Security Training – C/C++ Secure Development, Threat Modeling and Cryptography

Registering more than 20 days in advance?

• Use Promo Code “EARLYBIRD” for an additional 50% off.

SysLogic’s Secure Software Development Training Program provides software developers and managers with the advanced skills and expertise they need to help protect their organizations and their customers from costly and devastating cybersecurity attacks. The courses within this program have been delivered to thousands of professionals at Fortune 500 companies around the world. SysLogic is excited to introduce this curriculum to all local businesses and software professionals. Whether you are a seasoned developer, new to the profession, or a university student, this program provides a wide range of software security topics to learn best practices for designing, implementing, and deploying secure software programs.

Agenda:

• 8:00am – 9:30am – Introduction to Secure Development (100)
• 9:45am – 11:45am – Secure Development in C/C++ (215)
• 11:45am – 12:30pm – Lunch (included with Full Day Tuition only)
• 12:30pm – 2:30pm – Application Treat Modeling (305)
• 2:45pm – 4:45pm – Cryptography Fundamentals for Developers (325)
• 4:45pm – 5:00pm – Wrap-up

See detailed course descriptions below.

Registration Options:

Registering more than 20 days in advance?

• Use Promo Code “EARLYBIRD” for an additional 50% off.

Registration is offered in four course combinations:

1. Full Day + Introduction Course (8:00 am – 5:00 pm, lunch included)
2. Full Day – Without Introduction Course (9:45 am – 5:00 pm, lunch included)
3. Half Day – Morning Courses Only (8:00 am – 11:45 am, no lunch)
4. Half Day – Afternoon Courses Only (12:30 pm – 5:00 pm, no lunch)

Additionally, there are three price tiers:

1. Professional Attendee
2. Professional Attendee – Quantity 5 or more discount
3. Student/Faculty/Staff Attendee – must have active .edu (non-alumni) e-mail address
   (Note: Student/Faculty/Staff registration is at no-cost, with only a small charge to cover administrative and catering expenses.)

Parking:

Free parking is adjacent to the graduate center.

About the Presenter:

Brice Williams is a Practice Lead with SysLogic and leads their Application Security Services with over 20 years of experience in software development and security best practices. His team provides modern cybersecurity guidance and support to global organizations that includes developer training, appsec tools, application pentesting, secure product design, and secure development lifecycle programs. Brice has developed and conducted cybersecurity training classes for thousands of software developers around the world, and focuses on improving the state of information security at the earliest stages of product development.

Detailed Course Descriptions:

100 – Introduction to Secure Development

This course is applicable to all software development team members and educates attendees on fundamental security concepts and techniques that can be applied to their projects. Attendees will gain a thorough understanding of the need and importance of developing secure products by examing modern attacks against various system types. Attendees will be introduced to the methodology behind a Secure Development Lifecycle (SDL), and the purpose of key cybersecurity activies including Threat Modeling, Static Analysis, Penetration Testing, and Software Security Requirements.

215 – Secure Development in C/C++

Software developers are expected to write code that is generally free of security vulnerabilities, yet most have not been given adequate knowledge to understand common cybersecurity concerns. This course presents an overview of security weaknesses and how to protect against them using modern C and C++ development techniques. This 2-hour session will cover the most common vulnerabilities in C/C++ development, and demonstrate detailed best practices for mitigating them using both standard language features and third-party libraries. After completing this course, you should be able to: understand the most common cybersecurity weaknesses in C/C++, understand what mitigation techniques to consider, understand how third-party libraries can assist in protecting software, and learn about the OWASP Top Ten Proactive Controls.

305 – Application Threat Modeling

Threat Modeling is a key practice for organizations wanting to design and develop secure applications as it helps to identify potential security vulnerabilities early in the process when they are less expensive to fix. This course walks through the Threat Modeling process step by step so that attendees understand the value of Threat Modeling and can build threat models for their own systems. After completing this course, you should be able to: understand what Threat Modeling is and when it is appropriate to use, understand how to use Threat Modeling in application design, develop Threat Model diagrams, perform threat analysis and offer appropriate mitigations.

325 – Cryptography Fundamentals for Developers

Writing secure software often involves use of cryptographic concepts such as encryption, hashing, and digital signatures. Unfortunately this is an area that is generally not well understood in the developer community and often results in subtle but dangerous weaknesses in applications. This course presents an overview of common cryptographic techniques in a manner that is designed to be easily consumable and directly actionable by the average developer. Strong math knowledge not needed. This class will focus on modern best practices, discuss relevant attacks, and review code examples using the popular Libsodium library. After completing this class you should: 1) be familiar with various cryptographic concepts and their purposes: hashing, random data, encryption, message authentication, digital signatures, key management, TLS/PKI, FIPS 140. 2) Gain confidence in using cryptography in a more secure manner. 3) Understand where pre-made solutions may be preferred over your own implementation.

FAQs

How can I contact the organizer with any questions?

Contact SysLogic’s Training Coordinator at (262)780-0380 or [email protected]

What’s the refund policy?

A full refund will be issued for cancellation up to 7 days prior to the training date.

Cancellation within 7 days of the training date (or after) will be eligible for a registration transfer to another named individual or to a future class (see below).

Is my registration fee or ticket transferrable?

Yes, registration may be transferred to another named individual, or to a future class within 3 months of the initial registration. Contact SysLogic’s Training Coordinator at [email protected] to request a transfer.

Will attendees receive a certificate and evidence of training hours?

Yes, all attendees will receive a printed certificate and an accounting of the number of training hours attended. This may be submitted by the attendee for any relevant certification or continuing education purpose. Please contact SysLogic’s Training Coordinator (contact information above) with any questions or special requests with respect to CEH, CLE, CPE, or other documentation.

REGISTER HERE!