Security

SAFECode releases free online software security training courses

InformationWeek, February 27, 2014

Courses range from preventing SQL injection to avoiding cross site request forgery

The Software Assurance Forum for Excellence in Code (SAFECode), a non-profit organization working to increase trust in technology products and services through the advancement of effective software assurance methods, today announced that it has released new software security training courses as part of its online Security Engineering Training by SAFECode program.

Security Engineering Training by SAFECode is an online community resource offering free security training courses delivered via on-demand webcasts. Covering issues from preventing SQL injection to avoiding cross site request forgery, the courses are designed to be used as building blocks for those looking to create an in-house training program for their product development teams, as well as individuals interested in enhancing their skills.

New course available for immediate viewing include:

Product Penetration Testing 101: This course provides a foundation for security penetration testing of products. It reviews the important penetration testing concepts and shares insight into common elements of an attacker's mindset.

Cross Site Scripting (XSS) 101: This course provides viewers with a basic understanding of the core concepts behind XSS. It will help viewers recognize where in a web application they may expect to find XSS and provide guidance on preventing and remediating XSS.

Secure Java Programming 101: This course provides a basic introduction to secure coding in Java. Viewers will be introduced to the most frequent attacks and pitfalls that a Java programmer may encounter, along with techniques to avoid them. It is designed to be a starting point for those new to Java security.

In addition, SAFECode will release the following courses in the next six weeks:

Secure Memory Handling in C 101: This course provides an introduction to basic issues in secure coding in C with a focus on secure memory handling. It specifically focuses on issues associated with traditional string (char*) handling, arrays and format strings.

Using Cryptography The Right Way: This course provides an overview of how to use cryptography in a secure way and covers topics such as the uses of hashing and the differences between symmetric and asymmetric encryption. It provides examples of cryptography in action and reinforces the importance of using well-established and accepted cryptography toolkits.

These new Security Engineering Training by SAFECode courses are based on training materials donated to SAFECode by its member companies. A team of technical experts from across the SAFECode membership has reviewed and supplemented all course materials to ensure their broad applicability across diverse development environments.

You can visit SAFECode at https://training.safecode.org

comments powered by Disqus

Subscribe for Newsletter

Stay connected to the best business technology content every week. Subscribe to our daily newsletter now!

Slide Shows

Upcoming Webcast

What the next generation firewall should be!

Cisco invites you to participate in an interesting, informative webinar focused on Cisco’s latest firewall services. This session focuses on enabling you to understand the new capabilities, including Application Visibility and Control (AVC), Intrusion Prevention (IPS), and Web Security Essentials (WSE), to the ASA 5500-X Series demonstrated by Cisco experts. They will take you through the unique traits of Cisco ASA that will help you to be prepared for the advanced challenges. Speakers: Srikanta Prasad, Subject Matter Expert – Security,Cisco Date & Time: October 10, 2014, 3:00pm India Time