Secure Software Development
Subject Area
Learning Resources
Learn more by checking out these great sites.
Introduction To Software Exploits
learning-resource
Software vulnerabilities are flaws in program logic that can be leveraged by an attacker to execute arbitrary code on a target system. This class will cover both the identification of software vulnerabilities and the techniques attackers use to exploit them. In addition, current techniques that attempt to remediate the threat of software vulnerability exploitation will be discussed. specific topics covered include: shellcode development, stack overflow exploitation, heap overflow exploitation, static source code analysis, defeating non-executable stack protection.
Visit WebsiteIntroduction To Trusted Computing
learning-resource
This course is an introduction to the fundamental technologies behind Trusted Computing. You will learn what Trusted Platform Modules (TPMs) are and what capabilities they can provide both at an in-depth technical level and in an enterprise context. You will also learn about how other technologies such as the Dynamic Root of Trust for Measurement (DRTM) and virtualization can both take advantage of TPMs and be used to enhance the TPM's capabilities.
Visit WebsiteIntroduction to Secure Coding
learning-resource
The purpose of this course is to provide developers with a short, focused primer related to secure coding. The hope is that each developer will leave the course with a better understanding of how they can improve, from a security perspective, the code that they write. This course provides a look at some of the most prevalent security related coding mistakes made in industry today. Each type of issue is explained in depth including how a malicious user may attack the code, and strategies for avoiding the issues are then reviewed. Knowledge of at least one programming language is required, although the specific programming language is not important as the concepts that will be discussed are language independent. The course will cover many of the weaknesses within the context of a web application, but most of the concepts will apply to all application development.
Visit WebsiteSecure Code Review
learning-resource
This course is designed to help developers bring a secure coding mindset into typical project peer reviews. The course briefly talks about the development lifecycle and the importance of peer reviews in delivering a quality product. How to perform this review is discussed and how to keep secure coding a priority during the review is stressed. A variety of hands-on exercises will address common coding mistakes, what to focus on during a review, and how to manage limited time. Throughout the course, the class will break out into pairs and perform example peer reviews on sample code. Perl will be used for the hands-on exercises; however every attempt will be made to generalize the code such that anyone with an understanding of a coding language will be comfortable.
Visit WebsiteVideo Playlist: Introduction To Software Exploits
learning-resource
A Youtube playlist of the OpenSecurityTraining.info 'Introduction To Software Exploits' course being delivered. Software vulnerabilities are flaws in program logic that can be leveraged by an attacker to execute arbitrary code on a target system. This class will cover both the identification of software vulnerabilities and the techniques attackers use to exploit them. In addition, current techniques that attempt to remediate the threat of software vulnerability exploitation will be discussed. specific topics covered include: shellcode development, stack overflow exploitation, heap overflow exploitation, static source code analysis, defeating non-executable stack protection.
Visit WebsiteVideo Playlist: Introduction To Trusted Computing
learning-resource
A Youtube playlist of the OpenSecurityTraining.info 'Introduction To Trusted Computing' course being delivered. This course is an introduction to the fundamental technologies behind Trusted Computing. You will learn what Trusted Platform Modules (TPMs) are and what capabilities they can provide both at an in-depth technical level and in an enterprise context. You will also learn about how other technologies such as the Dynamic Root of Trust for Measurement (DRTM) and virtualization can both take advantage of TPMs and be used to enhance the TPM's capabilities.
Visit Website