• Home
• La Empresa
• Forense Digital
• Recuperacion de Datos
• Seguridad Informatica
• Entrenamiento
• Noticias/News
• Contactenos
• eafit16
• emeaintelligence2012

• Productos Forense Digital
  • DIGITAL INTELLIGENCE
    • Forensic Hardware
      • Forensic Systems
        • Freddie
        • Fred sc
        • Fred And Fred DX
        • Fred SR
        • Fred l
        • Ufred
        • Fredm
      • Forensic Devices
        • Fannie
        • Super Chief
        • Rack A Tacc Decryption
        • Tacc1441 Acelerator
        • Forensic Duplicator
        • Hardcopy 3
        • Hardcopy 2
        • Shadow 2
      • Forensic Write Blockers
        • Ultrakit
        • UB Esata IDE /SATA (RO)
        • UB Esata IDE /SATA (RW)
        • Ultrablock SAS (RO)
        • Ultrablock IDE/SATA (RW)
        • Ultrablock SCSI (RO)
        • Firewire Write Blocker
        • USB Write Blocker
        • Forensic Media Card Reader
      • Accessories
        • Multidrive Adapter
        • Zif Adapter
        • 1.8" Hard Drive Enclosure
        • 2.5" USB3 Sata HD Enclosure
        • 3.5"/2.5" Hard Drive Enclosure
        • Modular Storage System
        • Forensic Archive And Restore
        • Microsata Adapter
        • SATA To IDE Adapter
        • IDE To SATA Adapter
        • USB3 PCIe Controller
        • USB3 External Hub
        • Expresscard USB3 Adapter
        • Expresscard Esata Adapter
        • Expresscard Firewire Adapter
        • 2.5" Laptop HD Adapter
        • 1.8"Laptop HD Adapter
        • Laptop HD Adapter Set
        • SCSI3 To SCSI2 Adapter
        • SCSI3 To SCA Adapter
        • SCSI Adapter Kit
        • Firefly/UB Power Supply Kit
        • Travel Plug Adapter
        • Sata Hard Drive Tray
        • IDE Hard Drive Tray
        • Firewire Cable 9-6 Pin
        • Firewire Cable 9-9 Pin
    • Forensic Software
      • DI Software
        • Drivespy
        • Image
        • Part
        • PD Block
        • PD Wipe
      • Accessdata
        • Forensic Toolkit 3.0
        • Pasword Recovery Toolkit
      • Paraben Forensic Tools
        • Forensic Replicator
        • Chat Examiner
        • Network Email Examiner
        • Email Examiner
        • Device Seizure
      • Hot Papper Technology
        • Email Detective
      • Stepanet Datalifter
        • Forensicware Solution
        • V2.0 Whit File Extractor Pro
        • Net Bonus Tools
        • File Extractor Pro
    • Forensic Training
      • Computer Forensic With Fred
      • Encase Advanced
      • CFFAD
      • CFFXP
      • CFFEN
      • Mobile Devices Forensic
      • Farm
      • Cell Phone Analysis
      • Computer Forensic Essentials
      • Fire
    • Forensic Services
  • PASSWARE
    • Forensic Solutions
      • Passware Kit Forensic
      • Subscription
      • Encryption Analyzer
      • Search Index Examiner
  • PARABEN
    • Products
      • Enterprise Forensics
        • P2 Enterprise
        • P2 ShuttlePro
        • P2 Shuttle Free
      • Mobile Forensics
        • Device Seizure
        • Device Seizure Fiel Kit
        • Deployable Fiel Kit
        • DDS (Deployable Devices Seizure)
        • DS Box
        • Sim Card Seizure
        • Stronghold Bag
        • Stronghold Box
        • Project A Phone
      • Hard Drive Forensics
        • P2 Commander
        • Deployable P2 Commander
        • Email Examiner
        • Network Email Examiner
        • P2 Explorer Pro
        • Forensic Replicator
        • Chat Examiner
        • Passware Kit Forensic
        • Parabens Lockdown
      • Consumer Tools
        • Irecovery Stick
        • Porn Detection Stick
        • Chat Stick
        • Possport Stronghold
        • Simcon
      • Free Software
        • P2 Shuttle Free
        • P2 Explorer Free
        • Link2
      • Bundles
        • P2 Command Kit
        • Devices Seizure Command Kit
        • Device Seizure Fiel Kit
        • Handheld Training Bondle
        • Mobile Lab Kit
    • Services
      • Cell Phone Forensic Consulting
      • Computer Forensic Consulting
      • Expert Testimony
    • Training
      • Cell Phone Forensic Training (PCME)
        • Mobile Level1
        • Mobile Level 2
        • Mobile Level 3
        • PCme Certification
      • P2 Commander Training (PCFE)
        • INTO TO P2 COMMANDER LEVEL 1
        • ADVANCE P2 COMMANDER LEVEL 2
        • PCFE CERTIFICATION LEVEL 3
      • Training Centers
      • Free Webinars
  • MILLE2
    • Training Options
      • live online security training
      • classroom based
      • self paced CBTS
      • Study kits
      • Customized Training
      • Trainig Brochure
    • Courses
      • Back
      • wireless security
        • CWSEngineer
      • Course shedule
      • Course Pricing
      • Guaranteed To Run Classes
      • General Security
        • c) Isso
        • Cissp
        • Cap
        • Sans GSLC-C) SLO
        • Sans Top 20 Security Controls
        • Social Engeneering
        • Security Eseential
        • Security Essentias
        • Iscap
        • Cihe
      • Pen Testing Ethical Hacking
        • Pen Testing Boot Camp
        • C)PTE
        • C)PTC
        • C)PEH
        • Certifield Ethical Hacker
      • Digital Forensics
        • C)DFE-CHFI
      • Other Security Titles
        • ITILv3
        • CISA-info Sys Auditor
    • Secure Coding y Web Apps
      • Secure Web App Engineer
      • C) SCE
    • Disaster Recovery
  • TABLEAU
    • Products
      • Duplicators
      • Forensic Bidges
      • Modular Storage Sistems
      • Hardware Accelerators
      • Sotfware
      • Power Supplies
      • drive adapters
      • Acquisition Accessories
      • Cables y Cables Adapter
  • BELKASOFT
    • Products
      • Belkasoft Evidence Center
        • Features
        • Installation instruction
      • Belkasoft Forensic Studio
        • Features
      • Belkasoft Forensic im Analyzer
        • features
      • Belkasoft Forensic Carver
        • Features
      • Belkasoft Mail Analyzer
        • features
      • Belkasoft Browser Analyzer
        • analyzer
      • Belkasaoft Skype Analyzer
        • features
      • Belkasoft ICQ Analyzer
        • features
      • Belkasoft qq Analyzer
        • features
      • Belkasoft icq History Extractor
      • Belkasoft Popup Suppresser
      • Belkasoft Removex
  • SARC
    • About Steganography
    • Product
      • StegAlizerAS-Steganography Analyzer Artifact Scanner
      • StegAlizerSS-Steganography Analyzer Signature Scanner
      • StegAlizerRTS-Steganography Analyzer Real-Time Scanner
      • Steganography Detection Policy for fidelis XPS
      • Custom Steganalysis Solutions
    • Training
      • Certifield Steganography Examiner Training
  • MUSHROOM
    • Solutions
      • Enterprise
      • Small Business
      • Broadcasting
      • Internet Data Centers
      • School & NPOs
      • Apartments
      • LECs & ISPs
    • Product
      • Truffle 5201G
      • Truffle 6401
      • Porcini 4422
      • Portabella 2242
      • Portabella 141
      • Teleporter
      • Virtual Leased Line
      • Broadband Bonding Service
    • Technology
      • Overview
      • Truffle BBNA
  • X-WAYS
    • Producto
      • X-ways Forensics
      • X-ways Investigator
      • WinHex
      • X-ways Capture
      • X-ways Trace
      • Davory
      • X-ways Security
  • D-FLABS
    • Solutions & Products
      • PTK Forensics
      • Incman-Incident management Suite
      • Dflog-log Management
  • WETSTONE
    • Product
      • Advanced Threat Identification (ATI)
      • G-FLASH
      • Gargoyle Investigator Forensic Pro
      • Gargoyle Investigator Enterprise Module (GEM)
      • Gargoyle Investigator Windows Forensic Edition (G-FE)
      • ¡FOSSIL
      • Sovereign Time
      • Stego Suite
      • US-LATT
  • FERNICO
    • Product
      • Far ProX Blu-ray
        • Overview
        • Technical Data
        • Options
      • Far ProX DVD
        • Overview
        • Technical Data
        • Options
      • Far ProX Imager
        • Overview
        • Technical Data
        • Options
      • Far LE
        • Overview
        • Technical Data
        • Options
      • ZRT 2 HD
        • Overview
        • Software
        • Options
        • Accesories
        • Upgrade Form
      • ZRT 2
        • Overview
        • Software
        • Options
        • Accesories
        • Upgrade Form
      • ZRT 2 Accesories
      • ERT
        • Overview
        • Software
        • Options
      • Phone View
      • Tomtology
  • PROJECTPHONE
    • products
      • Overview
      • Screenview
      • Snap
      • ICD_5200
      • ICD-1300
  • ADF SOLUTIONS
    • Products
      • Triage-Examiner
      • Triage-Investigator
      • Triage-G2
      • ADF-Triage Kit
      • Technologies
        • Capture Pak
        • Searchpak
        • ActivitySensor
        • Visual Search
  • CLEARWELL
    • products
      • Identification & Collection
      • Processing Search & Analysis
      • Review & Production
      • Case Management & Reporting
      • Clearwell
  • COGNITECH
    • Product
      • TRI-Suite11
        • Video Investigator
        • VideoActive
        • AutoMeasure
      • Forensic Acquisition
      • Goverment Applications
      • PIXL2GPS
      • Video Mobile Desktop Resplacement Supercomputer
  • ELCOMSOFT
    • Products
      • Elcomsoft Password Recovery Bundle
      • Elcomsoft Wireless Security Auditor
      • Elcomsoft Distributed Password Recovery
      • Elcomsoft Internet Password Breaker
      • Advance Archive Password Recovery
      • Advance Office Password Recovery
      • Advance Office Password Breaker
      • Advance PDF Password Recovery
      • Advance SQL Password Recovery
      • Advance Wordperfect Office Password Recovery
      • Advance Lotus Password Recovery
      • Advance Intuit Password Recovery
      • Advance Sage Password Recovery
      • Advance Mailbox Password Recovery
      • Advance IM Password Recovery
      • Advance VBA Password Recovery
      • Lightning Hash Cracker
      • Elcomsoft Phone Password Breaker
      • Elcomsoft Wireless Security Auditor
      • Proactive Password Auditor
      • Proactive System Password Recovery
      • Advance EFS Data Recovery
  • ACRONIS
    • products
      • Acronis Backup & Recovery
      • Acronis® Backup & Recovery™ 10 Online
      • Acronis® Backup & Recovery™ 10
      • Advanced Server Virtual Edition
      • Server for Windows
      • Server for Linux
      • 10 Advanced Server SBS Edition
      • Advanced Workstation
      • Workstation
      • Disk Director 11 Advanced Server
      • Home & Home Office
    • Home And Home Office
      • True Image Home 2011
      • Home 2011 Netbook Edition
      • Disk Director® 11 Home
      • Backup and Security™ 2011
      • Online Backup
      • AntiVirus 2010
      • Drive Monitor™
      • Migrate Easy 7.0
  • ACE LABORATORY
  • DECISION GROUP
    • Product
      • E-Detective
      • Wireless-Detective
      • E-Detective Decoding Centre (EDDC)
      • HTTPS/SSL Network Packet Forencics Device
      • Voip-Detective
      • Network Investigation Toolkit (NIT)
      • Network Packet Forensics Analysis Training (NPFAT)
      • Forensics Investigation Toolkit (FIT)
  • DIGITAL ASSEMBLY
    • Product
  • DT SEARCH
    • Product
      • Desktop With Spider
      • Netwwork With Spider
      • Publish (Portable Media)
      • Web With Spider
      • Engine For Linux
      • Engine For Win & Net
  • MOBILEDIT
    • Product
      • MOBILedit
      • MOBILedit ForenSic
      • Cables Kit
      • Phone copiar
      • COM Components
      • SyncML Server
  • HOT PEPPER
    • Product
      • E-Mail Detective-Forensic Software Tool
      • eChat Locker
      • 9501 Iridium Pager
      • 9501 Iridium/sp-66k-Pager Utility
        • General
        • Service
        • Developer
      • 9501 Iridium Pager Programmer-PPS
      • 9501 Iridium Pager Message Notification
  • NETWITNESS
    • Product
      • Spectrum
      • Visualize
      • Live
      • Informer
      • Investigator
      • SiemLink
      • API/SDK
      • NextGen Infrastructure
      • Decoder
      • Concentrator & Brocker
      • Investigator Freeware
• Servicios Forense Digital

Certified Secure Web Application Engineer

Benefits of the CSWAE Course
Graduates of the mile2 Certified Secure Web Application Engineer training obtain real world security knowledge that enables them to recognize vulnerabilities, exploit system weaknesses and help safeguard against threats

Course Overview
Web applications are increasingly more sophisticated and as such, they are critical to almost all major online businesses. As more applications are web enabled, the number of web application security issues will increase, traditional local system vulnerabilities, such as directory traversals, overflows and race conditions, are opened up to new vectors of attack.

The responsibility for the security of sensitive systems will rest increasingly with the web developer, rather than the vendor or system administrator. As with most security issues involving client/server communications, Web application vulnerabilities generally stem from improper handling of client requests and/or a lack of input validation checking on the part of the developer.

The mile2 Certified Secure Web Application Engineer training teaches students to detect various security issues with web applications and identify vulnerabilities and risks..

Objective Of Laboratory Scenarios
This is an intensive hands-on class; you will spend 60% of student class time performing labs focusing on both the OWASP model as well as the technicalities that detail PCI compliance in respects to secure coding.

COURSE DETAILS
Module 0: Course Overview
Module 1: Software Security Explained
Module 2: Setting the Stage – The Attack
Module 3: Recent Attacks and OWASP Top 10
Module 4: Threat Modeling
Module 5: Secure Software Development Life Cycle
Module 6: Writing Secure Code
Module 7: Web Application Penetration Testing
Module 8: Other Key Items
Module 9: PCI Compliance
Module 10: Secure Code - Attacks
Module 11: Securing Applications
Module 12: Risk Management
Module 13: Security Architecture

Module 0- Course Overview
•Introduction
•Course Objective’s
•How will we achieve it?
•Learning Aids:
•Labs
•Class Prerequisites

Module 1- Software Security Explained
•Overview
•Definition of Software Security
•Understanding Software Security
•Foundation of Security
•Challenges With Security
•The Rise of Insecure Software
•Connectivity
•Extensibility
•Complexity
•Software Security Methodology
•Software Security Methodology
•Process Overview
•Roles and Responsibilities
•Developer’s Role
•Common Vulnerabilities
•Buffer Overflow
•Common Vulnerabilities
•Session Hijacking
•Common Vulnerabilities
•Insecure Software is Everywhere
•OWASP
•Security Focus
•SecurityFocus (Demo)
•ISS (Demo)
•Review

Module 2 – Setting the Stage – The Attack
•Learning Attack Methods
•Developer’s Point of View
•Know the Attacker
•Progression of The Professional Hacker
•Purpose – Why Reconnaissance?
•What Information is gathered by the Hacker?
•Methods of Obtaining Information
•Physical Access
•Social Access
•Social Engineering Techniques
•Digital Access
•Passive vs. Active Reconnaissance
•Footprinting Defined
•Footprinting Tool: KartOO Website
•Footprinting tools
•Google and Query Operators
•Google (cont.)
•Google (cont.)
•Instructor Demonstration
•SPUD: Google API Utility Tool
•Instructor Demonstration
•Online Social Websites
•Identity Theft and MySpace
•Instant Messengers and Chats
•Blogs, Forums & Newsgroups
•Internet Archive: The WayBack Machine
•Domain Name Registration   
•WHOIS   
•WHOIS Output
•Instructor Demonstration
•DNS Databases
•Using Nslookup
•Dig for Unix / Linux
•People Search Engines
•Client Email Reputation
•Web Server Info Tool:   Netcraft
•Countermeasure: Domainsbyproxy.com
•Footprinting Countermeasures
•Introduction to Port Scanning
•Popular Port Scanning Tools
•Port Scan Tips
•Most Popular: BackTrack
•Expected Results
•Method: Ping
•Stealth Online Ping
•NMAP: Preferred Scanning Tool
•Which services use which ports?
•OS Fingerprinting
•Countermeasures: Scanning
•Enumeration Overview
•Web Server Banners
•Practice: Banner Grabbing with Telnet
•SuperScan 4 Tool: Banner Grabbing
•SMTP Server Banner
•DNS Enumeration
•Web Application Penetration Methodologies
•HTTrack Tool: Copying the website offline
•Httprint Tool: Web Server Software ID
•Instructor Demonstration
•The Anatomy of a Web Application Attack
•The Anatomy of a Web Application Attack
•Web Attack Techniques
•Components of a generic
•web application system
•URL mappings to the web application system
•Cracking Techniques
•Password Guessing
•Keystroke Loggers
•Brute Force Tools
•Precomputation Detail
•Cain and Abel’s Cracking Methods
•Free Rainbow Tables
•Password Sniffing
•Stay Up To Date
•Review

Module 3 – Recent Attacks and OWASP Top 10
•Cross-Site Scripting (XSS)
•Stored Cross-Site Scripting Illustrated
•Reflected Cross-Site Scripting Illustrated
•Business Impact of XSS
•Finding and Fixing XSS
•Techniques for Verifying Service Use
•Setting Up a Proxy in IE
•OWASP WebScarab–A Web Application Testing Proxy
•Using Eclipse for Code Review
•Injection Flaws
•SQL Injection
•Why SQL “Injection”?
•SQL Connection Properties
•SQL Injection: Enumeration
•SQL Injection: Enumeration
•SQL Extended Stored Procedures
•Business Impacts of SQL Injection
•Finding and Fixing SQL Injection
•Unvalidated Input
•Unvalidated Input Illustrated
•Business Impacts of Unvalidated Input
•Finding and Fixing Unvalidated Input
•Buffer Overflows
•Buffer Overflow Illustrated
•Business Impacts of Buffer Overflows
•Finding and Fixing Buffer Overflows
•Improper Error Handling
•Improper Error Handling Illustrated
•Business Impacts of Improper Error Handling
•Finding and Fixing Improper Error Handling
• Broken Authentication and Session Mgmt
•Broken Authentication Illustrated
•Business Impacts of Broken Authentication
•Finding and Fixing Broken Authentication
• Broken Access Control
•Broken Access Control Illustrated
•Where Does Access Control Typically Occur?
•Business Impacts of Broken Access Control
•Finding and Fixing Broken Access Control
•Insecure Storage
•Insecure Storage Illustrated
•Business Impacts of Insecure Storage
•Finding and Fixing Insecure Storage
• Application Denial of Service
•Application DOS Illustrated
•Business Impacts of Application DOS
•Finding and Fixing Application DOS
•Insecure Configuration Management
•Insecure Configuration Illustrated
•Business Impacts of Insecure Configuration
•Finding and Fixing Insecure Configuration
•Where to Learn More
•Review
Module 4 – Threat Modeling
•Overview
•Threat Modeling Overview
•The Process
•Identify Security Objectives
•Application Review
•Application Diagram
•Application Decomposition
•Application Decomposition
•Identify Threats
•Harmonized Threat and Risk Assessment Methodology
•Framework for the Harmonized TRA Methodology
•Example: Threat Graph
•Example: Threat Tree
•Threat Methodologies (STRIDE)
•Spoofing Identity
•Tampering With Data
•Repudiation
•Information Disclosure
•Denial of Service
•Elevation of Privilege
•Rank the Threats (DREAD)
•How to Respond to Threats
•Mitigating Threats
•Review

Module 5 – Secure Software Development Life Cycle
•Overview
•Secure Software Development Lifecycle
•S-SDLC Overview
•A Secure Process
•Manager’s Point of View
•Developer’s Point of View
•Why Change?
•Consumer Expectations
•Business Responsibility
•Consumer Expectations
•Business Responsibility
•Response?
•Phases of The Development Lifecycle
•Project Initiation/Concept
•Requirements Gathering
•Architecture and Design
•Things to Consider
•Development
•Unit Test
•Testing
•Implementation and Deployment
•Maintenance
•Review
Module 6 - Writing Secure Code
•Overview
•Data Validation
•Defending the Attack
•Error and Exception Handling
•Logging and Auditing
•Authentication
•Web Authentication Methods
•Basic and Digest Authentication
•Form Based Authentication
•Certificate Based Authentication
•Strong Authentication
•Authorization
•Review

Module 7 – Web Application Penetration Testing
•Overview
•Security Code Review
•Web Application Penetration testing Overview
•Brief History of Web Penetration Testing
•Quick Poll
•Benefits of a Penetration Test
•Article and Example of WAPT
•Current Problems in WAPT
•Changes In Software Development
•Reality check
•Changes Required From Security Testers
•Types of Penetration Testing
•Penetration Testing Methodologies
•Open Source Security Testing Methodology Manual (OSSTMM)
•http://www.isecom.org/
•NIST National Institute of Standards and Technology (SP 800-42) Guideline on Network Security Testing
•Canadian Government Standards are derived from this.
•Information Systems Security Assessment Framework (ISSAF)
•http://www.oissg.org/
•FireFox – The ScriptKiddie’s Dream
•Assessment Tool: Stealth HTTP Scanner
•Instructor Demonstration
•Acunetix Web Scanner
•Wikto Web Assessment Tool
•Instructor Demonstration
•Tool: Paros Proxy
•Instructor Demonstration
•Tool: Burp Proxy
•Fuzzers
•OWASP Top Ten Web Vulnerabilities
•Nessus
•Nessus Report
•SAINT – Sample Report
•Hacking Tool: Metasploit
•Direct Attacks Against a Database
•Attacking Database Servers
•Obtaining Sensitive Information
•Hacking Tool: SQL Ping2
•Hacking Tool: osql.exe
•Hacking Tool: Query Analyzers
•Hacking Tool: SQLExec
•Oracle Security Expert
•Hardening Databases
•Analyzing Risk
•Report Results Matrix
•Findings Matrix
•Calculate the Composite Score.
•Principles
•Process
•Rank the Threats (DREAD)
•Risk Assessment
•Testing Methodologies
•Integrating Testing in the Dev Lifecycle
•Implementing Defense In-depth
•On the Horizon
•Review

Module 8 - Other Key Items
•Overview
•Other items - Integrated Systems
•Security is Challenging
•Business Drivers
•Successful Information Assurance Implementation
•Improving the Systems Lifecycle
•The ISO 21827 SSE-CMM*
•Certification and Accreditation Lifecycle 
•Leverage industry standards that support diverse clients.
•The CMMI Approach
•Integrated Systems
•What is DMZ?
•Classic Security Model
•DNS
•Middleware Defined
•Integrated Systems Fundamental Requirements
•International Standards --SSE-CMM
•What to require
•How do you select the correct security product?
•The Software Market
•The Market is Changing!
•The Future
•Software Security Is A Different World
•Root Causes of Application Insecurity
•Targeting the Root Causes
•What to recommend
•Key Enhancements
•Advanced Enhancements
•Application Security Capacity Scorecard
•Compliance & Security Integrated
•Requirements
•Integration Through Risk Management
•Software Development & Programming Languages
•Object Orientation & Systems Analysis & Design
•XML
•Networking Telecommunications & Emerging Technologies
•Application Security
•Security Management & Compliance
•Network Security
•Review

Module 9 – PCI Compliance
•Overview
•Payment Cardholder Information
•PCI Overview
•PCI Requirement 6
•PCI Requirement 6.1
•PCI Requirement 6.2
•PCI Requirement 6.3
•PCI Requirement 6.4
•PCI Requirement 6.5
•PCI Requirement 6.6
•Summary
•Secure Coding Principles & Practices
•Security Audit Procedures
•Compensating Controls
•Summary

Module 10 – Secure Code – Attacks
•Secure Coding Principles & Practices
•Attacks on applications
•OWASP
•Cross Site Scripting (XSS)
•Injection Flaws
•Malicious File Execution
•Insecure Direct Object Reference
•Cross Site Request Forgery (CSRF)
•Information Leakage and Improper Error Handling
•Broken Authentication and Session Management
•Insecure Cryptographic Storage
•Insecure Communications
•Failure to Restrict URL Access
•3rd Party Vendors
•What are the risks?
•Risk to the organization
•Challenges
•Analyzing Vendor Security
•Managing the Risk
•Outsourcing and Off Shoring
•Challenges
•Ensure Security
•Tools of the Trade
•Tools Continued
•Summary

Module 11 – Securing Applications
•Secure Coding Principles & Practices
•What is Software Security?
•Security Terms
•Attack Vectors
•Threats
•S-SDLC Framework
•Threat Modeling
•Traceability Matrix
•OWASP Guides
•Discussion
•Review

Module 12- Risk Management
•Important Terms
•The Importance of Risk Management
•When Should it Start
•The Risk Management Process
•Know The Business
•Identify Risk
•Classy Risk
•Develop Mitigation Plan
•Implement
•Validate
•Risk Analysis
•Report Your findings
•Case Study and Lab

Module 13 – Security Architecture
•Design It Secure
•Design Considerations
•The SD3 Framework
•Secure By Design
•Secure By Default
•Secure in Deployment
•Understanding the Environment
•Technical Issues
•Security in Layers
•Attacks
•Man-in-the Middle
•Session Hijacking
•Buy vs. Build
•Filters
•Case Study and Lab

Attend live classes from anywhere in the world!

• Live Presentations with Powerful functionality that delivers easy viewing of slides and other documents, shared Internet access, virtual whiteboard, and a media center all through an easy-to-use toolbar.
• Application, file, and desktop sharing enable you to view live demonstrations.
• Dedicated high spec remote PC per student with full access as if you are sitting in-front of the PC in the classroom.
• Instructor views each students session when you perform your hands on labs, the instructor can access your remote system to demonstrate and assist while you sit back to absorb the classroom style mentoring you expect.
• Public and private text chat allows for increased interactivity between students and instructor