This course explores on the application of secure software development life cycle framework focusing in PHP programming specifically in developing, testing, managing, or securing PHP based applications. Participants will be able to identify possible security issues, perform code reviews, and review application logs.

 

1. To define the framework of Secure Software Development Life Cycle (SSDLC).
2. To identify application security component required in each phase of Software Development Life Cycle (SDLC), Requirement, Design, Development, Testing, Deployment and Maintenance.
3. To conduct the hands-on for threat modelling and the interpretations of the result.
4. To conduct hands-on for PHP source code review to ensure that methodologies are covered, and recommended solutions are implemented based on industry’s best practice.
5. To conduct hands-on for application development self-validation.
6. To define the secure deployment mechanisms, process that includes using relevant tools, standard or best practices (e.g. OWASP, CWE, CIS, & etc).
7. To determine countermeasures and mitigations against potential exploitations of application frameworks and software vulnerabilities based on threat modelling results.
8. To identify and plan the application patches or the extent of releases that are compatible to the application to sustain application’s integrity and availability.

Developer, security architects, software engineer/designer.

Module 1: The need for S.S.D.L.C

1. The concept of Secure Software Development Life Cycle (S.S.D.L.C)
2. Software Development Life Cycle (SDLC) as of today and its frameworks
3. The difference between SDLC and S.S.D.L.C
4. The phases of S.S.D.L.C and security activities
5. Run PoC
6. The concept of Web Application Vulnerabilities (OWASP Top 10 vs. ASVS)

Module 2: Security Requirement & Design

1. The Concept of Security Requirement
2. Define Security Requirement
3. Use Case: Misuse Case & Security Use Case
4. Tools & Hands-on Exercises
5. Concept of Secure Design
6. Common Security Activities in Secure Design (Design Principles, Architecture Review, Threat Modelling)
7. Tools & Hands-on Exercises

Module 3: Securing the PHP Source Code

1. Secure Coding Implementation based on OWASP Top 10 and ASVS v4.0
2. Tools & Hands-on Exercises based on
   • A1: Injection
   • A2: Broken Authentication
   • A3: Sensitive Data Exposure
   • A4: XML External Entities (XXE)
   • A5: Broken Access Control
   • A6: Security Misconfiguration
   • A7: Cross-Site Scripting (XSS)
   • A8: Insecure Deserialization
   • A9: Using Components with Known Vulnerabilities
   • A10: Insufficient Logging & Monitoring

Module 4: Self-Secure Validation

1. Testing Framework
2. Identified Attack Vectors
3. Security Testing Component
4. Self-Secure Validation Test
5. Tools & Hands-on Exercises based on
   • A1: Injection
   • A2: Broken Authentication
   • A3: Sensitive Data Exposure
   • A4: XML External Entities (XXE)
   • A5: Broken Access Control
   • A6: Security Misconfiguration
   • A7: Cross-Site Scripting (XSS)
   • A8: Insecure Deserialization
   • A9: Using Components with Known Vulnerabilities
   • A10: Insufficient Logging & Monitoring

The CSWAD examination is certified by the Global ACE Certification. The examination framework is designed to align with a set of relevant Knowledge, Skills and Attitudes (KSA) that are necessary for a Secure Application Professional. Candidates will be tested via a combination of either continual assessment (CA), multiple choice (MC), theory/underpinning knowledge assessment (UK), practical assessment (PA), assignments (AS) and case studies (CS) as required.

Candidates can take the examination at authorized examination centres in participating member countries. Candidates who have successfully passed the CSWAD examination will be eligible to apply as an associate or professional member by fulfilling the membership criteria defined under the Global ACE Certification.

Click here to register for certified examination

 

• 13 - 15 February 2023
• 12 - 14 June 2023
• 25 - 27 July 2023

*dates are tentative, unless specified

 

Training Fee: MYR3,780.00
Exam Fee: MYR1,255.80
(subject to 6% SST)

Please click here to register

Contact us to request for a quotation

18 CPD Point

Please submit the Certificate of Completion to Global ACE Certification at www.globalace.org

Click here to download brochure