TRAINING PROGRAMME



Certified Secure Application Professional (CSAP)

Everyday cybercriminals are looking for ways to penetrate the systems for their evil intentions. The recent rising trend of ransomware is also exploiting the unsecured systems to infect many other users or organizations. Therefore, the need for Malaysia to develop secure coding has become an important and urgent issue to protect organizations in Malaysia.

 

  1. Understand the basic concepts of secure coding
  2. Learn the Open Web Application Security Project (OWASP) and Common Weakness Enumeration (CWE) secure coding standards on security vulnerabilities
  3. Learn the detail of the Open Web Application Security Project (OWASP) Top Ten secure coding practices and examples of application source code security vulnerabilities
  4. To identify and to avoid the common coding mistakes
  5. To examine application source code vulnerabilities and demonstrate how the issues are exploited by attackers
  6. To ensure the participants have understand the course and apply the knowledge into software development

 

  1. Cyber Security Professionals
  2. Information Security officers/ ISMS Manager
  3. ICTSOs/CIOs/CISOs/CSOs/CTOs
  4. Security auditors, governance and compliance officers
  5. Application Developers, Software Engineers and Programmers


Session 1 : The Concept of Secure Coding

Session 2 : Introduction of Web Security and Secure Coding organizations

Session 3 : Classification of security flaws
 3.1 OWASP TOP 10
 3.2 CWE/SANS TOP 25
 3.3 Secure Coding Guide in South Korea

Session 4 : Configuration of test application for exercise

Session 5 : Software weakness
 5.1 SQL Injection

  1. Security Breach Examples
  2. SQL Injection Definition
  3. Exercise - How to test application for SQL Injection
  4. Exercise - How to write secure code

 5.2 Directory Path Traversal
  1. Security Breach Examples
  2. Directory Path Travesal Definition
  3. Exercise - How to test application for Directory Path Tranversal
  4. Exercise - How to write secure code

 5.3 Cross-Site Scripting (XSS)
  1. Security Breach Examples
  2. XSS Definition
  3. Exercise - How to test application for XSS
  4. Exercise - How to write secure code

 5.4 OS Command Injection
  1. Security Breach Examples
  2. OS Command Injection Definition
  3. Exercise - How to test application for OS Command Injection
  4. Exercise - How to write secure code

 5.5 URL Redirection to Untrusted Site
  1. Security Breach Examples
  2. URL Redirection to Untrusted Site Definition
  3. Exercise - How to test application for URL Redirection to Untrusted Site
  4. Exercise - How to write secure code

 5.6 Xpath Injection
  1. Security Breach Examples
  2. Xpath Injection Definition
  3. Exercise - How to test application for Xpath Injection
  4. Exercise - How to write secure code

 5.7 HTTP Response Splitting
  1. Security Breach Examples
  2. HTTP Response Splitting Definition
  3. Exercise - How to test application for HTTP Response Splitting
  4. Exercise - How to write secure code

 5.8 Reliance on Untrusted Inputs in a Security Decision
  1. Security Breach Examples
  2. Reliance on Untrusted Inputs in a Security Decision Definition
  3. Exercise - How to test application for Reliance on Untrusted Inputs in a Security Decision
  4. Exercise - How to write secure code

 5.9 Use of a Broken or Risky Cryptographic Algorithm
  1. Security Breach Examples
  2. Use of a Broken or Risky Cryptographic Algorithm
  3. Exercise - How to test application for Use of a Broken or Risky Cryptographic Algorithm
  4. Exercise - How to write secure cod

 5.10 Cleartext Transmission of Sensitive Information
  1. Security Breach Examples
  2. Cleartext Transmission of Sensitive Information Definition
  3. Exercise - How to test application for Cleartext Transmission of Sensitive Information
  4. Exercise - How to write secure code

 5.11 Cleartext Storage of Sensitive Information
  1. Security Breach Examples
  2. Cleartext Storage of Sensitive Information Definition
  3. Exercise - How to test application for Cleartext Storage of Sensitive Information
  4. Exercise - How to write secure code

 5.12 Hard-Coded Credentials
  1. Security Breach Examples
  2. Hard-Coded Credentials Definition
  3. Exercise - How to test application for Hard-Coded Credentials
  4. Exercise - How to write secure code

 5.13 Use of Hard-Coded Cryptographic Key
  1. Security Breach Examples
  2. Use of Hard-Coded Cryptographic Key Definition
  3. Exercise - How to test application for Use of Hard-Coded Cryptographic Key
  4. Exercise - How to write secure code

 5.14 Information Exposure Through Persistent Cookies
  1. Security Breach Examples
  2. Information Exposure Through Persistent Cookies Definition
  3. Exercise - How to test application for Information Exposure Through Persistent Cookies
  4. Exercise - How to write secure code

 5.15 Information Exposure Through Comments
  1. Security Breach Examples
  2. Information Exposure Through Comments Definition
  3. Exercise - How to test application for Information Exposure Through Comments
  4. Exercise - How to write secure code

 5.16 Error Handling
  1. Security Breach Examples
  2. Error Handling Definition
  3. Exercise - How to test application for Error Handling
  4. Exercise - How to write secure code

 5.17 Null Pointer Dereference
  1. Security Breach Examples
  2. Null Pointer Dereference Definition
  3. Exercise - How to test application for Null Pointer Dereference
  4. Exercise - How to write secure code

 5.18 Improper Resource Shutdown or Release
  1. Security Breach Examples
  2. Improper Resource Shutdown or Release Definition
  3. Exercise - How to test application for Improper Resource Shutdown or Release
  4. Exercise - How to write secure code

Mr. Cheng Wai Kok
Principal Consultant
K2 Baseline Sdn Bhd

Has 22 years of professional experience in the IT industry with more than 17 years of experience specialised in IT application and database security. He has held various IT executive positions in Malaysia, China, Philippines, Indonesia and Singapore. He holds the prestigious CISSP membership from the ISC2. With his extensive experience and knowledge in IT for banking and financial institutions including AmInvestment Bank, Hong Leong Bank, Affin Investment Bank, he has been granted the prestige membership by the Asian Institute of Chartered Bankers. Wai Kok is currently the Principal Consultant of K2 Baseline Sdn Bhd and helping the local and regional clients to address the security challenges, compliance requirements and technology risk in applications and databases.

Prior to joining K2 Baseline, Wai Kok was the Director of Operations of i-Sprint Innovations, a global Identity and Access Management software company which has successfully deployed the solutions in some of the global financial institutions.

He graduated from University of Teesside, United Kingdom with a Bachelor of Science with Honours in Computer Science in 1996. He continued at the University of South Australia, Australia to complete her Master of Business Administration in 1999. Wai Kok has also been certified by Charles Stuart University, Australia as a Certified Trainer.

Wai Kok has also many years of experience in providing IT training in various levels to many students, ranging from Diploma, Bachelor’s Degree to Master’s Degree. These institutes of higher learning including colleges and universities like Binary University, FTMS College, KDU University College and UCSI.

The CSAP examination is certified by the Global ACE Certification. The examination framework is designed to align with a set of relevant Knowledge, Skills and Attitudes (KSA) that are necessary for a Secure Application Professional. Candidates will be tested via a combination of either continual assessment (CA), multiple choice (MC), theory/underpinning knowledge assessment (UK), practical assessment (PA), assignments (AS) and case studies (CS) as required.

Candidates can take the examination at authorized examination centres in participating member countries. Candidates who have successfully passed the CSAP examination will be eligible to apply as an associate or professional member by fulfilling the membership criteria defined under the Global ACE Certification.

Click here to register for certified examination

 

  • 6 - 9 June 2023
  • 14 - 17 August 2023
  • 4 - 7 September 2023
  • 20 - 23 November 2023
*dates are tentative, unless specified

Training Fee: MYR5,040.00
Exam Fee: MYR1,255.80

(subject to 6% SST)

Please click here to register


Contact us to request for a quotation

24 CPD Point

Please submit the Certificate of Completion to Global ACE Certification at www.globalace.org

 

Have any inquiries? Check out the FAQ