Application Security and Development (STIG) from CDW

Course Overview

Overall Proficiency Level

2 - Intermediate

Course Prerequisites

Familiarity with Java and JEE is required
Real-world programming experience is highly recommended
Ideally students should have approximately 6 months to a year of Java working knowledge.

Training Purpose

Functional Development

Skill Development

Specific Audience

All

Delivery Method

Classroom

Online, Instructor-Led

Course Locations

8890 McGaw Road
Suite 200
Columbia, MD 21045

625 W Adams Street
Chicago, IL 60661

5908 Headquarters Drive
Suite 400
Plano, TX 75024

201 N Franklin St
Floor 37
Tampa, FL 33602

40 E. Rio Salado Parkway
Suite 200
Tempe, AZ 85281

Course Location Map

Your Location
Providers
Courses
Course and Provider Quantity

Classroom
Online, Instructor-Led

Learning Objectives

Understand potential sources for untrusted data
Understand the consequences for not properly handling untrusted data such as denial of service, cross-site scripting, and injections
To test web applications with various attack techniques to determine the existence of and effectiveness of layered defenses
Prevent and defend the many potential vulnerabilities associated with untrusted data
Understand the vulnerabilities of associated with authentication and authorization
To detect, attack, and implement defenses for authentication and authorization functionality and services
Understand the dangers and mechanisms behind Cross-Site Scripting (XSS) and Injection attacks
To detect, attack, and implement defenses against XSS and Injection attacks
Understand the concepts and terminology behind defensive, secure, coding
Understand the use of Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets
Perform both static code reviews and dynamic application testing to uncover vulnerabilities in Java-based web applications
Design and develop strong, robust authentication and authorization implementations within the context of JEE
Understand the fundamentals of XML Digital Signature and XML Encryption as well as how they are used within the web services arena
To detect, attack, and implement defenses for both RESTful and SOAP-based web services and functionality
Understand techniques and measures that can used to harden web and application servers as well as other components in your infrastructure
Understand and implement the processes and measures associated with the Secure Software Development (SSD)
Acquire the skills, tools, and best practices for design and code reviews as well as testing initiatives
Understand the basics of security testing and planning
Work through a comprehensive testing plan for recognized vulnerabilities and weaknesses

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Application Security and Development (STIG)

Course Overview

Learning Objectives

Framework Connections

Competency Areas

Work Roles

Feedback