Secure Coding Masterclass for Financial Services

Provided by

About the course

Secure Coding Masterclass for Financial Services

If there is a domain where security is critical, it is definitely fintech. Vulnerability is not an option if you want to stay a trusted and reliable vendor with systems and applications that certainly comply with PCI-DSS requirements. You need devoted secure coders with high-level professional attitude and developers eager to fight all coding problems: yes, you need a skilled team of software engineers.

We offer a training program exclusively targeting engineers developing applications for the banking and finance sector. Our trainers share their experience and expertise through hands-on labs, and give real-life case studies from the banking industry – engaging participants in live hacking fun to reveal all consequences of insecure coding.

Topics Include:

IT security and secure coding
Special threats in the banking and finance sector
Regulations and standards
Web application security (OWASP Top Ten 2017)
Client-side security
Security architecture
Requirements of secure communication
Practical cryptography
Security protocols
Crypto libraries and APIs
Input validation
Security of Web services
Improper use of security features
Object-relational mapping (ORM) security
Improper error and exception handling
Time and state problems
Code quality problems
Denial of service
Security testing techniques
Principles of security and secure coding
Knowledge sources
Show less 
Prerequisites
There are no specific pre-requisites for this course. However a general understanding of development practices and a broad understanding of current threats would be desired. There are group exercises, and instructor led ‘hands-on’ labs within each module of this course. Delegates can observe the instructor demonstrations or engage fully with each hands-on lab, subject to experience.

Delegates will learn how to
Understand basic concepts of security, IT security and secure coding
Understand special threats in the banking and finance sector
Understand regulations and standards
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn about XML security
Learn how to set up and operate the deployment environment securely
Learn client-side vulnerabilities and secure coding practices
Have a practical understanding of cryptography
Understand the requirements of secure communication
Understand essential security protocols
Understand some recent attacks against cryptosystems
Understand security concepts of Web services
Learn about JSON security
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Learn about denial of service attacks and protections
Get practical knowledge in using security testing techniques and tools
Get sources and further readings on secure coding practices
Note: This course comes with a number of easy-to-understand exercises providing real-time ethical hacking fun. By accomplishing these exercises with the support of the trainer, participants can analyze vulnerable code snippets and commit attacks against them in order to fully understand the root causes of certain security problems. All exercises are prepared in a plug-and-play manner by using a pre-set desktop virtual machine, which provides a uniform development environment.

Related article

The Cyber Pulse is QA's new portal to free Cyber content, including on-demand webinars, articles written by leading experts,