Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Module 1: Introduction to Software Security in the Software Development Life Cycle (Secure SDLC)
• Principles of Secure SDLC
• Relationship with ISO 27001 and PCI DSS (Req. 6)
• Roles and responsibilities in security management
• Security from design to production
Module 2: Software Security by Function and Languages
• Specific risks in financial environments
• Common vulnerabilities in Java/Spring Boot
• Security risks in PL/SQL and databases
• Designing secure software
• Layer separation
• Dependency control
• Principle of least privilege
• Secure coding techniques
• Input validation
• Secure error and exception handling
• Proper use of encryption
Module 3: The 3 A's – Authentication, Authorization, and Approval
• Concepts and differences
• Secure implementation in transactional environments
• Use of mTLS
• OAuth2, JWT, JWE, and JWS
• Pros and cons of each approach in financial ecosystems
Module 4: Cryptography and Key Management
• Basic principles of applied cryptography
• Encryption standards
• AES (GCM vs CBC)
• Secure key management
• Rotation
• Storage
• Protection at rest and in transit
• Common errors and how to avoid them
Module 5: OWASP Top 10 and OWASP API Security Top 10
• Introduction to the expanded OWASP approach
• Injection:
• SQL
• LDAP
• XPath
• XSS and CSRF
• Broken access control
• Broken authentication
• Specific risks in APIs:
• BOLA
• Excessive data exposure
• SSRF
• Applied examples to APIs and microservices
Module 6: Security Incident Management
• Basic incident response cycle
• Detection
• Containment
• Recovery
• Reporting
• Use of logs and traceability
• Monitoring in APIs and microservices
• Lessons learned and continuous improvement
Module 7: PCI DSS and ISO 27001 Compliance from Development
• Impact of secure development on certifications
• Required evidence:
• Security testing
• Vulnerability analysis
• Change control
• Relationship between development, audits, and compliance
Module 8: Security Testing Tools
• Introduction to:
• SAST
• DAST
• SCA
• Use of tools:
• OWASP ZAP
• SonarQube
• OWASP Dependency-Check
• Integration of security in CI/CD pipelines
• Best practices for production environments
Requirements
Requirements
• Basic knowledge of software development
• Previous experience in at least one of the following: Java, PL/SQL, APIs, or transactional systems
• Advanced security knowledge is not required
Target Audience
• Software developers
• Software architects
• Integration and API engineers
• Development teams in financial environments
• Technical personnel involved in Secure SDLC and regulatory compliance
14 Hours
Testimonials (5)
Multiple examples for each module and great knowledge of the trainer.
Sebastian - BRD
Course - Secure Developer Java (Inc OWASP)
Module3 Applications Attacks and Exploits, XSS, SQL injection Module4 Servers Attacks and Exploits, DOS, BOF
Tshifhiwa - Vodacom
Course - How to Write Secure Code
Real-life examples.
Kristoffer Opdahl - Buypass AS
Course - Web Security with the OWASP Testing Framework
The trainer's subject knowledge was excellent, and the way the sessions were set out so that the audience could follow along with the demonstrations really helped to cement that knowledge, compared to just sitting and listening.
Jack Allan - RSM UK Management Ltd.
Course - Secure Developer .NET (Inc OWASP)
Piotr was very knowledgeable and related security issues to real world examples very well. His preparation was brilliant.
