59 IT Security courses in Bradford delivered Live Online

Duration 2 Days 12 CPD hours This course is intended for The intended audience for this comprehensive course on Information Assurance and STIGs includes professionals with roles such as: IT professionals - System administrators, network engineers, and security analysts who are responsible for maintaining and securing IT infrastructure and web applications. Developers - Software engineers and web developers who design, implement, and maintain web applications, and need to integrate security best practices throughout the development process. Project teams - Cross-functional teams that collaborate on application development projects, including members from development, testing, and deployment teams. Technical leads - Senior software engineers or architects who oversee technical aspects of projects and ensure the implementation of secure design and coding practices. Project managers - Professionals responsible for planning, executing, and closing projects, ensuring that security requirements are met throughout the project lifecycle. Overview Working in an interactive learning environment, guided by our application security expert, you'll explore: The concepts and terminology behind defensive coding Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets The entire spectrum of threats and attacks that take place against software applications in today's world The role that static code reviews and dynamic application testing to uncover vulnerabilities in applications The vulnerabilities of programming languages as well as how to harden installations The basics of Cryptography and Encryption and where they fit in the overall security picture The requirements and best practices for program management as specified in the STIGS The processes and measures associated with the Secure Software Development (SSD) The basics of security testing and planning Understand the concepts and terminology behind defensive coding Understand Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets Learn the entire spectrum of threats and attacks that take place against software applications in today's world Discuss the role that static code reviews and dynamic application testing to uncover vulnerabilities in applications Understand the vulnerabilities of programming language as well as how to harden installations Understand the basics of Cryptography and Encryption and where they fit in the overall security picture Understand the fundamentals of XML Digital Signature and XML Encryption as well as how they are used within the web services arena Understand the requirements and best practices for program management as specified in the STIGS Understand the processes and measures associated with the Secure Software Development (SSD) Understand the basics of security testing and planning The Information Assurance (STIG) Overview is a comprehensive two-day course that delves into the realm of Information Assurance, empowering you to enhance your cybersecurity skills, understand the essentials of STIGs, and discover cutting-edge web application security practices. This immersive experience is tailored for IT professionals, developers, project teams, technical leads, project managers, testing/QA personnel, and other key stakeholders who seek to expand their knowledge and expertise in the evolving cybersecurity landscape. The course focuses on the intricacies of best practices for design, implementation, and deployment, inspired by the diverse and powerful STIGs, ultimately helping participants become more proficient in application security.The first half of the course covers the foundations of DISA's Security Technical Implementation Guides (STIGs) and learn the ethical approach to bug hunting, while exploring the language of cybersecurity and dissecting real-life case studies. Our expert instrtors will guide you through the importance of respecting privacy, working with bug bounty programs, and avoiding common mistakes in the field.The next half delves into the core principles of information security and application protection, as you learn how to identify and mitigate authentication failures, SQL injections, and cryptographic vulnerabilities. You?ll gain experience with STIG walkthroughs and discover the crucial steps for securing web applications.Throughout the course, you'll also explore the fundamentals of application security and development, including checklists, common practices, and secure development lifecycle (SDL) processes. You?ll learn from recent incidents and acquire actionable strategies to strengthen your project teams and IT organizations. You'll also have the opportunity to explore asset analysis and design review methodologies to ensure your organization is prepared to face future cybersecurity challenges. DISA's Security Technical Implementation Guides (STIGs) The motivations behind STIGs Requirements that the various software development roles must meet Implementing STIG requirements and guidelines Why Hunt Bugs? The Language of CyberSecurity The Changing Cybersecurity Landscape AppSec Dissection of SolarWinds The Human Perimeter Interpreting the 2021 Verizon Data Breach Investigation Report First Axiom in Web Application Security Analysis First Axiom in Addressing ALL Security Concerns Lab: Case Study in Failure Safe and Appropriate Bug Hunting/Hacking Working Ethically Respecting Privacy Bug/Defect Notification Bug Bounty Programs Bug Hunting Mistakes to Avoid Principles of Information Security Secuity Is a Lifecycle Issue Minimize Attack Surface Area Layers of Defense: Tenacious D Compartmentalize Consider All Application States Do NOT Trust the Untrusted Identification and Authentication Failures Applicable STIGs Quality and Protection of Authentication Data Proper hashing of passwords Handling Passwords on Server Side Session Management HttpOnly and Security Headers Lab: STIG Walk-Throughs Injection Applicable STIGs Injection Flaws SQL Injection Attacks Evolve Drill Down on Stored Procedures Other Forms of Server-Side Injection Minimizing Injection Flaws Client-side Injection: XSS Persistent, Reflective, and DOM-Based XSS Best Practices for Untrusted Data Lab: STIG Walk-Throughs Applications: What Next? Common Vulnerabilities and Exposures CWE/SANS Top 25 Most Dangerous SW Errors Strength Training: Project Teams/Developers Strength Training: IT Organizations Cryptographic Failures Applicable STIGs Identifying Protection Needs Evolving Privacy Considerations Options for Protecting Data Transport/Message Level Security Weak Cryptographic Processing Keys and Key Management Threats of Quantum Computing Steal Now, Crack Later Threat Lab: STIG Walk-Throughs Application Security and Development Checklists Checklist Overview, Conventions, and Best Practices Leveraging Common AppSec Practices and Control Actionable Application Security Additional Tools for the Toolbox Strength Training: Project Teams/Developers Strength Training: IT Organizations Lab: Recent Incidents SDL Overview Attack Phases: Offensive Actions and Defensive Controls Secure Software Development Processes Shifting Left Actionable Items Moving Forward Lab: Design Study Review Asset Analysis Asset Analysis Process Types of Application-Related Assets Adding Risk Escalators Discovery and Recon Design Review Asset Inventory and Design Assets, Dataflows, and Trust Boundaries Risk Escalators in Designs Risk Mitigation Options

Duration 2 Days 12 CPD hours This course is intended for Security architects System designers Network administrators Operations engineers Network managers, network or security technicians, and security engineers and managers responsible for web security Cisco integrators and partners Overview After taking this course, you should be able to: Describe Cisco WSA Deploy proxy services Utilize authentication Describe decryption policies to control HTTPS traffic Understand differentiated traffic access policies and identification profiles Enforce acceptable use control settings Defend against malware Describe data security and data loss prevention Perform administration and troubleshooting The Securing the Web with Cisco Web Security Appliance (SWSA) v3.0 course shows you how to implement, use, and maintain Cisco© Web Security Appliance (WSA), powered by Cisco Talos, to provide advanced protection for business email and control against web security threats. Through a combination of expert instruction and hands-on practice, you?ll learn how to deploy proxy services, use authentication, implement policies to control HTTPS traffic and access, implement use control settings and policies, use the solution?s anti-malware features, implement data security and data loss prevention, perform administration of Cisco WSA solution, and more. Describing Cisco WSA Technology Use Case Cisco WSA Solution Cisco WSA Features Cisco WSA Architecture Proxy Service Integrated Layer 4 Traffic Monitor Data Loss Prevention Cisco Cognitive Intelligence Management Tools Cisco Advanced Web Security Reporting (AWSR) and Third-Party Integration Cisco Content Security Management Appliance (SMA) Deploying Proxy Services Explicit Forward Mode vs. Transparent Mode Transparent Mode Traffic Redirection Web Cache Control Protocol Web Cache Communication Protocol (WCCP) Upstream and Downstream Flow Proxy Bypass Proxy Caching Proxy Auto-Config (PAC) Files FTP Proxy Socket Secure (SOCKS) Proxy Proxy Access Log and HTTP Headers Customizing Error Notifications with End User Notification (EUN) Pages Utilizing Authentication Authentication Protocols Authentication Realms Tracking User Credentials Explicit (Forward) and Transparent Proxy Mode Bypassing Authentication with Problematic Agents Reporting and Authentication Re-Authentication FTP Proxy Authentication Troubleshooting Joining Domains and Test Authentication Integration with Cisco Identity Services Engine (ISE) Creating Decryption Policies to Control HTTPS Traffic Transport Layer Security (TLS)/Secure Sockets Layer (SSL) Inspection Overview Certificate Overview Overview of HTTPS Decryption Policies Activating HTTPS Proxy Function Access Control List (ACL) Tags for HTTPS Inspection Access Log Examples Understanding Differentiated Traffic Access Policies and Identification Profiles Overview of Access Policies Access Policy Groups Overview of Identification Profiles Identification Profiles and Authentication Access Policy and Identification Profiles Processing Order Other Policy Types Access Log Examples ACL Decision Tags and Policy Groups Enforcing Time-Based and Traffic Volume Acceptable Use Policies, and End User Notifications Defending Against Malware Web Reputation Filters Anti-Malware Scanning Scanning Outbound Traffic Anti-Malware and Reputation in Policies File Reputation Filtering and File Analysis Cisco Advanced Malware Protection File Reputation and Analysis Features Integration with Cisco Cognitive Intelligence Enforcing Acceptable Use Control Settings Controlling Web Usage URL Filtering URL Category Solutions Dynamic Content Analysis Engine Web Application Visibility and Control Enforcing Media Bandwidth Limits Software as a Service (SaaS) Access Control Filtering Adult Content Data Security and Data Loss Prevention Data Security Cisco Data Security Solution Data Security Policy Definitions Data Security Logs Performing Administration and Troubleshooting Monitor the Cisco Web Security Appliance Cisco WSA Reports Monitoring System Activity Through Logs System Administration Tasks Troubleshooting Command Line Interface References Comparing Cisco WSA Models Comparing Cisco SMA Models Overview of Connect, Install, and Configure Deploying the Cisco Web Security Appliance Open Virtualization Format (OVF) Template Mapping Cisco Web Security Appliance Virtual Machine (VM) Ports to Correct Networks Connecting to the Cisco Web Security Virtual Appliance Enabling Layer 4 Traffic Monitor (L4TM) Accessing and Running the System Setup Wizard Reconnecting to the Cisco Web Security Appliance High Availability Overview Hardware Redundancy Introducing Common Address Redundancy Protocol (CARP) Configuring Failover Groups for High Availability Feature Comparison Across Traffic Redirection Options Architecture Scenarios When Deploying Cisco AnyConnect© Secure Mobility Additional course details: Nexus Humans SWSA v3.0-Securing the Web with Cisco Web Security Appliance training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the SWSA v3.0-Securing the Web with Cisco Web Security Appliance course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 3 Days 18 CPD hours This course is intended for Networking and security professionals involved in the management, configuration, administration, and monitoring of FortiGate devices used to secure their organizations' networks should attend this course. You should have a thorough understanding of all the topics covered in the FortiGate Security course before attending the FortiGate Infrastructure course. Overview After completing this course, the successful student should be able to: Deploy the appropriate operation mode for your network Use the GUI and CLI for administration Control network access to configured networks using firewall policies Apply port forwarding, source NAT, and destination NAT Authenticate users using firewall policies Understand encryption functions and certificates Inspect SSL/TLS-secured traffic to prevent encryption used to bypass security policies Configure security profiles to neutralize threats and misuse, including viruses, torrents, and inappropriate websites Apply application control techniques to monitor and control network applications that might use standard or non-standard protocols and ports Fight hacking and denial of service (DoS) Collect and interpret log entries Identify the characteristics of the Fortinet Security Fabric In this three-day course, you will learn how to use the most common FortiGate features, including security profiles. In interactive labs, you will explore firewall policies, the Fortinet Security Fabric, user authentication, and how to protect your network using security profiles, such as IPS, antivirus, web filtering, application control, and more. These administration fundamentals will provide you with a solid understanding of how to implement basic network security. Product Version FortiOS 7.2 Course Outline 1. Introduction and Initial Configuration 2. Firewall Policies 3. Network Address Translation 4. Firewall Authentication 5. Logging and Monitoring 6. Certificate Operations 7. Web Filtering 8. Application Control 9. Antivirus 10. Intrusion Prevention and Denial of Service 11. Security Fabric

Duration 1 Days 6 CPD hours This course is intended for This course is intended for Administrator, Database Administrator, End User, Network Administrator, and Systems Administrator. Overview Upon completion of this course, students will be able to Describe and determine database security requirements, Understand Oracle security solutions to help meet security requirements, Implement basic database security, Configure network security, and Discover basic security configuration issues. This Introduction to Oracle Database Security Ed 1 training teaches you how to use Oracle Database features to help meet the security, privacy and compliance requirements of your organization. Introduction Course Objectives Course Schedule Detective Security Controls Preventive Security Controls Your Learning Aids Basic Workshop Architecture Understanding Security Requirements Fundamental Data Security Requirements Security Risks Techniques to Enforce Security Choosing Security Solutions Database Access Control: Authentication Protecting Against Database Bypass with Encryption Protecting Sensitive Data Protecting against Application Bypass Detecting Threats Compliance Implementing Basic Database Security Database Security Checklist Reducing Administrative Effort Principle of Least Privilege Objects Protection Configuring Network Security Network Access Control Listener Security Listener Usage Control Manage fine-grained access to external network services Discovering Basic Configuration Issues Accessing Enterprise Manager Security Reports Using Various Security Reports

Duration 69 Days 414 CPD hours Cisco Learning Library: Security offers a subscription to all Cisco online cybersecurity and cyber operations training, including extensive sk This comprehensive technical training library offers full-length, interactive certification courses, product and technology training with labs, and thousands of reference materials. Security Library Certification Courses CCNP Security Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0 Securing Networks with Cisco Firepower Next Generation Firewall (SSNGFW) v1.0 Securing Networks with Cisco Firepower Next-Generation IPS (SSFIPS) v4.0 Implementing and Configuring Cisco Identity Services Engine (SISE) v3.0 Securing Email with Cisco Email Security Appliance (SESA) v3.0 Securing the Web with Cisco Web Security Appliance (SWSA) v3.0 Implementing Secure Solutions with Virtual Private Networks (SVPN) v1.0 Implementing Automation for Cisco Security Solutions (SAUI) v1.0 CCIE Security Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0 Product and Technology Training Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0 Implementing Automation for Cisco Security Solutions (SAUI) v1.0 Understanding Cisco Cybersecurity Fundamentals (SECFND) v1.0 Implementing Cisco Cybersecurity Operations (SECOPS) v1.0 Implementing Secure Solutions with Virtual Private Networks (SVPN) v1.0 Implementing an Integrated Threat Defense Solution (SECUR201) v1.0 Integrated Threat Defense Investigation and Mitigation (SECUR202) v1.0 Securing Cisco Networks with Snort Rule Writing Best Practices (SSFRules) v2.0 Securing Cisco Networks with Open Source Snort (SSFSNORT) v3.0 Securing Networks with Cisco Firepower Next Generation Firewall (SSNGFW) v1.0 Securing Email with Cisco Email Security Appliance (SESA) v3.0 Securing the Web with Cisco Web Security Appliance (SWSA) v3.0 Securing Networks with Cisco Firepower Next-Generation IPS (SSFIPS) v4.0 Introduction to 802.1X Operations for Cisco Security Professionals (802.1X) v2.0 Securing Industrial IoT Networks with Cisco Technologies (ISECIN) v1.0 Implementing and Configuring Cisco Identity Services Engine (SISE) v3.0 Protecting Against Malware Threats with Cisco AMP for Endpoints (SSFAMP) v5.0 Introducing Cisco Cloud Consumer Security (SECICC) v1.0 Securing Cloud Deployments with Cisco Technologies (SECCLD) v1.0 Configuring Cisco ISE Essentials for SD-Access (ISESDA) v1.0 Securing Branch Internet and Cloud Access with Cisco SD-WAN (A-SDW-BRSEC)

Duration 3 Days 18 CPD hours This course is intended for Networking and security professionals involved in the management, configuration, administration, and monitoring of FortiGate devices used to secure their organizations' networks. Overview Deploy the appropriate operation mode for your network. Use the GUI and CLI for administration. Identify the characteristics of the Fortinet security fabric. Control network access to configured networks using firewall policies. Apply port forwarding, source NAT, and destination NAT. Authenticate users using firewall policies. Understand encryption functions and certificates. Inspect SSL/TLS-secured traffic to prevent encryption used to bypass security policies. Configure security profiles to neutralize threats and misuse, including viruses, torrents, and inappropriate websites. Apply application control techniques to monitor and control network applications that might use standard or non-standard protocols and ports. Fight hacking and denial of service (DoS). Defend against data leaks by identifying files with sensitive data, and block them from leaving your private network. Offer an SSL VPN for secure access to your private network. Implement a dial-up IPsec VPN tunnel between FortiGate and FortiClient. Collect and interpret log entries. In this three-day course, you will learn how to use basic FortiGate features, including security profiles. Course Outline Module 1. Introduction to FortiGate and the Security Fabric Module 2. Firewall Policies Module 3. Network Address Translation (NAT) Module 4. Firewall Authentication Module 5. Logging and Monitoring Module 6. Certificate Operations Module 7. Web Filtering Module 8. Application Control Module 9. Antivirus Module 10. Intrusion Prevention and Denial of Service Module 11. SSL VPN Module 12. Dial-Up IPsec VPN Module 13. Data Leak Prevention (DLP)

Duration 4 Days 24 CPD hours This course is intended for This is an intermediate-level programming course, designed for experienced .Net developers who wish to get up and running on developing well defended software applications. Real world programming experience with .Net is required. Overview Students who attend Attacking and Securing .Net Web Applications will leave the course armed with the skills required to recognize actual and potential software vulnerabilities and implement defenses for those vulnerabilities. This course begins by developing the skills required to fingerprint a web application and then scan it for vulnerabilities and bugs. Practical labs using current tools and techniques provide students with the experience needed to begin testing their own applications. Students also gain a deeper understanding of how attackers probe applications to understand the runtime environment as well as find potential weaknesses. This course the introduces developers to the most common security vulnerabilities faced by web applications today. Each vulnerability is examined from a .Net perspective through a process of describing the threat and attack mechanisms, recognizing associated vulnerabilities, and, finally, designing, implementing effective defenses. Practical labs reinforce these concepts with real vulnerabilities and attacks. Students are then challenged to design and implement the layered defenses they will need in defending their own applications. There is an emphasis on the underlying vulnerability patterns since the technologies, use cases, and methods of attack as constantly changing. The patterns remain the same through all the change and flux. This 'skills-centric' course is about 50% hands-on lab and 50% lecture, designed to train attendees in secure web application development, coding and design, coupling the most current, effective techniques with the soundest industry practices. Our instructors and mentors are highly experienced practitioners who bring years of current 'on-the-job' experience into every classroom. This lab-intensive course provides hands-on .Net security training that offers a unique look at .Net application security. Beginning with penetration testing and hunting for bugs in .Net web applications, you thoroughly examine best practices for defensively coding web applications, covering all the OWASP Top Ten as well as several additional prominent vulnerabilities. You will repeatedly attack and then defend various assets associated with fully functional web applications and services, driving home the mechanics of how to secure .Net web applications in the most practical of terms. Bug Hunting Foundation Why Hunt Bugs? Safe and Appropriate Bug Hunting/Hacking Scanning Web Applications Scanning Applications Overview Moving Forward from Hunting Bugs Removing Bugs Foundation for Securing Applications Principles of Information Security Bug Stomping 101 Unvalidated Data Injection Broken Authentication Sensitive Data Exposure XML External Entities (XXE) Broken Access Control Bug Stomping 102 Security Misconfiguration Cross Site Scripting (XSS) Deserialization/Vulnerable Components Insufficient Logging and Monitoring Spoofing, CSRF, and Redirects Moving Forward with Application Security Applications: What Next? .NET Issues and Best Practices Making Application Security Real Time Permitting Topics Cryptography Overview .NET Cryptographic Services

Duration 3 Days 18 CPD hours This course is intended for This class is intended for the following job roles: [Cloud] information security analysts, architects, and engineers Information security/cybersecurity specialists Cloud infrastructure architects Additionally, the course is intended for Google and partner field personnel who work with customers in those job roles. The course should also be useful to developers of cloud applications Overview This course teaches participants the following skills: Understanding the Google approach to security Managing administrative identities using Cloud Identity. Implementing least privilege administrative access using Google Cloud Resource Manager, Cloud IAM. Implementing IP traffic controls using VPC firewalls and Cloud Armor Implementing Identity Aware Proxy Analyzing changes to the configuration or metadata of resources with GCP audit logs Scanning for and redact sensitive data with the Data Loss Prevention API Scanning a GCP deployment with Forseti Remediating important types of vulnerabilities, especially in public access to data and VMs This course gives participants broad study of security controls and techniques on Google Cloud Platform. Through lectures, demonstrations, and hands-on labs, participants explore and deploy the components of a secure Google Cloud solution. Participants also learn mitigation techniques for attacks at many points in a Google Cloud-based infrastructure, including Distributed Denial-of-Service attacks, phishing attacks, and threats involving content classification and use. Foundations of GCP Security Google Cloud's approach to security The shared security responsibility model Threats mitigated by Google and by GCP Access Transparency Cloud Identity Cloud Identity Syncing with Microsoft Active Directory Choosing between Google authentication and SAML-based SSO GCP best practices Identity and Access Management GCP Resource Manager: projects, folders, and organizations GCP IAM roles, including custom roles GCP IAM policies, including organization policies GCP IAM best practices Configuring Google Virtual Private Cloud for Isolation and Security Configuring VPC firewalls (both ingress and egress rules) Load balancing and SSL policies Private Google API access SSL proxy use Best practices for structuring VPC networks Best security practices for VPNs Security considerations for interconnect and peering options Available security products from partners Monitoring, Logging, Auditing, and Scanning Stackdriver monitoring and logging VPC flow logs Cloud audit logging Deploying and Using Forseti Securing Compute Engine: techniques and best practices Compute Engine service accounts, default and customer-defined IAM roles for VMs API scopes for VMs Managing SSH keys for Linux VMs Managing RDP logins for Windows VMs Organization policy controls: trusted images, public IP address, disabling serial port Encrypting VM images with customer-managed encryption keys and with customer-supplied encryption keys Finding and remediating public access to VMs VM best practices Encrypting VM disks with customer-supplied encryption keys Securing cloud data: techniques and best practices Cloud Storage and IAM permissions Cloud Storage and ACLs Auditing cloud data, including finding and remediating publicly accessible data Signed Cloud Storage URLs Signed policy documents Encrypting Cloud Storage objects with customer-managed encryption keys and with customer-supplied encryption keys Best practices, including deleting archived versions of objects after key rotation BigQuery authorized views BigQuery IAM roles Best practices, including preferring IAM permissions over ACLs Protecting against Distributed Denial of Service Attacks: techniques and best practices How DDoS attacks work Mitigations: GCLB, Cloud CDN, autoscaling, VPC ingress and egress firewalls, Cloud Armor Types of complementary partner products Application Security: techniques and best practices Types of application security vulnerabilities DoS protections in App Engine and Cloud Functions Cloud Security Scanner Threat: Identity and Oauth phishing Identity Aware Proxy Content-related vulnerabilities: techniques and best practices Threat: Ransomware Mitigations: Backups, IAM, Data Loss Prevention API Threats: Data misuse, privacy violations, sensitive/restricted/unacceptable content Mitigations: Classifying content using Cloud ML APIs; scanning and redacting data using Data Loss Prevention API Additional course details: Nexus Humans Security in Google Cloud training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the Security in Google Cloud course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 3 Days 18 CPD hours This course is intended for Java Developers with a minimum of 2 years of experience and individuals who want to become application security engineers/analysts/testers Individuals involved in the role of developing, testing, managing, or protecting wide area of applications. Overview In-depth understanding of secure SDLC and secure SDLC models Knowledge of OWASP Top 10, threat modelling, SAST and DAST Capturing security requirements of an application in development Defining, maintaining, and enforcing application security best practices The Certified Application Security Engineer (CASE) training and certification program provides a comprehensive application security approach which encompasses security activities involved in all the phases of Software Development Lifecycle (SDLC). Understanding Application Security, Threats, and AttacksSecurity Requirements GatheringSecure Application Design and ArchitectureSecure Coding Practices for Input ValidationSecure Coding Practices for Authentication and AuthorizationSecure Coding Practices for CryptographySecure Coding Practices for Session ManagementSecure Coding Practices for Error HandlingStatic and Dynamic Application Security Testing (SAST & DAST)Secure Deployment and Maintenance