Training syllabus:

Part ø. introduction

•  input
•  output
•  deliverables

 Part I. automated security code review

•  signature-based detection
•  automated data flow analysis
•  runtime dynamic analysis
•  third-party dependencies

 Part II. manual security code review

•  security code review features
• methodology overview
  •  preliminary manual scan
  • code review
    •  decomposing the application
    •  trust levels; high trust
    •  trust levels; medium trust
    •  trust levels; low trust
    •  threat modeling; data flow analysis
    •  hotspots
  •  final analysis

 Part III. SDLC integration

•  development stage
•  verification stage

 Part IV. conclusions