Security awareness

Security code review training

The secure coding training is designed for 2 hours (including Q&A) and adapted to the specific technology stack of the customer.

Training syllabus:

Part ΓΈ. introduction

  •  input
  •  output
  •  deliverables

 Part I. automated security code review

  •  signature-based detection
  •  automated data flow analysis
  •  runtime dynamic analysis
  •  third-party dependencies

 Part II. manual security code review

  •  security code review features
  •  methodology overview
    •  preliminary manual scan
    •  code review
      •  decomposing the application
      •  trust levels; high trust
      •  trust levels; medium trust
      •  trust levels; low trust
      •  threat modeling; data flow analysis
      •  hotspots
    •  final analysis

 Part III. SDLC integration

  •  development stage
  •  verification stage

 Part IV. conclusions

Post navigation