TRAINING CURRICULUM 2017 Q2

Similar documents
SECURITY TRAINING SECURITY TRAINING

Application. Security. on line training. Academy. by Appsec Labs

Security Awareness, Training and Education Catalog

Security Communications and Awareness

Instructor-led Training Course Catalog

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:

Securing Applications in C/C++

90% of data breaches are caused by software vulnerabilities.

Training Program Catalog SECURITY INNOVATION

Security Communications and Awareness

E-guide Getting your CISSP Certification

Improving Security in the Application Development Life-cycle

FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY

DXC Security Training

Cybersecurity Education Catalog

.NET JAVA C ASE. Certified. Certified. Application Security Engineer.

IoT & SCADA Cyber Security Services

itsm003 v.3.0 NISTCSF.COM NICE Training Curriculum & Workforce Planning Program

Taking Control of Your Application Security

Table of Contents Computer Based Training - Security Awareness - General Staff AWA 007 AWA 008 AWA 009 AWA 010 AWA 012 AWA 013 AWA 014 AWA 015

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

CSWAE Certified Secure Web Application Engineer

Ingram Micro Cyber Security Portfolio

Manchester Metropolitan University Information Security Strategy

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

EU General Data Protection Regulation (GDPR) Achieving compliance

Secure Development Lifecycle

SY

OWASP Top 10 The Ten Most Critical Web Application Security Risks

E-guide CISSP Prep: 4 Steps to Achieve Your Certification

itsm003 v.3.0 DxCERTS IT & NIST Cybersecurity Digital Transformation (Dx) Enterprise Training Curriculum

You Can Click at the enclosed Link to check out AATP Authorization:

NISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

NISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions

Developing Secure Applications with OWASP OWASP. The OWASP Foundation Martin Knobloch

Certified Ethical Hacker V9

Certified Information Security Manager (CISM) Course Overview

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

COURSE BROCHURE CISA TRAINING

Penetration testing.

Certified Cyber Security Specialist

Advanced Security Tester Course Outline

OWASP CISO Survey Report 2015 Tactical Insights for Managers

THE ART OF SECURING 100 PRODUCTS. Nir

RiskSense Attack Surface Validation for Web Applications

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

Associate in Science and Bachelor of Science in Information Technology

CYBER SECURITY TRAINING

Building Secure Systems

State of Software Security Report Volume 2. Jeff Ennis, CEH Solutions Architect Veracode

CISA Training.

itsm003 v.3.0 NISTCSF.COM Role-Based IT & NIST Cybersecurity Curriculum Solutions

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:

CLOUD COMPUTING SECURITY THE SOFT SPOT Security by Application Development Quality Assurance

TEL2813/IS2820 Security Management

Will your application be secure enough when Robots produce code for you?

itsm003 v.3.0 DxCERTS IT & NIST Cybersecurity Workforce Development Training Curriculum & Management Program

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Building the Cybersecurity Workforce. November 2017

CyberVista Certify cybervista.net

C T I A CERTIFIED THREAT INTELLIGENCE ANALYST. EC-Council PROGRAM BROCHURE. Certified Threat Intelligence Analyst 1. Certified

ITIL Managing Across the Lifecycle Course

Descriptions for CIS Classes (Fall 2017)

"Charting the Course to Your Success!" Securing.Net Web Applications Lifecycle Course Summary

Security Solutions. Overview. Business Needs

National Initiative for Cyber Education (NICE) and the Cybersecurity Workforce Framework: Attract and Retain the Best in InfoSec.

Certified Secure Web Application Engineer

A company built on security

10 Considerations for a Cloud Procurement. March 2017

ITSY 2330 Intrusion Detection Course Syllabus

Continuously Discover and Eliminate Security Risk in Production Apps

Introduction to Device Trust Architecture

CLOUD GOVERNANCE SPECIALIST Certification

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

BACHELOR OF SCIENCE IN INFORMATION TECHNOLOGY

Project Management Professional (PMP) Exam Preparation elearning Course

(CNS-301) Citrix NetScaler 11 Advance Implementation

CCNA Cybersecurity Operations. Program Overview

PND at a glance: The World s Premier Online Practical Network Defense course. Self-paced, online, flexible access

Suman Sourav Director DevSecOps, Vantage Point Security. OWASP Indonesia Day 2017

Bachelor of Science in Business Administration - Information Systems and Technology Major

ITIL Intermediate: Operational Support and Analysis Lesson Plan

Managed Application Security trends and best practices in application security

Embedding GDPR into the SDLC

Twilio cloud communications SECURITY

Security Management Models And Practices Feb 5, 2008

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

Sage Data Security Services Directory

ITIL 2011 Intermediate Capability Operational Support and Analysis (OSA) Course Outline

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

Education Brochure. Education. Accelerate your path to business discovery. qlik.com

Product Security Program

FULL STACK FLEX PROGRAM

Web Application Penetration Testing

NCSF Foundation Certification

Practitioner Certificate in Business Continuity Management (PCBCM) Course Description. 10 th December, 2015 Version 2.0

Cyber Security Program

The Business Case for Security in the SDLC

Web Applications Part 1 The Weak Link in Information Security Your Last Line of Defense

Transcription:

TRAINING CURRICULUM 2017 Q2

Index 3 Why Security Compass? 4 Discover Role Based Training 6 SSP Suites 7 CSSLP Training 8 Course Catalogue 14 What Can We Do For You?

Why Security Compass? Role-Based Training Security Compass provides AppSec focused Training for Developers, Architects, QA, and PM. Theses suites can be tailored to meet your needs. Certificate Security Compass has been selected as the software security training partner of (ISC)². Students have the opportunity to gain an industry recognized certificate, while organizations have the ability to demonstrate their AppSec robustness. Modular Bite-sized modules work around your students busy schedules. They can track their progress to record what they learned and how many more steps to completion. Interactive Experience the most personable teachings. Stimulate the mind with the most relevant and up-to-date material. Adaptive Whether your students are beginners or experts, they can study at their own pace. Our smart learning allows them to skip ahead to the quiz or slow down and focus on key topics. COPYRIGHT 2017. SECURITY COMPASS. 3

Discover Role-Based Training The Secure Software Practitioner Suites are a series of on-demand learning courses that teach foundational elements of software security and language-specific secure coding. Each suite caters to your specific role, breaking down the learning so users efficiently learn only what they need. At the conclusion of the course, users will validate their skills by passing a certificate exam. Brought to you by: J Java Suite The Java suite covers Java development including fundamental coding concepts, design and implementation. Understand J2EE vulnerabilities common to the OWASP top, and see how these vulnerabilities affect Java web applications. OWASP Top 2013 Secure Software Coding Defending Java.NET.NET Suite The.NET suite is designed to help students learn how to make secure software. Learn.NET 4.5 vulnerabilities common to the OWASP Top and see how these vulnerabilities affect.net applications. Learn defensive coding techniques that can be directly applied to your organization. OWASP Top 2013 Secure Software Coding Defending.NET PHP PHP Suite The PHP suite informs students of PHP vulnerabilities common to the OWASP Top. Students will learn secure coding defenses and techniques for each vulnerability. OWASP Top 2013 Secure Software Coding Defending PHP C++ C++ Suite The C++ suite presents common vulnerabilities in C/C++ software. Students will learn about safe memory management, insecure functions and how to defend against buffer overflow security concerns in unmanaged languages. OWASP Top 2013 Secure Software Coding Defending C++ COPYRIGHT 2017. SECURITY COMPASS. 4

IOS ios Suite The ios suite teaches students secure ios coding techniques to defend against vulnerabilities such as insecure data storage, weak server side controls, lack of binary protections and more. OWASP Top 2013 Secure Software Coding Defending ios A Android Suite The Android suite teaches secure coding concepts for Android applications. This includes secure Android coding techniques to defend against vulnerabilities such as insecure data storage, weak server side controls, lack of binary protections and more. OWASP Top 2013 Secure Software Coding Defending Android SA Security Architect Suite The Architect suite teaches students the key techniques to reducing risk in the development lifecycle by understanding how to correctly identify threats. Secure Software Requirements OWASP Top 2013 Software Acceptance Threat Model Express QA QA Suite The Q/A suite provides students with the ability to analyzes code and understand the principles of secure testing and testing software from a security perspective. OWASP Top 2013 Secure Software Testing Software Acceptance PM Project Manager Suite The Project Manager suite analyzes the full development lifecycle, depicting secure coding, requirements and design. Students will have the ability to define important security criteria to allow software to be promoted to release. Secure Software Requirements Software Acceptance Supply Chain Risk G General Suite The General Suite provides students with fundamental security education, that they can directly apply to their position. Students will learn the most prevalent web application security issues by OWASP and will have a full understanding of PCI-DSS requirement 12.6.1. Security Awarness PCI Compliance OWASP Top COPYRIGHT 2017. SECURITY COMPASS. 5

SECURE SOFTWARE PRACTITIONER SUITES CERTIFIED SECURE SOFTWARE LIFECYCLE PROFESSIONAL JAVA.NET PHP C++ ios AND. SA QA P. MGR GEN CSSLP Secure Software Requirements OWASP Top } } } } } } } Secure Software Coding Secure Software Testing Software Acceptance Software Development, Operation, Maintenance & Disposal Supply Chain Risk Defending Mobile Security Awareness J.NET PHP C++ IOS A SA QA PM G Defending Series Defending Java Defending.NET Defending PHP Defending C++ Defending ios Defending Android Threat Model Express Request a demo training@securitycompass.com

CSSLP Training Following completion of CSSLP elearning, candidates will understand how to reduce the costs of security vulnerabilities throughout all phases of the software development lifecycle. We offer exam certification in our Training Package with included CSSLP courseware. 8 Domains of SDLC Training Domain 1 - Concepts of secure software Principle of security design Privacy Governance, risk and compliance Methodologies of software development Domain 1 Summary Quiz Domain 2 - Secure Software Requirements Policy decomposition Classification and categorization Functional requirements Operational security Domain 2 Summary Quiz Domain 3 - Design Considerations Security Design Principles The Design Process & Threat Modeling Securing Common Technologies Domain 3 Summary Quiz Domain 4 - Secure Software Coding Programming Languages Common Software Vulnerabilities The Design Process & Threat Modeling Secure Software Processes Domain 4 Summary Quiz Domain 5 - Secure Software Testing Components to testing Testing for security and quality assurance Resiliency and reporting Domain 5 Summary Quiz Domain 6 - Software Acceptance Criteria for software acceptance Verification and validation Domain 6 Summary Quiz Domain 7 - Software Deployment, Operation, Maintenance & Disposal Installation and deployment Monitoring and incident response Software disposal Domain 7 Summary Quiz Domain 8 - Supply Chain And Software Acquisition Supplier Risk Assessment Intellectual Property And Legal Compliance Supplier Sourcing Software Development & Test Software Delivery, Operations & Maintenance Supplier Transitioning Domain 8 Summary Quiz COPYRIGHT 2017. SECURITY COMPASS. 7

Course Catalogue Our focus is on Application Security. We aim to provide business relevant security courses to help your staff champion security and defend your organization s most valuable software.

General Awareness # Course Description Time Audience SAW1 Security Awareness Understand common security issues faced around the office environment which includes items such as managing e-mail, passwords, mobile devices, and more. 60 mins General Staff SAW2 Security Awareness PCI Compliance Understand payment card compliance including the data security standard and how it affects organizations who manage or process credit card data. This lesson meets PCI-DSS requirement 12.6.1. mins General Staff APP1 *NEW Application Security Fundamentals Build a solid understanding of the core concepts of application security. Learn about trending AppSec topics, and discover how AppSec fits into the bigger picture of InfoSec as a whole. General Staff SEC1 OWASP Top Understand the top most prevalent web application security issues in 2013 as defined by OWASP. Students will understand each vulnerability and best practices to defending these risks. This course meets PCI compliance requirement 6.5a. General Staff SEC202 Threat Model Express Students will learn about the attacks that their apps may face and then an informal approach to threat modeling. They will first learn the steps in executing a TME, and then they will engage in a guided fictional exercise. Architect CSSLP # Course Description Time Audience CSP1 Secure Software Concepts Students will understand the fundamentals to creating secure code and basic concepts to secure development. This includes the importance of secure design and understanding regulations such as privacy, governance and compliance. CSP2 Secure Software Requirements Gathering the correct requirements to build secure software is one of the more difficult aspects to ascertain. Students will understand key techniques to reducing risk in the SDLC by understanding how to correctly identify requirements. 50 mins Developers

CSSLP # Course Description Time Audience CSP3 Secure Software Design Understand the considerations and compromises that must be made when it comes to designing secure software. Students will learn about techniques to design secure software such as Threat Modeling and best practices to securing third party technologies that are often associated with modern software. 85 mins Developers CSP4 Secure Software Coding Understand the considerations and compromises that must be made when it comes to designing secure software. Students will learn about techniques to design secure software such as Threat Modeling and best practices to securing third party technologies that are often associated with modern software. 40 mins Developers CSP5 Secure Software Testing Understand the principles to secure testing and testing software from a security perspective. Students will understand the fundamentals to setting up testing frameworks to promote software resiliency. 40 mins Developers CSP6 Software Acceptance Understand how to generate criteria for software acceptance. The focus will be acceptance from a security standpoint and how students can define important security criteria being allowing software to be promoted to release. 25 mins Developers CSP7 Software Operations Maintenance and Disposal Understand from an infrastructure perspective, steps to ensure software is secure upon deployment and operation. Students will learn how to monitor software and define procedures to dispose and support software for end-of-life scenarios. 35 mins Developers CSP8 Supply Chain and Software Acquisition Understand how to identify risks when sourcing software from the supply chain. Students will learn about risk management, protecting intellectual property, procurement and best practices when outsourcing software to suppliers. 80 mins Developers

Secure Coding # Course Description Time Audience JAV201 Defending Java Understand J2EE vulnerabilities common to the OWASP top, and see how these vulnerabilities affect Java web applications. Students will learn secure coding defenses for each vulnerability. NET201 Defending.NET Understand.NET 4.5 vulnerabilities common to the OWASP top, and see how these vulnerabilities affect.net web applications. Students will learn secure coding defenses for each vulnerability. CPP202 Defending ASP *NEW.NET Core in C# This course covers secure application development using C# in ASP.NET Core. Students will learn about software vulnerabilities and how hackers exploit them, followed by techniques for coding to defend against a variety of attacks. 80 mins Developers PHP201 Defending PHP Understand PHP5 vulnerabilities common to the OWASP top, and see how these vulnerabilities affect PHP web applications. Students will learn secure coding defenses for each vulnerability. CPP201 Defending C Understand desktop software vulnerabilities when it comes to creating software in C/C++. Students will learn about safe memory management, insecure functions and how to defend against buffer overflow security concerns from unmanaged languages. 50 mins Developers HTM201 Defending HTML5 Learn about HTML standards designed to defend against vulnerable JavaScript, AJAX, JSON and iframes. Students learn the new technologies available in HTML5 to safely perform cross-domain requests as well as the use of offline storage, cross-origin resource sharing (CORS), cross-domain messaging (CDM), and iframe sandboxing. Students gain a defensive understanding of the business risks to HTML5 mash-ups. SEC201 Defending Web Application s Understand web application vulnerabilities typically seen during security testing such as brute force attacks, session management concerns, encryption and more. These aspects although not directly part of the OWASP Top, are important to know as they can still lead to security vulnerabilities.

Secure Coding # Course Description Time Audience DJA1 *NEW Defending Django Learn about Django s built-in security features and other layers of protection to your app. Learn how to set up your projects securely to prevent attacks at run-time and how to secure the admin console. You will also learn how to identify secure and insecure practices to protect your application against common attacks. 40 mins Developers NOD1 Defending Node.JS *NEW Understand the security risks when developing and deploying applications in Node.js. Implement defensive coding techniques and configurations to support secure coding for Node.js. Mobile Security # Course Description Time Audience MOB1 Defending Mobile In this code-agnostic course, students will understand the risks to creating mobile applications. Students will learn how hackers attack mobile apps through data is stored on the device, data transmitted in the cloud and data in memory. They will learn best practices to securing mobile apps for any mobile operating system. IOS201 Defending ios Students will learn secure coding concepts for the OWASP Mobile Top, for ios apps. This includes understanding the business risks when creating mobile applications and secure ios coding techniques to defend against vulnerabilities such as insecure data storage, weak server side controls, lack of binary protections and more. 90 mins Developers AND201 Defending Android Understand secure coding concepts for the OWASP Mobile Top, for Android apps. Learn the business risks when creating mobile applications and secure Android coding techniques to defend against vulnerabilities such as insecure data storage, weak server side controls, lack of binary protections and more. 90 mins Developers

Coming Soon # Course Description JAV301 Defending JSP Learn how to defend your Java web apps against attacks. Using code samples from Java Server Pages, this course covers a variety of techniques for securing against such vulnerabilities as SQL injection, cross-site scripting/request forgery, man-in-the-middle attacks and more. CLO1 Secure Cloud Development Coming Soon DAT1 Secure Database Development Coming Soon

What Can We Do For You? We understand application security. We breathe it. We strive to provide you with the best training for your teams. Our experience helping customers research and manage security risks allows us to embed our training material with the latest threats and vulnerabilities. It means that your staff is ready to respond with forward thinking concepts to securing your most sensitive applications - all tailored to you. Reach out to Security Compass advisors who can help. training@securitycompass.com www.securitycompass.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback