Training syllabus:

Part ø. introduction

  •  input
  •  output
  •  deliverables

 Part I. automated security code review

  •  signature-based detection
  •  automated data flow analysis
  •  runtime dynamic analysis
  •  third-party dependencies

 Part II. manual security code review

  •  security code review features
  • methodology overview
    •  preliminary manual scan
    • code review
      •  decomposing the application
      •  trust levels; high trust
      •  trust levels; medium trust
      •  trust levels; low trust
      •  threat modeling; data flow analysis
      •  hotspots
    •  final analysis

 Part III. SDLC integration

  •  development stage
  •  verification stage

 Part IV. conclusions