| Experience required for the Job: 10 - 30 years Apply Now Reply
Dear DotNet Jobs,
We are looking for a Facilitator / Subject Matter Expert â€" who shall be able to execute for the training session of one of our clients for Secure Coding in C/C++, Java and .Net.
Please let us know which all technology training you can take it up.
Please find below the Course details.
Each Training program duration is around 2 days.
Training is in Noida.
No. of candidates will be around 4 to 5.
1. Course Outline: .NET
1. Introduction
 Web Application Environment and Components
 General Web Application Security Concepts
 .NET Framework Security Features
2. Input Validation & Encoding
 Password Security
 Session Hijacking & Trapping
 Protecting User Sessions & Tokens
 Canonicalization Problems
 Parameter Manipulation
3. Encryption, Confidentiality & Data Protection
 Cookie-Based Attacks
 Protecting Application Variables
 Cache Control Issues
 SSL Best Practices
 Protecting Usernames, Passwords and Personally Identifiable Information
 Common Cryptography Pitfalls
4. Data Access
 Secure Database Programming
 Database Permissions Best Practices
info@multisoftsystems.com www.multisoftsystems.com (+91) 9810306956
 Parameterized Queries
 Common Stored Procedure Flaws
5. Error Handling & Logging
 Attacking via Error Messages
 Secure Logging & Error Handling
 Input Driven Attacks
 Validation Best Practices
 Output Encoding
6. Authentication, Authorization & Session Management
 Common Authentication Weaknesses
 Authorization Best Practices
 Controlling Application Access
7. Server Configuration & Code Management
 Common Web & App Server Mis-Configurations
 Common Database Server Mis-Configurations
 Protecting Application Code
8. XML Web Services
 Overview of WSDL, SOAP & AJAX
 Web Service Attacks
 AJAX Pitfalls
 Web Service Best Practices
9. Application Threat Modeling
 Threat Modeling Concepts
 Application Context
 Identifying Attacks, Vulnerabilities & Countermeasures
 Threat Modeling Tools
10. Practical Security Testing Techniques for Developers
 Useful Web Application Assessment Tools
 Determining the Severity of Vulnerabilities
 Dealing with Time Constraints
2. Program Content Outline : C and C++
DAY 1
1. IT security and secure coding
 Nature of security
 IT security related terms
 Definition of risk
 IT security vs. secure coding
 From vulnerabilities to botnets and cyber crime
 Nature of security flaws --- Reasons of difficulty --- From an infected
computer to targeted attacks
 Classification of security flaws
info@multisoftsystems.com www.multisoftsystems.com (+91) 9810306956
2. Security relevant C/C++ programming bugs and flaws
 Exploitable security flaws
 Protection principles
 --- Specific protection methods --- Protection methods at different
layers --
 x86 machine code, memory layout, stack operations
3. Principles of security and secure coding
All modules with Practicals and Hands on Session
DAY 2
4. Buffer Overflow
 Stack overflow
 Heap overflow
5. Common Coding Errors & Vulnerabilities
 Input validation
 Improper error and exception handling
 Time and state problems
 Code quality problems
6. Complete Revision and Doubts / Query resolution Session
3. Program Content Outline : Java
Topics
ï‚· Web Application Attacks
ï‚· Cross-Site Scripting (XSS)
ï‚· Cross-Site Request Forgery (CSRF)
ï‚· SQL Injection
ï‚· HTTP Response Splitting
ï‚· Parameter Manipulation
ï‚· Directory Traversal
ï‚· Web Application Proxies
ï‚· Validation Concerns
ï‚· Character Encoding
ï‚· Input Validation
ï‚· Output Encoding
ï‚· Blacklisting and Whitelisting
ï‚· Validation Techniques
ï‚· Regular Expressions
ï‚· Servlet Filters
ï‚· Output Encoding
ï‚· Content Security Policy
ï‚· Prepared Statements
ï‚· CSRF Defense DEV541.2:
Please share, 1. your updated profile highlighting your expertise and your projects related to this technology,
2. Day-wise agenda and
3. Lab requirements ( Hardware/Software Requirement).
For any further concerns or communication Kindly feel free to touch base on the following contact details.
Thanks & Regards
Kumari Shikha
HR- Talent Acquisition
8130778887/9711458756
MULTISOFT SYSTEMS
B - 125, Sector 2,
Noida - 201301, UP, INDIA
You are receiving this e-mail because your profile contained one or more of the following words that the recruiter searched on: " " Java" ", " " .Net" ", " " dotnet" ", " " C++" ", " " code" ", " " review" ", " " Secure" "
| Is this job relevant to you? Yes No |
| | Your feedback would help us in sending you the most relevant job opportunities | | | Disclaimer: The sender of this email is registered with naukri.com as Multisoft Systems Technology Consultancy Pvt Ltd ( shivali@multisoftvirtualacademy.com, B-125, Sector-2, Uttar Pradesh - 201301) using Naukri.com services. The responsibility of checking the authenticity of offers/correspondence lies with you. If you consider the content of this email inappropriate or spam, you may: Forward this email to: compliance@naukri.com or you can Block this Company from searching your resume in the database. Please Note: This mail is a private message from the recruiter. We have enabled auto login for your convenience, you are strongly advised not to forward this email to protect your account from unauthorized access. Advisory: Please do not pay any money to anyone who promises to find you a job. This could be in the form of a registration fee or document processing fee or visa charges or any other pretext. The money could be asked for upfront or it could be asked after trust has been built after some correspondence has been exchanged. Also please note that in case you get a job offer or a letter of intent without having been through an interview process it is probably a scam and you should contact compliance@naukri.com for advise. |
|
