1 - Identify Security Requirements and Expectations

• Security Throughout the Development Process
• Business Requirements
• Standards and Compliance Requirements
• User Impact
• User Expectations
• Platform Requirements
• Consequences of Not Meeting Security Requirements
• Guidelines for Identifying Security Requirements and Expectations
• Identifying Security Requirements and Expectations
• Topic B: Identify Factors That Undermine Software Security
• Three Ps of Software Security
• Software Security Terminology
• Identifying Factors That Undermine Security
• Topic C: Find Vulnerabilities in Your Software
• Builders and Breakers
• Hacking
• Phases of an Attack
• Common Attack Patterns
• Case Study: Protecting Against a Password Attack
• Guidelines for Identifying Software Security Vulnerabilities
• Identifying Vulnerabilities in an Application
• Cracking a Password Hash
• Fixing a Password Hash Vulnerability
• Topic D: Gather Intelligence on Vulnerabilities and Exploits
• Vulnerability Intelligence
• Exploits
• Guidelines for Researching Vulnerabilities and Exploits
• Identifying Sources for Vulnerability Intelligence

2 - Handling Vulnerabilities

• Topic A: Handle Vulnerabilities Due to Software Defects and Misconfiguration
• Software Defects
• Causes of Software Defects
• Guidelines for Preventing Security Defects
• Preventing Security Defects
• Problems in ThirdParty Code
• Problems in Standard Libraries
• Dependencies
• Encryption Validation
• Security of Host Systems and Service Providers
• Guidelines for Using ThirdParty Code and Services
• Host Platform Configuration
• Hypervisor Vulnerabilities
• Guidelines for Managing Vulnerabilities in External Hosts and Services
• Identifying Vulnerabilities in a Software Project
• Examining the Project Files
• Error Messaging
• Error Handling
• FailSafe
• Failure Recovery
• Guidelines for Secure Error Handling
• Identifying Software Defects and Misconfiguration
• Topic B: Handle Vulnerabilities Due to Human Factors
• The Human Element in Software Security
• Vulnerabilities Attributed to the Human Element
• Social Engineering Attacks
• User Input
• Input Validation
• Security Policy Enforcement
• Guidelines for Managing People Risks
• Managing People Risks
• Topic C: Handle Vulnerabilities Due to Process Shortcomings
• Development Process Approaches
• Building Security In
• The CIA Triad
• Requirements Phase
• Design Phase
• Development Phase
• Testing Phase
• Security Testing Tools
• Deployment Phase
• Maintenance Phase
• Development Process Security
• Guidelines for Software Development Processes
• Managing Software Development Process Risks

3 - Designing for Security

• Topic A: Apply General Principles for Secure Design
• Security in the Design Phase
• Security by Obscurity vs. Security by Design
• OWASP Security Design Principles
• Minimize Attack Surface Area
• Establish Secure Defaults
• Least Privilege
• Least Common Mechanism
• Defense in Depth
• Fail Securely
• Don't Trust Services
• Separation of Duties
• Security by Obscurity
• Keep Security Simple
• Fix Security Issues Correctly
• Software Design Patterns
• Security Patterns
• Modular Design
• Benefits of Modular Design
• The Balance Between Defense in Depth and Simplicity
• Guidelines for Avoiding Common Design Mistakes
• Avoiding Common Security Design Flaws
• Topic B: Design Software to Counter Specific Threats
• The Risk Equation
• Threat Modeling
• Benefits of Threat Modeling
• Step 1: Define General Security Objectives and Scope
• Tooling and Documentation
• Assets
• Step 2: Decompose the Software
• Trust Levels
• Entry and Exit Points
• External Dependencies
• Data Flow Diagrams
• Diagramming Symbols
• Diagramming the Catalog Application
• Step 3: Identify and Rank Threats
• STRIDE
• PASTA
• Misuse Cases
• Security Zones
• Strategies for Ranking Threats
• DREAD
• Risk Response Strategies
• Severity
• Risks Outside Your Control
• Guidelines for Identifying and Ranking Threats
• Step 4: Counter Each Threat
• Countermeasures
• Identifying Threats and Countermeasures

4 - Developing Secure Code

• Topic A: Follow Best Practices for Secure Coding
• Development Documentation and Deliverables
• Application and Data Integrity
• Common General Programming Errors
• Insecure Deserialization
• Guidelines for Secure Coding
• Researching Your Secure Coding Checklist
• Buffer Overrun Defects
• Buffer Overflows
• Guidelines to Prevent Buffer Overflow Defects
• Buffer Overreads
• Guidelines to Prevent Buffer Overread Defects
• Integer Overflows
• Guidelines to Prevent Integer Overflow Defects
• Uncontrolled Format Strings
• Insecure Output Encoding
• XXE Attacks
• Guidelines to Prevent Uncontrolled Format String Defects
• Race Condition
• Impact of Race Conditions on Threading/Multiprocessing
• Guidelines to Prevent Race Condition Defects
• Performing a MemoryBased Attack
• Topic B: Prevent Platform Vulnerabilities
• OWASP Top Ten Platform Vulnerabilities
• Authentication
• Authorization
• Broken Authentication
• Guidelines to Prevent Web Vulnerability Defects
• Guidelines to Prevent Mobile App Vulnerability Defects
• Guidelines to Prevent Internet of Things Vulnerability Defects
• Desktop Application Vulnerabilities
• DLL Injection
• Shellcode Injection
• Debugger Security
• Differences Among Desktop Platforms
• Managed vs. Unmanaged
• Desktop Application Attack Vectors
• Development Tool and Project Configuration
• Guidelines to Prevent Desktop Application Vulnerabilities
• Finding Common Web Vulnerabilities
• Topic C: Prevent Privacy Vulnerabilities
• Privacy Vulnerability Defects
• Privacy by Design
• Data Anonymization
• Guidelines to Prevent Privacy Vulnerability Defects
• Handling Privacy Defects

5 - Implementing Common Protections

• Topic A: Limit Access Using Login and User Roles
• Web Sessions
• Secure Session Management
• Methods for Passing Session IDs
• Access Control
• Guidelines for Secure Session Management
• User Provisioning
• Password Recovery
• Account Lockouts
• Guidelines for Secure Password Management
• Handling Authentication and Authorization Defects
• Topic B: Protect Data in Transit and At Rest
• Encryption
• Uses for Encryption
• Cryptographic Lifecycle
• Symmetric Encryption
• Asymmetric Encryption
• Hashing
• Digital Signatures
• Digital Signature Nonrepudiation
• Digital Certificates
• PKI
• PKI Components
• The PKI Process
• Key Management
• Key Management Factors
• Certificate Revocation
• Guidelines for Protecting Data in Transit and at Rest
• Protecting Data in Transit and at Rest
• Topic C: Implement Error Handling and Logging
• Error Handling
• Uses for Error Handling
• Error Messaging
• Logging
• Guidelines for Implementing Error Handling and Logging
• Reviewing Error Handling
• Improving Error Handling
• Topic D: Protect Sensitive Data and Functions
• Sensitive Data
• Output Restrictions
• Function Level Access Control
• Case Study: CrossSite Scripting Defect
• Guidelines for Protecting Sensitive Data and Functions
• Protecting Sensitive Data and Functions
• Staging a Persisted XSS Attack on an Administrator Function
• Topic E: Protect Database Access
• Case Study: SQL Injection Defect
• Query Parameterization
• Database Connection Credential Protection
• Guidelines for Protecting Database Access
• Protecting Database Access

6 - Testing Software Security

• Topic A: Perform Security Testing
• The Role of Testing
• Phases of Software Testing
• Development Testing
• Unit Testing
• Integration Testing
• Documentation and Deliverables for Testing
• Manual Inspection and Code Review
• Code Review Strategies
• Guidelines for Security Testing
• Performing Manual Inspection and Review
• Topic B: Analyze Code to find Security Problems
• Static Code Analysis
• Strategies for Using Static Analysis
• Dynamic Code Analysis
• Guidelines for Code Analysis
• Performing Code Analysis
• Topic C: Use Automated Testing Tools to Find Security Problems

Additional course details:

Nexus Humans Cyber Secure Coder (CSC) training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward.

This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts.

Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success.

While we feel this is the best course for the Cyber Secure Coder (CSC) course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you.

Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

FAQ for the Cyber Secure Coder (CSC) Course

Available Delivery Options for the Cyber Secure Coder (CSC) training.

• Live Instructor Led Classroom Online (Live Online)
• Traditional Instructor Led Classroom (TILT/ILT)
• Delivery at your offices in London or anywhere in the UK
• Private dedicated course as works for your staff.

How many CPD hours does the Cyber Secure Coder (CSC) training provide?

The 3 day. Cyber Secure Coder (CSC) training course give you up to 18 CPD hours/structured learning hours. If you need a letter or certificate in a particular format for your association, organisation or professional body please just ask.

Is the Cyber Secure Coder (CSC) training appropriate for someone learning to use Cyber Secure Coder in a professional environment?

Yes the Cyber Secure Coder (CSC) is appropriate for someone looking to use Cyber Secure Coder in a professional workspace or environment. But do make sure to note any prerequisites, read the course outline to ensure it is the right fit for you or your teams requirements and preferences.

What is the correct audience for the Cyber Secure Coder (CSC) training?

This course is designed for software developers, testers, and architects who design and develop software in various programming languages and platforms, including desktop, web, cloud, and mobile, and who want to improve their ability to deliver software that is of high quality, particularly regarding security and privacy. This course is also designed for students who are seeking the CertNexus Cyber Secure Coder (CSC) Exam CSC-210 certification.

Do you provide training for the Cyber Secure Coder (CSC).

Yes we provide corporate training, dedicated training and closed classes for the Cyber Secure Coder (CSC). This can take place anywhere in UK including, England, Scotland, Cymru (Wales) or Northern Ireland or live online allowing you to have your teams from across UK or further afield to attend a single training event saving travel and delivery expenses.

What is the duration of the Cyber Secure Coder (CSC) program.

The Cyber Secure Coder (CSC) training takes place over 3 day(s), with each day lasting approximately 8 hours including small and lunch breaks to ensure that the delegates get the most out of the day.

Why are Nexus Human the best provider for the Cyber Secure Coder (CSC)?

Nexus Human are recognised as one of the best training companies as they and their trainers have won and hold many awards and titles including having previously won the Small Firms Best Trainer award, national training partner of the year for UK on multiple occasions, having trainers in the global top 30 instructor awards in 2012, 2019 and 2021. Nexus Human has also been nominated for the Tech Excellence awards multiple times. Learning Performance institute (LPI) external training provider sponsor 2024.

Is there a discount code for the Cyber Secure Coder (CSC) training.

Yes, the discount code PENPAL5 is currently available for the Cyber Secure Coder (CSC) training. Other discount codes may also be available but only one discount code or special offer can be used for each booking. This discount code is available for companies and individuals.