SAFECode Training

Length: 20 minutes

This course serves as an introduction to Windows Access Controls. It aims to provide viewers with a basic understanding of common Windows Access Control terms and concepts, and reviews best practices for ensuring that an applications' use of access controls is secure. It also outlines testing strategies to validate that proper access controls are in place.

The primary intended audiences for this course are software architects, developers, quality engineers and testers.

Acknowledgements: SAFECode would like to thank Adobe for donating the material that formed the basis for this course.

Length: 27 minutes

This course provides an introduction to user password handling best practices. Viewers will learn steps for risk reduction in checking, transmission and storage of passwords. The course also aims to help them identify opportunities for making authentication a worthwhile and practical part of their architecture.

The primary intended audiences for this course are software architects, developers, quality engineers and testers. Experienced software designers, development managers and product managers seeking a basic understanding of password handling complexity will also benefit from this material.

Acknowledgements: SAFECode would like to thank Adobe for donating the material that formed the basis for this course.

Length: 17 minutes

This training module will teach students about different Cloud models as well as basic practices and aspects of secure development of Cloud applications.

Length: 33 minutes

This training module will teach students about different Cloud models as well as basic practices and aspects of secure development of Cloud applications.

The "Quiz" versions of our courses require registration, so that course progress, quiz results and other course related items can be saved to the user’s profile. Please log in to take advantage of these benefits.

Length: 33 minutes

This training module will teach students about different Cloud models as well as basic practices and aspects of secure development of Cloud applications.

The "Quiz" versions of our courses require registration, so that course progress, quiz results and other course related items can be saved to the user’s profile. Please log in to take advantage of these benefits.

This training module will teach students about different Cloud models as well as basic practices and aspects of secure development of Cloud applications.

Length: 34 minutes

This introductory course provides viewers with a basic understanding of the core concepts behind XSS. It will help viewers recognize where in a web application they may expect to find XSS and provide guidance on preventing and remediating XSS.

The primary intended audiences for this course are architects, developers, and testers of web applications, who are not familiar or may be only slightly familiar with XSS. Development managers and people handling priorities and deferrals will also benefit from this material.

Acknowledgements: SAFECode would like to thank Adobe for donating the material that formed the basis for this course.

Length: 26 minutes

An introduction to cross site request forgery that aims to help viewers understand CSRF as a pattern of attack and become aware of certain “hotspots” in an application where CSRF can be of particular concern. It also provides basic strategies to prevent CSRF in design and implementation.

The primary intended audiences for this course are architects, developers, and testers of web applications or other software deploying web technologies. Development managers will also benefit from this material.

Acknowledgements: SAFECode would like to thank Adobe for donating the material that formed the basis for this course.

Length: 21 minutes

This course serves as an introduction to Default, Obscured, and Hidden content – or DOH. The goals of this course are to help viewers become familiar with the risks association with DOH and promote a basic understanding of effective methods to detect and mitigate those risks.

The primary intended audiences for this course are software developers, testers, and system administrators.

Recommended / Related Modules: CSRF 101: Cross Site Request Forgery for Everyone

Acknowledgements: SAFECode would like to thank Adobe for donating the material that formed the basis for this course.

Length: 22 minutes

Focused on Linux and OS X, this course is a basic introduction to Unix file permission concepts. It presents best practices that mitigate related security issues, and provides a high-level overview of traditional Unix permissions and setuid/setgid. It also describes OS X Access Control Lists.

The primary intended audiences for this course are software architects, developers, quality engineers and testers.

Acknowledgements: SAFECode would like to thank Adobe for donating the material that formed the basis for this course.

Length: 30 minutes

This introductory course will provide a basic understanding of SQL injection as a pattern of attack and a special case of an overall pattern of injection attacks. The course will explain how that pattern applies to Shell injection, LDAP, XML, JSON and other languages and domains. It will also provide strategies for preventing and fixing injections when testing them in an application.

The primary intended audiences for this course are architects, developers and testers who are either unfamiliar or only somewhat familiar with SQL injections and other injection attacks. Development managers and others in positions to set defect resolution priorities and make implementation solution decisions will also benefit from this material.

Acknowledgements: SAFECode would like to thank Adobe for donating the material that formed the basis for this course.

Length: 42 minutes

This course provides an insight into the correct use of cryptography in applications, along with an overview of the most important cryptographic concepts. When you have finished this course, you will be able to choose the right cryptographic algorithms for your needs. This course will show the differences between encryption and hashing, and their correct uses.

The primary targets for this course are software developers and software designers; architects and test engineers may also benefit from its content.

Length: 39 minutes

This course provides a foundation for security penetration testing of products. It reviews the important penetration testing concepts, and shares insight into common elements of an attacker's mindset. It will also cover the use of test inputs against a target to achieve an attack against security safeguards.

The primary intended audience for this course is product validators.

Acknowledgements: SAFECode would like to thank Intel for donating the material that formed the basis for this course.

Length: 33 minutes

This is a 101-level course that provides a basic introduction to secure coding in Java. Viewers will be introduced to the most frequent attacks and pitfalls that a Java programmer may encounter, along with techniques to avoid them. It is designed to be a starting point for those new to Java security.

The primary intended audiences for this course are architects, developers, and testers who are not familiar or may be only slightly familiar with Java security. Development managers and people handling priorities and deferrals will also benefit from this material.

Acknowledgements: SAFECode would like to thank Adobe for donating the material that formed the basis for this course.

Length: 32 minutes

This course shows how to write more secure code in C and C++, and how to spot common mistakes during code reviews. It will review a few common myths about the security of certain practices in programming C and C++.

The primary audiences for this course are developers and anyone involved in activities like manual code audit or code peer review. It might also be useful to quality managers or others who make prioritization decisions about bug deferrals or security.

Length: 37 minutes

This course provides essential information about the security development lifecycle (SDL). You will learn about the process of SDL, its practices and how to apply them to your development method. By learning about SDL you will be able to improve your own development methods in order to better integrate security aspects with the goal of built in security. The primary audience for this course is software developers as well as software development leads. Other parties involved in the process of software development will benefit from it as well. Having an understanding of the SDL process, its concepts and practices, will improve your understanding of security and privacy in software development.

The "Quiz" versions of our courses require registration, so that course progress, quiz results and other course related items can be saved to the user’s profile. Please log in to take advantage of these benefits.

Length: 48 minutes

This course provides an introduction to the security concept of hardening. One of most important concepts in security overall, the training will provide information about what hardening means as well as which measures are commonly applied for hardening. While primarily targeted for systems administrators, this course also has benefit to software developers who can learn how hardening affects software applications and software design.

The "Quiz" versions of our courses require registration, so that course progress, quiz results and other course related items can be saved to the user’s profile. Please log in to take advantage of these benefits.

Length: 48 minutes

This course provides an introduction to the security concept of hardening. One of most important concepts in security overall, the training will provide information about what hardening means as well as which measures are commonly applied for hardening. While primarily targeted for systems administrators, this course also has benefit to software developers who can learn how hardening affects software applications and software design.

Length: 46 minutes

The goal of this course is to provide information about threat modeling. By the end of the course, you will be able to execute a basic threat model yourself. By understanding threats, risk and risk rankings you will also be able to interpret the results of an executed threat model.

The primary audience for the course is software developers, architects, and test engineers. Anyone involved in the software development process could benefit from it as well.