Course: Programmer to Secure Agile Programmer - Part 2: Secure Programmer

• Discover the basics of secure programming, including common

• security concepts like the CIA triangle, least privileges, and
• separation of duties. Explore authentication and authorization,
• including popular models like DAC, MAC, RBAC, and ABAC. Examine how
• to avoid common programming errors that can undermine security, as
• well as how to incorporate validation and verification into your
• programming.

• Explore various software vulnerability topics in this 19-video,

• which opens with a look at specific security vulnerabilities and
• how to program counter techniques. Then learners receive three
• tutorials on the OWASP (Open Web Application Security Project) Top
• 10 vulnerabilities: SQL injection, broken authentication, and
• cross-site scripting; broken access control, security
• misconfiguration, sensitive data exposure, and insufficient attack
• protection; and cross-site request forgery, using components with
• known vulnerabilities, and under protected application programming
• interfaces (APIs). Examine use of threat models including STRIDE
• (Spoofing, Tampering, Repudiation, Information Disclosure, Denial
• of Service, and Elevation), PASTA (the Process for Attack
• Simulation and Threat Analysis), DREAD (Damage, Reproductibility,
• Exploitability, Affected Users, Discoverability), and SQUARE
• (Security Quality Requirements Engineering). Use CVE (common
• vulnerabilities and exposures) vulnerability scoring, and examine
• Java, Python, C#, and Javascript SQL secure coding examples.
• Implement Python secure coding to combat SQL vulnerability; C# to
• combat common code vulnerabilities, and Javascript to combat Cross
• Site Scripting attacks. Use Common Vulnerability Scoring System
• (CVSS), and finally, use OWASP Zap and Vega vulnerability scanners
• to test websites for common vulnerabilities.

• In this 5-video course, learners discover the basics of

• cryptographic algorithms. You will receive a general overview of
• symmetric algorithms such as AES, Blowfish, and Serpent. You will
• also examine asymmetric algorithms such as RSA (Rivest, Sharmir,
• and Adelman), Diffie-Hellman, and elliptic-curve cryptography
• (ECC). More importantly, you will learn when to use which algorithm
• and what algorithms are better for specific purposes. You will then
• move on to integrity algorithms, including hashes like SHA (Secure
• Hash Algorithm 1), MD5 (Message Digest 5), and 6, RIPEMD (Ripe
• Message Digest), and HAVAL, as well as message authentication codes
• (MACs) and HMACs (keyed-hash message authentication codes). You
• will also examine the strengths and weaknesses of these different
• approaches. The goal is whether one can make intelligent choices
• about which algorithms to implement for which purpose; whether
• one's concerns are about confidentiality; if one needs to do key
• exchange; is message integrity an issue; are you storing passwords?
• These will each require different algorithms.

Explore common software attacks and the coding mistakes that make software vulnerable to them. Discover how to code against format string, SQL injection, buffer overflow, cross-site scripting, and password cracking attacks in Java, C#, JavaScript, and Python.

Explore resiliency concepts such as stability, recovery, and defensive coding. Discover how to write resilient code in Java, Python, C#, and JavaScript.

Perform Secure Programmer tasks such as minimizing SQL injection vulnerability, using OWASP Zap application to test an insecure web application, using Python to encrypt a data set and explore vulnerable code that can cause an overrun of buffer's boundary in Java, Python, C# and Javascript. Then, test your skills by answering assessment questions after preventing cross site scripting vulnerability, using Python to brute force a simple password, and creating resilient code in Python and C#.

Final Exam: Secure Programmer will test your knowledge and application of the topics presented throughout the Secure Programmer track of the Skillsoft Aspire Programmer to Secure Agile Programmer Journey.