back

Cyber Secure Coder (CSC-110)

Security-Focused Programming9 H 57 M

Just you? Training a whole team? There's an ITProTV plan that fits.

Start Training Today
This course has a practice test
Episodes
Episodes
  • Security in Software
    • Overview
    • Prior Knowledge and Expectations
    • Gather Software Requirements
    • Assignment: Identity Requirements
    • Activity: Identify Requirements
    • Factors that Undermine Software Security
    • Software Vulnerabilities and Attack Phases
    • Attack Patterns
    • Assignment: Find Vulnerabilities
    • Activity: Find Vulnerabilities
    • Assignment: New Password Requirements
    • Activity: New Password Requirements
    • Assignment: Hashing Passwords
    • Activity: Hashing Passwords
    • Vulnerability Intelligence
    • Assignment: Vulnerability Search
    • Activity: Vulnerability Search
  • Handling Vulnerabilities
    • Bugs in Software
    • External Libraries and Services
    • Handling Errors Securely
    • Human-Related Security
    • Security Requirements and Design
    • Security Through the Software Lifecycle
    • Assignment: Exploring Leftover Artifacts
    • Activity: Exploring Leftover Artifacts
  • Designing for Security
    • Principles of Secure Design
    • Avoid Common Mistakes
    • Assignment: Common Security Design Flaws
    • Activity: Common Security Design Flaws
    • Understand Risk and Threats
    • Risk Response Strategies
    • Exploit Countermeasures
  • Developing Secure Code
    • Guidelines for Secure Coding
    • Buffer Overflows and Prevention
    • Race Conditions
    • Assignment Using Locks Remediate Race Condition
    • Activity Using Locks to Remediate Race Condition
    • OWASP Top Ten Platform Vulnerabilities
    • Web Application Vulnerabilities Deep Dive
    • Mobile Application Vulnerabilities Deep Dive
    • IoT Vulnerabilities Deep Dive
    • Desktop Vulnerabilities Deep Dive
    • Privacy Vulnerability Defects
  • Implementing Common Protections
    • Secure Session Management
    • Users, Protections and Passwords
    • Encryption and Data Protections
    • Error Handling and Protections
  • Testing and Maintaining Software Security
    • Testing Software for Security
    • Monitoring and Logging of Production Applications

Overview

4 M

itprotv course thumbnailitprotv course thumbnailitprotv course thumbnail
  • Episode Description
  • Transcript

Cyber Secure Coder will aid in developing an appropriate understanding of secure development practices and how those practices protect against various types of vulnerabilities. You will learn the types of vulnerabilities, the exploits that can occur from those vulnerabilities, and the programming practices that will help prevent exploitation in an application.

You're watching ITPRO.TV. [MUSIC] Welcome. I am Daniel Lowrie and entertainer here at ITPROTV. We're here to discuss the cybersecurity coder overview series. I want to tell you a little bit about myself. I have been in IT for over 20 years, I have an extensive background in cybersecurity with certifications in that area. I've also worked as a systems administrator and a network administrator for corporate America had a lot of good times doing that. Justin wants to tell us a little bit about yourself,. >> I'm Justin Dennison been in development and IT and Technology for a little over eight years. And I'm gonna be the subject matter expert for cyber secure coder hopefully to give you all the goodness. It'll be a lot of fun. So Justin can you tell us a little bit about this course basically who should be watching this course and what's in it? What kind of problems is the software. >> So there's a couple of things that you didn't get from this course. Number one, you didn't get a certification, right. It's a validation that hey, I know these things, I kind of understand these things. The second thing that you can get is knowledge about how to approach development, software development, and the process is there in, in a security minded way. Right, okay. I'm not just doing it craziness. I'm actually going to approach my design, my implementation, my testing, my deployment, my maintenance in a way that helps keep security going. And we'll, that way, people like Daniel aren't necessarily going to get their foot in the door and make things go horribly wrong, awesome. Now this is a certification based exam, you do get a lot of great information that's practical as well. But we are working towards certification. Can you tell us a little bit about that? Cert. >> So the cert is, this cert nexus cyber secure coder examination, CSC 1 10. >> That's a mouthful. >> Yeah, that is a mouthful. I'm pretty sure we will not say that a whole a lot. But the certification is just going to test you on kind of your general thought processes around secure development. And well, does that look like when you go to get that certification? Well, you're gonna sit for an exam at your nearest Pearson test center, right? Pearson Vue. Typically, if you've had any type of IT training, you're going to be at a Pearson Center at some point. Not necessarily all the time, but at some point, you're gonna have 80 questions that consist of multiple choice, multiple response or true false. And you have 100 and 20 minutes including five minutes for Canada agreement and five minutes for the Pearson Vue tutorial. So let's say you get 100 and 10, you get What about a minute minute 30 per question, should be good to go. Right. And as always, make sure you use appropriate testing strategies where you go. I don't know it. Next. Right. And then come back to those later on. And passing scores a 56 out of 80 or 70%, 70 above means you passed 70 and below. Not so much now, as far as the certification goes, how are you gonna split this up? We have several domains and those domains are developing secure code implementing common protections, testing a software security. Security and software which includes design, kind of thought processes around that and then handling vulnerabilities. Right? And making a distinction between vulnerabilities and exploits. So that's kind of the certification in a nutshell, awesome. >> That sounds really exciting. I can't wait to get into this thing and see the methodologies and ways in which they're going to show us that as we develop applications. And we can start seeing these things more security focused, and security minded. Any thoughts on that when it comes to you? >> Well, I'm excited because I know that when I was a young developers, security was completely out of my mind. I was like, whatever just make it work. But it can cost you a lot of money as a business, as an individual. If you don't try to make these security things better. Right? I don't have appropriate testing, design, thought process in action. And well, I'm excited to help convey that to you so you can get better at your craft. Get better at your job. I'm not guaranteeing a race, but it would be nice, but you never know, right? If you're better and hopefully you can demand more. And we'll see how that goes. >> Yeah, good points, all of them. That being said, hopefully you're excited about this course and we look forward to seeing you in the upcoming episodes. Thank you for watching ITPROTV.