Source code review is a highly effective method of detecting vulnerabilities in software. This course aims to arm security analysts and J2EE software developers interested in creating secure software with the skill-set to manually identify insecure code through analysis. This process requires a more in-depth understanding of application security, and thus this class provides a deeper drive along with hands-on analysis.
Students who take this course will be able to:
Who Should Attend
The intended audience for this course is:
This course explores technical details of various application-layer vulnerabilities. Students should have knowledge of basic web application security, as well as basic programming knowledge (having Java specific programming experience is very helpful).
Not sure if you meet the prerequisites? Take a short quiz to determine if this training is right for you.
Would like a refresher for the prerequisites before taking the course? We have made available a few resources that we think you will find useful.
Part 1: Introduction
Part 2: Source Code Review Approaches
Part 3: Authentication
Part 4: Authorization
Part 5: Session Management
Part 6: Input Validation
Rohit Sethi joined Security Compass as its second full-time employee. Leveraging a combined background in information security and software engineering, Rohit is recognized internationally as an expert in the emerging field of application security. In his role as manager at Security Compass, Rohit is responsible for managing Security Compass’s internationally renowned consultants on cutting edge consulting and training engagements across North America and around the world. He is leading development and instruction of the SANS Institute class Secure Coding in Java.
Rohit has provided security consulting and training services to primarily Fortune 1000 clients in the financial services, healthcare, utilities, telecommunications, media, and software industries. He has led and delivered engagements for a variety of service offerings, including application security architecture, design, and code reviews; threat analysis; penetration testing; application security program enhancement; vendor security assessments; identity management strategy; customer data privacy assessment; security governance strategy; threat risk assessments; SOX, BS7799 and PCI audit and remediation; and segregation of duties analysis and remediation. Rohit has also developed and taught courses for a wide variety of topics, including web application security exploiting, secure coding in J2EE, exploiting web applications, application security awareness, application security for managers, and general information security awareness. Prior to joining Security Compass, Rohit Sethi was a security consultant at Deloitte and a developer/business analyst at Automatic Data Processing (ADP).
Rohit is a noted expert in application security and has delivered / will be delivering talks or training sessions at RSA conference in San Francisco; CSI National in Washington DC; CSI SX in Las Vegas; SANS conferences in Toronto, Orlando, and Washington DC; Shmoocon in Washington DC; SecTor in Toronto; Infosecurity Toronto and New York; ISC2’s Secure Leadership series in Toronto and Calgary; and TASK and Federation of Security Professionals in Toronto.
Rohit has written articles on Aspect Oriented Programming and Security, Application Classification, and Centralized Logging for the prestigious Web Application Security Consortium and industry-recognized leading security portal Security Focus. He has been interviewed and quoted by Computer World and IT World Canada.
Rohit holds an Honors Bachelor of Science in Computer Science with Software Engineering Specialization from the University of Western Ontario in Canada. He is a Certified Information Systems Security Professional (CISSP) and a Sun Certified Java Programmer.
Dan Sinclair is a Security Consultant with a strong background in application development. He has over seven years of experience in application design and development.
Prior to joining Security Compass, Dan worked as a solutions architect, web developer, and, most recently, as a Solaris 10 migration specialist and instructor for TrekLogic Advanced Solutions. He also helped develop and teach “Solaris 10: An introduction to DTrace, SMF, ZFS and Zones” for Sun Microsystems.
Dan is a contributor to several Open Source projects including the Enlightenment project and OpenSolaris where his work has included design, development, testing and documentation. He serves as a lead developer for the Enlightened Widget Library (Ewl).
Dan has a Bachelors of Mathematics in Honors Computer Science from the University of Waterloo.
Ends May 1