your specific role, breaking down the learning so users efficiently learn only what they need. At the conclusion of the course, users will validate their skills by passing a certificate exam.
Brought to you by:
J
Java Suite Includes:Secure Software ConceptsSecure Software DesignOWASP Top 10 2013Secure Software CodingDefending Java
The Java suite covers Java development including fundamental coding concepts, design and implementation. Understand J2EE vulnerabilities common to the OWASP top 10, and see how these vulnerabilities affect Java web applications.
.NET
.NET Suite Includes:Secure Software ConceptsSecure Software DesignOWASP Top 10 2013Secure Software CodingDefending .NET
The .NET suite is designed to help students learn how to make secure software. Learn .NET 4.5 vulnerabilities common to the OWASP Top 10 and see how these vulnerabilities affect .NET applications. Learn defensive coding techniques that can be directly applied to your organization.
PHP
PHP Suite Includes:Secure Software ConceptsSecure Software DesignOWASP Top 10 2013Secure Software CodingDefending PHP
The PHP suite informs students of PHP vulnerabilities common to the OWASP Top 10. Students will learn secure coding defenses and techniques for each vulnerability.
C++
C++ Suite Includes:Secure Software ConceptsSecure Software DesignOWASP Top 10 2013Secure Software CodingDefending C++
The C++ suite presents common vulnerabilities in C/C++ software. Students will learn about safe memory management, insecure functions and how to defend against buffer overflow security concerns in unmanaged languages.
COPYRIGHT © 2017. SECURITY COMPASS. 3 COPYRIGHT © 2017. SECURITY COMPASS. 4
General Suite
G
Includes:Security AwarnessPCI ComplianceOWASP Top 10
The General Suite provides students with fundamental security education, that they can directly apply to their position. Students will learn the 10 most prevalent web application security issues by OWASP and will have a full understanding of PCI-DSS requirement 12.6.1.
IOS
iOS Suite Includes:Secure Software ConceptsSecure Software DesignOWASP Top 10 2013Secure Software CodingDefending iOS
The iOS suite teaches students secure iOS coding techniques to defend against vulnerabilities such as insecure data storage, weak server side controls, lack of binary protections and more.
A
Android Suite Includes:Secure Software ConceptsSecure Software DesignOWASP Top 10 2013Secure Software CodingDefending Android
The Android suite teaches secure coding concepts for Android applications. This includes secure Android coding techniques to defend against vulnerabilities such as insecure data storage, weak server side controls, lack of binary protections and more.
SA
Security Architect Suite Includes:Secure Software ConceptsSecure Software RequirementsSecure Software DesignOWASP Top 10 2013Software Acceptance Threat Model Express
The Architect suite teaches students the key techniques to reducing risk in the development lifecycle by understanding how to correctly identify threats.
QA
QA Suite Includes:Secure Software ConceptsOWASP Top 10 2013Secure Software TestingSoftware Acceptance
The Q/A suite provides students with the ability to analyzes code and understand the principles of secure testing and testing software from a security perspective.
PM
Project Manager Suite Includes:Secure Software ConceptsSecure Software RequirementsSoftware AcceptanceSupply Chain Risk
The Project Manager suite analyzes the full development lifecycle, depicting secure coding, requirements and design. Students will have the ability to define important security criteria to allow software to be promoted to release.
COPYRIGHT © 2017. SECURITY COMPASS. 5COPYRIGHT © 2017. SECURITY COMPASS. 4
COPYRIGHT © 2017. SECURITY COMPASS. 5
Request a demo [email protected]
CERTIFIED SECURE SOFTWARE LIFECYCLE PROFESSIONAL
SECURESOFTWAREPRACTITIONERSUITES
Secure Software Concepts
Secure Software Requirements
Security Awareness
OWASP Top 10
Secure Software Coding
Software Acceptance
Supply Chain Risk
Defending Mobile
Software Development, Operation, Maintenance & Disposal
JAVA .NET PHP iOS P. MGRAND. QA GENSAC++ CSSLP
10
}
10
}
10
}
1010
}
10
}
101010
}
10
}
Defending JavaDefending .NETDefending PHP Defending C++Defending iOSDefending AndroidThreat Model Express
Defending Series
IOS A
Secure Software Design
Secure Software Testing
C++PHP.NETJ SA QA PM G
COPYRIGHT © 2017. SECURITY COMPASS. 7
CSSLP TrainingFollowing completion of CSSLP eLearning, candidates will understand how to reduce the costs of security vulnerabilities throughout all phases of the software development lifecycle.
We offer exam certification in our Training Package with included CSSLP courseware.
8 Domains of SDLC Training
Domain 1 - Secure Software ConceptsConcepts of secure softwarePrinciple of security designPrivacyGovernance, risk and complianceMethodologies of software developmentDomain 1 Summary Quiz
Domain 2 - Secure Software RequirementsPolicy decompositionClassification and categorizationFunctional requirementsOperational securityDomain 2 Summary Quiz
Domain 3 - Secure Software DesignDesign ConsiderationsSecurity Design PrinciplesThe Design Process & Threat ModelingSecuring Common TechnologiesDomain 3 Summary Quiz
Domain 4 - Secure Software CodingProgramming LanguagesCommon Software VulnerabilitiesThe Design Process & Threat ModelingSecure Software ProcessesDomain 4 Summary Quiz
Domain 5 - Secure Software TestingComponents to testingTesting for security and quality assuranceResiliency and reportingDomain 5 Summary Quiz
Domain 6 - Software AcceptanceCriteria for software acceptanceVerification and validationDomain 6 Summary Quiz
Domain 7 - Software Deployment, Operation, Maintenance & Disposal
Installation and deploymentMonitoring and incident responseSoftware disposalDomain 7 Summary Quiz
Domain 8 - Supply Chain And Software Acquisition
Supplier Risk AssessmentIntellectual Property And Legal ComplianceSupplier SourcingSoftware Development & TestSoftware Delivery, Operations & MaintenanceSupplier TransitioningDomain 8 Summary Quiz
COPYRIGHT © 2017. SECURITY COMPASS. 7
Course CatalogueOur focus is on Application Security. We aim to provide business relevant security courses to help your staff champion security and defend your organization’s most valuable software.
CSSLP
# Course Description AudienceTime
General Awareness
SAW101 Security Awareness Understand common security issues faced around the office environment which includes items such as managing e-mail, passwords, mobile devices, and more.
# Course Description
60 mins General Staff
AudienceTime
SAW102 Security Awareness PCI Compliance
Understand payment card compliance including the data security standard and how it affects organizations who manage or process credit card data. This lesson meets PCI-DSS requirement 12.6.1.
10 mins General Staff
APP101 Application Security*NEW Fundamentals
Build a solid understanding of the core concepts of application security. Learn about trending AppSec topics, and discover how AppSec fits into the bigger picture of InfoSec as a whole.
60 mins Developers General Staff
60 mins DevelopersStudents will understand the fundamentals to creating secure code and basic concepts to secure development. This includes the importance of secure design and understanding regulations such as privacy, governance and compliance.
CSP101 Secure Software Concepts
50 mins DevelopersGathering the correct requirements to build secure software is one of the more difficult aspects to ascertain. Students will understand key techniques to reducing risk in the SDLC by understanding how to correctly identify requirements.
CSP102 Secure Software Requirements
SEC202 Threat Model Express
Students will learn about the attacks that their apps may face and then an informal approach to threat modeling. They will first learn the steps in executing a TME, and then they will engage in a guided fictional exercise.
60 mins Developers Architect
SEC101 OWASP Top 10 Understand the top 10 most prevalent web application security issues in 2013 as defined by OWASP. Students will understand each vulnerability and best practices to defending these risks. This course meets PCI compliance requirement 6.5a.
60 mins Developers General Staff
CSSLP
# Course Description
CSP104 Secure Software Coding
Understand the considerations and compromises that must be made when it comes to designing secure software. Students will learn about techniques to design secure software such as Threat Modeling and best practices to securing third party technologies that are often associated with modern software.
40 mins Developers
CSP105 Secure Software Testing
Understand the principles to secure testing and testing software from a security perspective. Students will understand the fundamentals to setting up testing frameworks to promote software resiliency.
40 mins Developers
CSP106 Software Acceptance
Understand how to generate criteria for software acceptance. The focus will be acceptance from a security standpoint and how students can define important security criteria being allowing software to be promoted to release.
25 mins Developers
Audience Time
CSP107 Software Operations Maintenance and Disposal
Understand from an infrastructure perspective, steps to ensure software is secure upon deployment and operation. Students will learn how to monitor software and define procedures to dispose and support software for end-of-life scenarios.
35 mins Developers
CSP108 Supply Chain and Software Acquisition
Understand how to identify risks when sourcing software from the supply chain. Students will learn about risk management, protecting intellectual property, procurement and best practices when outsourcing software to suppliers.
80 mins Developers
85 mins DevelopersUnderstand the considerations and compromises that must be made when it comes to designing secure software. Students will learn about techniques to design secure software such as Threat Modeling and best practices to securing third party technologies that are often associated with modern software.
CSP103 Secure Software Design
Secure Coding
JAV201 Defending Java Understand J2EE vulnerabilities common to the OWASP top 10, and see how these vulnerabilities affect Java web applications. Students will learn secure coding defenses for each vulnerability.
# Course Description
60 mins Developers
Audience Time
NET201 Defending .NET Understand .NET 4.5 vulnerabilities common to the OWASP top 10, and see how these vulnerabilities affect .NET web applications. Students will learn secure coding defenses for each vulnerability.
60 mins Developers
PHP201 Defending PHP Understand PHP5 vulnerabilities common to the OWASP top 10, and see how these vulnerabilities affect PHP web applications. Students will learn secure coding defenses for each vulnerability.
60 mins Developers
CPP201 Defending C Understand desktop software vulnerabilities when it comes to creating software in C/C++. Students will learn about safe memory management, insecure functions and how to defend against buffer overflow security concerns from unmanaged languages.
50 mins Developers
CPP202 Defending ASP*NEW .NET Core in C#
This course covers secure application development using C# in ASP.NET Core. Students will learn about software vulnerabilities and how hackers exploit them, followed by techniques for coding to defend against a variety of attacks.
80 mins Developers
HTM201 Defending HTML5 Learn about HTML standards designed to defend against vulnerable JavaScript, AJAX, JSON and iFrames. Students learn the new technologies available in HTML5 to safely perform cross-domain requests as well as the use of offline storage, cross-origin resource sharing (CORS), cross-domain messaging (CDM), and iFrame sandboxing. Students gain a defensive understanding of the business risks to HTML5 mash-ups.
60 mins Developers
SEC201 Defending Web Application s
Understand web application vulnerabilities typically seen during security testing such as brute force attacks, session management concerns, encryption and more. These aspects although not directly part of the OWASP Top 10, are important to know as they can still lead to security vulnerabilities.
60 mins Developers
Mobile Security
MOB101 Defending Mobile In this code-agnostic course, students will understand the risks to creating mobile applications. Students will learn how hackers attack mobile apps through data is stored on the device, data transmitted in the cloud and data in memory. They will learn best practices to securing mobile apps for any mobile operating system.
# Course Description
60 mins Developers
AudienceTime
IOS201 Defending iOS Students will learn secure coding concepts for the OWASP Mobile Top 10, for iOS apps. This includes understanding the business risks when creating mobile applications and secure iOS coding techniques to defend against vulnerabilities such as insecure data storage, weak server side controls, lack of binary protections and more.
90 mins Developers
AND201 Defending Android Understand secure coding concepts for the OWASP Mobile Top 10, for Android apps. Learn the business risks when creating mobile applications and secure Android coding techniques to defend against vulnerabilities such as insecure data storage, weak server side controls, lack of binary protections and more.
90 mins Developers
Secure Coding
# Course Description AudienceTime
DJA101 Defending Django*NEW
Learn about Django’s built-in security features and other layers of protection to your app. Learn how to set up your projects securely to prevent attacks at run-time and how to secure the admin console. You will also learn how to identify secure and insecure practices to protect your application against common attacks.
40 mins Developers
NOD101 Defending Node.JS*NEW
Understand the security risks when developing and deploying applications in Node.js. Implement defensive coding techniques and configurations to support secure coding for Node.js.
60 mins Developers
Coming Soon
# Course Description
JAV301 Defending JSP Learn how to defend your Java web apps against attacks. Using code samples from Java Server Pages, this course covers a variety of techniques for securing against such vulnerabilities as SQL injection, cross-site scripting/request forgery, man-in-the-middle attacks and more.
CLO101 Secure Cloud Development
Coming Soon
DAT101 Secure Database Development
Coming Soon
What Can We Do For You?We understand application security. We breathe it.
We strive to provide you with the best training for your teams. Our experience helping customers research and manage security risks allows us to embed our training material with the latest threats and vulnerabilities. It means that your staff is ready to respond with forward thinking concepts to securing your most sensitive applications - all tailored to you. Reach out to Security Compass advisors who can help.
