Description:
In this 8-video course, explore the basics of secure testing methodologies such as unit, regression, and integration testing. Discover how to work with security metrics and track security bugs. Begin by looking at the concepts of security testing, and the goals of testing. The course offers an overview and a framework with which to conduct security testing. This framework is applicable to any particular approach to testing—whether automated or manual, unit, integration, or regression testing, the same conceptual framework will apply. Then learners move on to secure unit testing, and how to apply it, including how secure testing is done and who should do it. The next tutorial involves secure regression testing, which is, in general, a term for testing after a change has been made, so you will learn how to apply effective and secure regression testing. You will also explore secure integration testing, how to apply it and when and who conducts integration testing. Then discover how to use effective security metrics, and finally, how to effectively track security bugs.
Target Audience:
Duration: 00:29
Description:
In this course, learners will discover how to implement defensive coding techniques such as filtering, resilient code, recoverable code, parameter checking, and validation by examining Java, Python, C#, and Javascript code examples. The tutorials in this 22-video course all entail walking through code samples step by step, so by examining code samples in these diverse languages, learners will become better able to apply these techniques to their own programming projects. Begin by learning how to implement Java filtering; Python filtering; C# filtering, and Javascript filtering. Then move on to implementing Java resilient code; Python resilient code; C# resilient code, and Javascript resilient code. Next, discover how to implement Java recoverable code; Python recoverable code; C# recoverable code, and Javascript recoverable code. This leads learners into implementing Java parameter checking; Python parameter checking; C# parameter checking, and Javascript parameter checking. In the final set of tutorials, you will discover how to implement validation in Java; in Python; in C#, and in Javascript.
Target Audience:
Duration: 01:35
Description:
Learners can explore advanced defensive coding concepts and practices such as session and risk management, assertive programming, and intelligible exceptions in this 6-video course. In the first tutorial, you will examine better ways to carry out secure session management, which is particularly pertinent for those that work on e-commerce sites or web programming. You will then move on to a study of risk management; risk is unfortunately a part of every project, including programming. Everyone would like to reduce risk to a zero level, but that is simply not realistic, so risk must be analyzed and quantified, to bring it down to a level that is acceptable and manageable. In this tutorial, you will therefore observe how to define risk management and learn how to apply risk management to software projects. Next, you will learn about assertive programming, take an overview and discover how to implement assertions. The final tutorial in this course covers intelligible exceptions, and learning how to implement meaningful and actionable exception handling.
Target Audience:
Duration: 00:19
Description:
This 8-video course helps learners explore the basics of programming cryptography, cryptography types, and applications, and also examines encryption implementation code examples. In the first of two tutorials on encryption concepts, you will explore the critical concepts of symmetric versus asymmetric cryptography, and when to use one as opposed to another, by learning the benefits of one over the other. In the second tutorial, learners will continue by examining specific algorithms such as AES, DES, RSA, Diffie-Hellman, and Elliptic Curve, and by looking into the strengths and weaknesses of these particular algorithms. Next, you will take a careful look at the important concepts of confidentiality and integrity, the use of hash codes, message authentication codes, and HMACs (hash message authentication codes). In the final four tutorials in this course, learners will explore specific code samples, where one can see Java cryptography, Python cryptography, C# cryptography, and Javascript cryptography being implemented.
Target Audience:
Duration: 00:31
Description:
In this course, learners discover the importance of exception handling, validation, and parameter checking in programming. Explore how to handle exceptions and apply validation in Java, Python, C#, and Javascript, as well as how to configure component trust and reuse code, in this 17-video course. Begin by learning how to apply exception handling effectively, and then take a look at validation techniques and procedures. Learners will explore reliability, resiliency, and recoverability and how it can be achieved in software engineering. Next, you will look at CDI/UDI (constrained data item/unrestrained data item), why it is important, and how it should be done. You will delve into parameter checking; using Java exception handling; using Python exception handling, and using Javascript exception handling. You will then explore using Java validation; Python validation; C# validation, and Javascript validation. In the final tutorials you will examine component trust, including when and how to achieve trust of components, and learn how to reuse code effectively and defensively.
Target Audience:
Duration: 01:17
Description:
Explore key defensive programming concepts including the Cert Top 10 practices for secure coding, along with other topics covered in this 9-video course. To begin, take a look at the general defense coding concepts, the basic concepts and principles that permeate defensive programming. The next two-part tutorial concerns CERT top 10 secure coding practices: Part A on the first five CERT top 10 secure coding practices—validate input, Heed compiler warnings, Architect and design for security, keep it simple, and the default deny. Part B covers the last five CERT top 10 secure coding practices—adhere to the principles of least privilege, sanitize data sent to other systems, practice defense in depth, use effective quality assurance techniques, and adopt a secure coding standard. This leads learners into learning how to apply defensive coding; using Open Source Security Testing Methodology Manual concepts for secure testing, and applying the Flaw Hypothesis Method. The final tutorial in this course looks at the role of Six Sigma in producing better quality, secure programming.
Target Audience:
Duration: 00:44