Information Assurance (STIG) Overview

The Information Assurance (STIG) Overview is a comprehensive two-day course that delves into the realm of Information Assurance, empowering you to enhance your cybersecurity skills, understand the essentials of STIGs, and discover cutting-edge web application security practices. This immersive experience is tailored for IT professionals, developers, project teams, technical leads, project managers, testing/QA personnel, and other key stakeholders who seek to expand their knowledge and expertise in the evolving cybersecurity landscape. The course focuses on the intricacies of best practices for design, implementation, and deployment, inspired by the diverse and powerful STIGs, ultimately helping participants become more proficient in application security.

The first half of the course covers the foundations of DISA's Security Technical Implementation Guides (STIGs) and learn the ethical approach to bug hunting, while exploring the language of cybersecurity and dissecting real-life case studies. Our expert instructors will guide you through the importance of respecting privacy, working with bug bounty programs, and avoiding common mistakes in the field.

The next half delves into the core principles of information security and application protection, as you learn how to identify and mitigate authentication failures, SQL injections, and cryptographic vulnerabilities. You’ll gain experience with STIG walkthroughs and discover the crucial steps for securing web applications.

Throughout the course, you'll also explore the fundamentals of application security and development, including checklists, common practices, and secure development lifecycle (SDL) processes. You’ll learn from recent incidents and acquire actionable strategies to strengthen your project teams and IT organizations. You'll also have the opportunity to explore asset analysis and design review methodologies to ensure your organization is prepared to face future cybersecurity challenges.

Course Overview

Overall Proficiency Level

1 - Basic

Course Prerequisites

Basic understanding of information security concepts and terminology.
Familiarity with web application architecture and development.
Knowledge of networking and web protocols (e.g., HTTP, HTTPS, TCP/IP).
Experience with programming languages commonly used in web application development, such as JavaScript, Python, Java, or C# would be helpful but not required, as this is not a hands-on class.
A general understanding of operating systems, databases, and web servers.

Training Purpose

Management Development

Skill Development

Specific Audience

All

Delivery Method

Classroom

Online, Instructor-Led

Course Locations

8890 McGaw Road
Suite 200
Columbia, MD 21045

625 W Adams Street
Chicago, IL 60661

5908 Headquarters Drive
Suite 400
Plano, TX 75024

201 N Franklin St
Floor 37
Tampa, FL 33602

40 E. Rio Salado Parkway
Suite 200
Tempe, AZ 85281

Course Location Map

Your Location
Providers
Courses
Course and Provider Quantity

Classroom
Online, Instructor-Led

Learning Objectives

Concepts and terminology behind defensive coding
Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets
Entire spectrum of threats and attacks that take place against software applications in today’s world
Role that static code reviews and dynamic application testing to uncover vulnerabilities in applications
Vulnerabilities of programming languages as well as how to harden installations
Basics of Cryptography and Encryption and where they fit in the overall security picture
Requirements and best practices for program management as specified in the STIGS
Processes and measures associated with the Secure Software Development (SSD)
Basics of security testing and planning

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Competency Areas

Work Roles

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.

Last Published Date: September 3, 2024