The TONEX Software Security Training is a 2-day course costing $1,699 that covers a wide range of topics in software security including secure programming techniques, trusted computing infrastructure, low-level software attacks and protections, web security, risk management, statistical analysis, penetration testing, cloud security, data security, wireless network security, and mobile system security. The training includes lectures, hands-on labs, workshops, and in-class activities to help students understand concepts and develop their own security frameworks. It is designed for IT professionals, cybersecurity professionals, security analysts, and others working in software security or related fields.
2. Software Security Training
https://www.tonex.com/training-courses/software-security-training/
Software Security Training course acquaints you with an assortment
of points in software security, for example, secure programming
systems, confided in processing foundation, low level software
assaults, wen security, chance administration strategies,
representative execution, and cloud/remote/cell phone security.
By the approach of registering frameworks which are a fundamental
piece of our every day lives, one ought to have the capacity to
depend on the uprightness of the framework and the data ought to
be kept private.
By taking TONEX software security training, you will take in the
essential standards of PC security, vulnerabilities, PC wrongdoings,
dangers, and idea of web security. Additionally, you will be
acquainted with the protected programming methods as a piece of
software security, code inspecting, SQL infusion, and secure coding
standards.
This workshop will show you extraordinary arrangement of data
about confided in registering foundation (TCI), process hubs,
confided in stage module (TPM), software trustworthiness,
information honesty and ensuring accreditations incorporated into
stage security.
3. Software Security Training
https://www.tonex.com/training-courses/software-security-training/
TONEX software security training will likewise enable you to find out
about the software security assaults, for example, cushion flood,
information just assaults or non-executable information assaults.
Besides, comprehend the significance of web security issues,
malignant sites, and dissent of administration assaults.
You additionally will find out about the primary standards for secure
plan, open outline, and hazard administration strategies in software
plan. Figure out how to separate the receptive and proactive hazard
administration methods, decipher the factual control diagrams in
measurable examination, and representative execution in software
security. Students additionally will complete this workshop with
adequate information about the entrance testing and its
apparatuses, cloud security applications and modules, and strategies
for information security and protection.
This training encourages you to find the issues of remote system
security, for example, LAN assaults, Wi-Fi insurance plans, WPA, and
WPA2 idea and how to resistance against the assaults.
4. Software Security Training
https://www.tonex.com/training-courses/software-security-training/
TONEX software security training incorporates numerous in-class
exercises including hands on works out, contextual investigations
and workshops. Amid the software security training, understudies
get their own particular example work and extends and through our
instructing, build up their own particular security framework.
At last, the software security basics training will present the portable
framework security ideas, for example, versatile program security,
confirmation of cell phones, cell phone administration, malware
identification strategies in versatile administration and
dynamic/static cell phone examination.
Trusted
computing
infrastructure
(TCI)
5. Software Security Training
https://www.tonex.com/training-courses/software-security-training/
Audience:
The software security training is a 2-day course designed for:
• All individuals who need to understand the concept of software
security.
• IT professionals in the areas of software security
• Cyber security professionals, network engineers, security
analysts, policy analysts
• Security operation personnel, network administrators, system
integrators and security consultants
• Security traders to understand the software security of web
system, mobile devices, or other devices.
• Investors and contractors who plan to make investments in
security system industry.
• Technicians, operators, and maintenance personnel who are or
will be working on cyber security projects
• Managers, accountants, and executives of cyber security
industry.
6. Software Security Training
https://www.tonex.com/training-courses/software-security-training/
Training Outline:
The software security training course consists of the following
lessons, which can be revised and tailored to the client’s need:
• Computer Security Principles
• Secure Programming Techniques
• Trusted Computing Infrastructure (TCI)
• Low Level Software Security Attacks and Protection
• Web Security
• Secure Design Principles
• Risk Management
• Statistical Analysis
• Symbolic Execution
• Penetration Testing
• Cloud Security
• Data Security and Privacy (DAP)
• Wireless Network Security
• Mobile System Security (MSS)
• Hands-on and In-Class Activities
• Sample Workshops Labs for Software Security Training
7. Software Security Training
https://www.tonex.com/training-courses/software-security-training/
Computer Security Principles:
• Introduction to computer security
• Computer crime
• Accuracy, Integrity, and Authenticity
• Vulnerabilities
• Introduction to Crypto
• Access control
• Threats to security
• System correctness
• Application of operating system security
• Web security
• Network security
• Operating system security
8. Software Security Training
https://www.tonex.com/training-courses/software-security-training/
Secure Programming Techniques:
• General principles of secure programming
• Reasons of insecurity
• Economic reasons
• Security measurements
• Marketing problems
• Security requirements
• Confidentiality
• Integrity Availability
• Code auditing
• C/C++ codes
• Assurance measure requirements
• Open source software and security
• Disclosure of vulnerabilities
• Vulnerability classes
• Web security
• SQL injection
• PHP
• Shell Scripts
• Java
• Secure programming for Linux and Unix
• Secure coding, principles and practices
• Statistical analysis for secure programming
C/C++ codes
9. Software Security Training
https://www.tonex.com/training-courses/software-security-training/
Trusted Computing Infrastructure (TCI):
• Definition of trusted computing
• Processing nodes
• Protecting processing nodes against threats
• Node controllers
• Trust relationship in networked society
• Trusted computing cloud model
• Trusted Platform Module (TPM)
• Trusted computing Attestation process
• Implementation aspects
• Main TPM duties
• Unique platform identity
• Software integrity
• Network integrity
• Data integrity
• Protecting credentials
• Device identity
• Secure execution
• Crypto erase
• Examples of Platform security
Trusted
computing
infrastructure
(TCI)
10. Software Security Training
https://www.tonex.com/training-courses/software-security-training/
Low Level Software Security Attacks and Protection:
• Introduction to software security attacks
• Stack-based buffer overflow
• Heap-based buffer overflow
• Return-to-l ibc attacks
• Data-only attacks
• Methods of defense against security attacks
• Stack canaries
• Non-executable data
• Control- flow integrity
• Layout randomization
• Other defense methods
11. Software Security Training
https://www.tonex.com/training-courses/software-security-training/
Secure Design Principles:
• Least Privileges
• Fail-Safe Defaults
• Economy of Mechanism
• Complete Mediation
• Open Design
• Separation of Privilege
• Diebold voting machines example
• Least Common Mechanism
• Psychological Acceptability
• Fail-safe defaults
• Principles of software security
• Defense practice
• Compartmentalize
• Promoting the privacy
• Using community resources
• Securing easy targets
12. Software Security Training
https://www.tonex.com/training-courses/software-security-training/
Risk Management:
• Security risk management concepts
• Definition of risk management
• Threat response time
• Regulatory compliance
• Infrastructure management cost
• Risk prioritization
• Reactive and proactive risk management
• Identifying risk management prerequisites
• Communicating risks
• Assessing risks
• Classifying assets
• Organizing risk information
• Threat probability estimation
• Quantifying risks
• Conducting decision support
• Control solution
• Implementing controls
• Measuring program effectiveness
13. Software Security Training
https://www.tonex.com/training-courses/software-security-training/
Statistical Analysis:
• User interface
• Statistical roles and challenges in network security
• Network traffic and data
• Network data characteristics
• Exploring network data
• Descriptive analysis
• Visualizing analysis
• Data reduction
• Network data modeling for association and prediction
• Bivariate analysis
• Measuring user behavior
• Supervised learning
• Decision analysis in network security
• Uncertainty analysis
• Statistical control chart
14. Software Security Training
https://www.tonex.com/training-courses/software-security-training/
Symbolic Execution:
• Base Imperative Language
• Input domain
• Expressions and types
• Basic definitions
• Traces, paths, and programs
• Basics of symbolic execution
• Classic symbolic execution
• Generalized symbolic execution
• Application of symbolic execution
• Trace based symbolic execution
• Multi-path symbolic execution
• Macroscopic view of symbolic execution
• Cost of symbolic execution
15. Software Security Training
https://www.tonex.com/training-courses/software-security-training/
Penetration Testing:
• Definition
• Port scanning
• Vulnerability scanning
• Penetration testing
• Why penetration testing?
• Steps toward application of penetration testing
• Penetration testing tools
• Kali Linux
• Maltego
• WHOIS service
• Vega
• Hydra
•
Cloud Security:
• Definition of cloud
• Definition of security
• Cloud computing definition
• Features, attributes, characteristic of cloud computing
• Cloud based applications
• Cloud based developments
• Cloud based infrastructure
• Cloud models (SAAS,PAAS,IAAS)
• Problems associated with cloud computing
16. Software Security Training
https://www.tonex.com/training-courses/software-security-training/
Data Security and Privacy (DAP):
• Definition of Data
• Data security
• Prevention and detection of Data security issues
• Reaction against data security
• Audit standards
• Data security policies
• Data security tools
• Monitoring secured data
• Documenting the data security
• Data privacy enforcement
Wireless Network Security:
• Wireless networks and security definition
• What is LAN?
• Simple Wireless LAN
• Attacks and Defense against attacks in wireless network
• Wired Equivalent Privacy (WEP)
• Wi-Fi Protected Access (WPA)
• Wi-Fi Protected Access-Version 2 (WPA2)
• Attacks to WEP
• Defense for WEP attacks
• Common attack types for WPA and WPA2
• Wireless encryption
17. Software Security Training
https://www.tonex.com/training-courses/software-security-training/
Mobile System Security (MSS):
• Mobiles are everywhere
• Uniqueness of Mobiles
• Management and security challenges for Mobile systems
• Mobile security faced by Enterprises
• Visualizing Mobile Security
• Hardware security
• Mobile Web browsers
• Authenticating users to devices
• Application security
• Mobile Security solution
• Permission and encryption
• Security philosophy
• Mobile Device Management (MDM)
• Mobile Operating Systems
• Malware Detection in Mobile System
• Cloud based detection
• Dynamic/Static analysis
18. Software Security Training
https://www.tonex.com/training-courses/software-security-training/
Hands-on and In-Class Activities
• Labs
• Workshops
• Group Activities
Sample Workshops Labs for Software Security Training
• Application of Linux command lines
• User-mode Linux and the mln tool
• Introduction to vulnerable software
• Manual and automatic code review
• Preventing from exploitation
• Symbolic execution workshop
• SQL injection workshop
• Command execution example
VISIT TONEX EVENTS