rozšířené vyhledávání
Máte nějaké otázky?
+420 731 175 867 (Po-Pá: 09-17hod.)
CZ
0 Košík

Certified Security Champion (CSC)

Kód kurzu: CSC

The students master application security, OWASP Top 10 basics, and secure coding practices. You’ll identify and fix code vulnerabilities using CI/CD tools to strengthen pipeline security and bolster organizational defense.

Course Inclusions:

  • Course Manual
  • 3 Years of Course Videos and Checklists
  • Access to a dedicated Mattermost channel
  • 40+ Guided Exercises
  • Earn 24 CPE Points on course completion
  • 30 days of Browser-based Lab Access
  • One exam attempt for the Certified Security Champion certification
11 750 Kč

14 218 Kč s DPH

Výběr termínů
onas
Máte dotaz?
+420 731 175 867 edu@edutrainings.cz

Odborní
certifikovaní lektoři

Mezinárodně
uznávané certifikace

Široká nabídka technických
a soft skills kurzů

Zobrazit soft skills kurzy

Skvělý zákaznický
servis

Přizpůsobení kurzů
přesně na míru

Termíny kurzu

Počáteční datum: Na vyžádání

Forma: E-learning

Délka kurzu: 30 dnů

Jazyk: en

Cena bez DPH: 11 750 Kč

Registrovat

Počáteční
datum		 Místo
konání		 Forma Délka
kurzu		 Jazyk Cena bez DPH
Na vyžádání E-learning 30 dnů en 11 750 Kč Registrovat
G Garantovaný kurz

Nenašli jste vhodný termín?

Napište nám o vypsání alternativního termínu na míru.

Kontakt

Popis kurzu

Upon successful completion of this course, students will be able to:

  • Building solid foundations that are required to understand the application security landscape.
  • Building foundational knowledge required to work with infrastructure security.
  • Understanding the wide range of skills and abilities that are required to be a security champion.
  • Embedding security while creating, running, and maintaining modern applications.
  • Gaining abilities to apply practical application security skills in a real-world environment.
  • Gaining skills and knowledge to liaise with security and other departments to make everyone responsible for the security.
  • Gaining analytical abilities to observe and advise various security controls, and solutions to secure DevOps.
  • Understanding the fundamentals of assessing and managing risks.

Struktura kurzu

Chapter 1: AppSec Basics

  • Introduction to Application Security.
  • HTTP Security basics.
  • Introduction to Burp Suite.
  • OWASP top 10 basics
    • Injection (SQL and other injections).
    • Cross-Site Scripting (XSS).
    • Cross-Site Request Forgery (CSRF) and SSRF.
    • Broken Authentication and Session Management.
    • XML External Entities (XXE).
    • Insecure Direct Object Reference (IDOR).
    • Security Misconfiguration.
    • Unvalidated Requests and Forwards.
  • Hands-on labs
    • SQL Injection.
    • XSS and CSRF.
    • SSRF.
    • Local File Inclusion (LFI) and File Upload issues.

Chapter 2: Secure Code Review

  • What is Secure Code Review?
  • How to approach Secure code review.
  • Tools of the trade.
  • Reviewing the code from a security perspective
    • Input and output validation.
    • Authentication issues.
    • Authorization issues.
    • Security Misconfigurations.
  • Hands-on labs
    • Input validation using industry best practices.
    • Output encoding to prevent client-side attacks like XSS.
    • Bruteforce attacks and secret questions.
    • Information leakage with password reset workflows.
    • Best practices in implementing role-based access control.
    • Risks with unvalidated redirects and forwards.

Chapter 3: Primer on Risk Management

  • Introduction to Risk management.
  • Risk Assessment.
  • Risk Calculation.
  • Risk Treatment
    • How to mitigate risks.
    • How to avoid risks.
    • How to transfer risks.
    • How to accept risks.
  • Plan, design, and implement a risk-management process.
  • Understand the current threat landscape.
  • Continuously improve security systems to reduce risk exposure.
  • Ensure business continuity while reducing the risks to the organization.

Chapter 4: Threat Modeling

  • What is Threat Modelling?
  • Risk Management vs. Threat modeling.
  • STRIDE vs. DREAD approaches.
  • Threat Modeling Process and its challenges
    • Decompose the application.
    • Identify the Threats.
    • Document and rate the threats, and risks.
    • DDesign and create defenses.
  • Classical Threat modeling tools and how they fit in CI/CD pipeline.
  • Hands-On Labs:
    • Automate security requirements as code.
    • Using ThreatSpec to achieve Threat Modelling as Code.

Chapter 5: DevSecOps Basics

  • DevOps Building Blocks – People, Process, and Technology.
  • DevOps Principles – Culture, Automation, Measurement and Sharing (CAMS).
  • Benefits of DevOps – Speed, Reliability, Availability, Scalability, Automation, Cost, and Visibility.
  • Overview of the DevSecOps critical toolchain
    • Repository management tools.
    • Continuous Integration and Continuous Deployment tools.
    • Infrastructure as Code (IaC) tools.
    • Communication and sharing tools.
    • Security as Code (SaC) tools.
  • Common Challenges faced when using the DevOps principles.
  • Secure SDLC
    • Overview of secure SDLC and CI/CD.
    • Review of security activities in secure SDLC.
    • Continuous Integration and Continuous Deployment.
  • Hands-On Labs:
    • How to embed SCA tool into CI/CD pipeline.
    • How to embed SAST tool into CI/CD pipeline.

Chapter 6: Infrastructure as Code and Its Security

  • Infrastructure as Code and its benefits.
  • Platform + Infrastructure Definition + Configuration Management.
  • Introduction to Ansible.
  • Benefits of Ansible.
  • Push and Pull based configuration management systems.
  • Modules, tasks, roles, and Playbooks.
  • Tools and Services that help to achieve IaC.
  • Hands-On Labs:
    • Docker and Ansible.
    • Using Ansible to create Golden images and harden Infrastructure.

Chapter 7: Agile Communications, Collaboration, and Soft Skills

  • The need for Agile communication and collaboration.
  • How to handle conflicting priorities among teams.
  • How to work security teams to find common ground.
  • Holding people accountable for security.
  • Staying empathetic and assertive.
  • Plan, design, and implement processes to resolve any issues among the teams.

Předpokládané znalosti

  • Foundational knowledge of software development life cycle.
  • Understanding of developing or testing web applications.

Potřebujete poradit nebo upravit kurz na míru?

onas

produktová podpora

+420 731 175 867

edu@edutrainings.cz

Certifikace

After completing the course, you can schedule the CSC exam on your preferred date.

Platební brána ComGate Logo MasterCard Logo Visa