Duration

2 Days

12 CPD hours

Overview

Working in an interactive learning environment, guided by our application security expert, you'll explore:
- the concepts and terminology behind defensive coding
- Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets
- the entire spectrum of threats and attacks that take place against software applications in today's world
- the role that static code reviews and dynamic application testing to uncover vulnerabilities in applications
- the vulnerabilities of programming languages as well as how to harden installations
- the basics of Cryptography and Encryption and where they fit in the overall security picture
- the requirements and best practices for program management as specified in the STIGS
- the processes and measures associated with the Secure Software Development (SSD)
- the basics of security testing and planning

Description

The Information Assurance (STIG) Overview is a comprehensive two-day course that delves into the realm of Information
Assurance, empowering you to enhance your cybersecurity skills, understand the essentials of STIGs, and discover cuttingedge web application security practices. This immersive experience is tailored for IT professionals, developers, project teams, technical leads, project managers, testing/QA personnel, and other key stakeholders who seek to expand their knowledge and expertise in the evolving cybersecurity landscape. The course focuses on the intricacies of best practices for design, implementation, and deployment, inspired by the diverse and powerful STIGs, ultimately helping participants become more proficient in application security.
The first half of the course covers the foundations of DISA's Security Technical Implementation Guides (STIGs) and learn the ethical approach to bug hunting, while exploring the language of cybersecurity and dissecting real-life case studies. Our expert instructors will guide you through the importance of respecting privacy, working with bug bounty programs, and avoiding common mistakes in the field.
The next half delves into the core principles of information security and application protection, as you learn how to identify and mitigate authentication failures, SQL injections, and cryptographic vulnerabilities. You'll gain experience with STIG walkthroughs and discover the crucial steps for securing web applications.
Throughout the course, you'll also explore the fundamentals of application security and development, including checklists, common practices, and secure development lifecycle (SDL) processes. You'll learn from recent incidents and acquire actionable strategies to strengthen your project teams and IT organizations. You'll also have the opportunity to explore asset analysis and design review methodologies to ensure your organization is prepared to face future cybersecurity challenges.
Note: For a deeper (or next-step) exploration of STIGs and Application Security attendees might consider the five-day course TT8815: Understanding and Verifying ASD STIGs

Prerequisites

While specific prerequisites may vary depending on the course provider and the targeted audience, a general set of prerequisites for attending a course on Information Assurance and STIGs could include:
- Basic understanding of information security concepts and terminology.
- Familiarity with web application architecture and development.
- Knowledge of networking and web protocols (e.g., HTTP, HTTPS, TCP/IP).
- Experience with programming languages commonly used in web application development, such as JavaScript, Python,
Java, or C# would be helpful but not required, as this is not a hands-on class.
- A general understanding of operating systems, databases, and web servers.