SANS Software Security Institute
SANS Software Security Institute
Home > Courses

Software Security Courses

Choose a subject from the menu above.

Web Applications

  • Web Application Security Workshop : Security 519

    From a mere 26 Web servers operating in November 1992 growing to well over 100 million Web sites today, we have come a long way in Web technology over a short period of time. Today, almost every organization has its own Web site for conducting business transactions or other critical functions. And for many companies, their online presence has... >>more

  • Web Application Pen Testing Hands-On Immersion : Security 538

    In the first half of 2008, five million Web sites have been compromised by automated SQL injection attacks. The goal of the hackers was to inject links to malicious content in order to infect the users of the Web application. The automated attacks do not show any sign of stopping and will likely visit your Web applications in the near future.... >>more

  • Web Application Penetration Testing In-Depth : Security 542

    Assess Your Web Apps in Depth Web applications are a major point of vulnerability in organizations today. Web app holes have resulted in the theft of millions of credit cards, major financial and reputational damage for hundreds of enterprises, and even the compromise of thousands of browsing machines that visited Web sites altered by attackers.... >>more

  • Intro to Web Application Security : Security 319

    From a mere 26 Web servers operating in November 1992 growing to well over 100 million Web sites today, we have come a long way in Web technology over a short period of time. Today, almost every organization has its own Web site for conducting business transactions or other critical functions. And for many companies, their online presence has... >>more

  • Web Application Security Essentials : Security 422

    Web Application Security Essentials is a three-day hands-on, action-packed course covering the defensive strategies for Web applications against current and future attacks. This course will help you understand the fundamental reasons behind the Web vulnerabilities which will then enable you to properly defend your organization's Web assets.... >>more

Secure Coding

  • Secure Coding in Java/JEE: Developing Defensible Applications : Security 541

    The Difference between Good and Great Programmers Great programmers have traditionally distinguished themselves by the elegance, effectiveness, and reliability of their code. That's still true, but elegance, effectiveness, and reliability have now been joined by security. Major financial institutions and government agencies have informed... >>more

  • Secure Coding for PCI Compliance : Security 536

    The audit procedure documents for PCI 1.1 tell the auditor that they should look for evidence that web application programmers in a PCI environment have had "training for secure coding techniques." The problem that many business are facing, however, is, "What is that and where can I get it?" This course packs a thorough explanation and... >>more

  • Defensible .NET : Security 616

    This course is a security course that just happens to talk about .NET. It does not just talk about .NET, though. You participate in .NET with plenty of hands-on labs taking you to the heights (and depths) of .NET enlightenment. .NET is an absolutely powerful player in the future of software applications and development. This course lets you... >>more

  • Exploiting Regular Expressions to Process Text : Security 651

    What are Regular Expressions? Regular Expressions, also known as RegEx, are a compact way of describing complex patterns in text. RegEx patterns can be used to find, replace, edit, and filter text in files and databases. As an IT professional you may already know some RegEx. If you're like most of us, you probably dread RegEx but you also know... >>more

  • AJAX and Web Services Security Overview : Security 426

    Asynchronous JavaScript and XML (AJAX) and Web Services are currently the most active areas in Web application development. Security issues continue to rise as organizations are diving head first into insecurely implementing new Web technologies without first understanding them. This one-day, hands-on course covers the security issues, mitigation... >>more

Audit

  • Java Quality Assurance, Security Testing and Auditing : Audit 428

    This course is designed to fully equip the risk manager, auditor, developer or security professional tasked to audit Java/J2EE web-based applications for security vulnerabilities. We will review security concerns regarding the deployment of Java applets for enterprise applications. We will discuss every stage of a Java security audit from... >>more

Management

  • Secure Web Services for Managers : Management 431

    The National Institute of Standards and Technology special publication 800-95 Secure Web Services is one of the best publications they have ever produced. It helps us understand the growth in both numbers and importance of web applications and how vulnerable they are. As they say themselves, "The advance of Web services technologies promises to... >>more

  • Security Policy & Awareness : Management 524

    This course is designed to offer an individual a comprehensive approach to understanding security awareness and developing security policy. Business needs change, the business environment changes, and critical systems are continually exposed to new and developing vulnerabilities. Security awareness training is an effective business strategy that... >>more

  • Software Security Awareness : Security 304

    This awareness course discusses design and implementation of software applications to reduce the risk from hackers and attacks. The concept is to engineer software so that it continues to function correctly under malicious attack. This course introduces defensive coding and tips to avoid creating problems or vulnerabilities. We also examine the... >>more

All Courses

  • Web Application Security Workshop : Security 519

    From a mere 26 Web servers operating in November 1992 growing to well over 100 million Web sites today, we have come a long way in Web technology over a short period of time. Today, almost every organization has its own Web site for conducting business transactions or other critical functions. And for many companies, their online presence has... >>more

  • Web Application Pen Testing Hands-On Immersion : Security 538

    In the first half of 2008, five million Web sites have been compromised by automated SQL injection attacks. The goal of the hackers was to inject links to malicious content in order to infect the users of the Web application. The automated attacks do not show any sign of stopping and will likely visit your Web applications in the near future.... >>more

  • Web Application Penetration Testing In-Depth : Security 542

    Assess Your Web Apps in Depth Web applications are a major point of vulnerability in organizations today. Web app holes have resulted in the theft of millions of credit cards, major financial and reputational damage for hundreds of enterprises, and even the compromise of thousands of browsing machines that visited Web sites altered by attackers.... >>more

  • Intro to Web Application Security : Security 319

    From a mere 26 Web servers operating in November 1992 growing to well over 100 million Web sites today, we have come a long way in Web technology over a short period of time. Today, almost every organization has its own Web site for conducting business transactions or other critical functions. And for many companies, their online presence has... >>more

  • Web Application Security Essentials : Security 422

    Web Application Security Essentials is a three-day hands-on, action-packed course covering the defensive strategies for Web applications against current and future attacks. This course will help you understand the fundamental reasons behind the Web vulnerabilities which will then enable you to properly defend your organization's Web assets.... >>more

  • Secure Coding in Java/JEE: Developing Defensible Applications : Security 541

    The Difference between Good and Great Programmers Great programmers have traditionally distinguished themselves by the elegance, effectiveness, and reliability of their code. That's still true, but elegance, effectiveness, and reliability have now been joined by security. Major financial institutions and government agencies have informed... >>more

  • Secure Coding for PCI Compliance : Security 536

    The audit procedure documents for PCI 1.1 tell the auditor that they should look for evidence that web application programmers in a PCI environment have had "training for secure coding techniques." The problem that many business are facing, however, is, "What is that and where can I get it?" This course packs a thorough explanation and... >>more

  • Defensible .NET : Security 616

    This course is a security course that just happens to talk about .NET. It does not just talk about .NET, though. You participate in .NET with plenty of hands-on labs taking you to the heights (and depths) of .NET enlightenment. .NET is an absolutely powerful player in the future of software applications and development. This course lets you... >>more

  • Exploiting Regular Expressions to Process Text : Security 651

    What are Regular Expressions? Regular Expressions, also known as RegEx, are a compact way of describing complex patterns in text. RegEx patterns can be used to find, replace, edit, and filter text in files and databases. As an IT professional you may already know some RegEx. If you're like most of us, you probably dread RegEx but you also know... >>more

  • AJAX and Web Services Security Overview : Security 426

    Asynchronous JavaScript and XML (AJAX) and Web Services are currently the most active areas in Web application development. Security issues continue to rise as organizations are diving head first into insecurely implementing new Web technologies without first understanding them. This one-day, hands-on course covers the security issues, mitigation... >>more

  • Java Quality Assurance, Security Testing and Auditing : Audit 428

    This course is designed to fully equip the risk manager, auditor, developer or security professional tasked to audit Java/J2EE web-based applications for security vulnerabilities. We will review security concerns regarding the deployment of Java applets for enterprise applications. We will discuss every stage of a Java security audit from... >>more

  • Secure Web Services for Managers : Management 431

    The National Institute of Standards and Technology special publication 800-95 Secure Web Services is one of the best publications they have ever produced. It helps us understand the growth in both numbers and importance of web applications and how vulnerable they are. As they say themselves, "The advance of Web services technologies promises to... >>more

  • Security Policy & Awareness : Management 524

    This course is designed to offer an individual a comprehensive approach to understanding security awareness and developing security policy. Business needs change, the business environment changes, and critical systems are continually exposed to new and developing vulnerabilities. Security awareness training is an effective business strategy that... >>more

  • Software Security Awareness : Security 304

    This awareness course discusses design and implementation of software applications to reduce the risk from hackers and attacks. The concept is to engineer software so that it continues to function correctly under malicious attack. This course introduces defensive coding and tips to avoid creating problems or vulnerabilities. We also examine the... >>more

Compliance

Coming Soon