“Lab exercises and lecture were well-blended.”—Tarun
Mandhania on a class evaluation form, December 4, 2002.
“Always made sure that all questions were
answered.”—Maria Outland on a class evaluation
form, April 12, 1991.
“Ken presented to the class an atmosphere that I found was
interesting, educational, and very
interactive.”—Casey Gleason on a class evaluation
form, April 12, 1991.
“Overall I found this tutorial very helpful as well as useful.
This opens up a whole range of opportunities for future
projects.”— Anonymous student on a class evaluation
form, July 2, 1991.
|
Kenneth is the lead courseware developer for security classes with SkillBridge.
We were one of the first companies to offer security classes, starting
in the late 1990s. Because Kenneth and his associates work in industry
on real problems, the classes are not just theoretical, but carry a
rea-lworld experience. The course materials regularly receive rave
reviews for their thoroughness; they are much more than just a printout
of a set of Powerpoint slides.
Class name |
Description |
Avoiding the CWE/SANS Top 25 Most Dangerous Programming Errors
Overview document
Class web page
|
The CWE/SANS Top 25 Most Dangerous Programming Errors list are the
most dangerous errors that programmers and system designers regularly
make. The OWASP Top 10 is a list of the top 10 security-related
errors that web application programmers regularly make. Companies
producing code that must meet SOX, HIPAA, PCI DSS, and/or other
security regulations or laws need programmers trained in avoiding
these errors. Companies producing code that they plan to sell will
soon be meeting customers demanding that they certify that the code is
free from these errors. In order to meet these demands, programmers
must understand the errors, how to avoid, and how to test for them.
GIAC offers certification for programmers who pass a knowledge test
on secure coding concepts; this class can be an important aid in a
student being ready to take the test.
The class has examples, specific information, and labs written
for C/C++, Java, and C#. Every chapter also has web and/or print
references for the student to follow to obtain more information.
|
Designing and Coding Secure Systems
Overview document
Class web page
|
This class covers secure coding and some design issues from a language
neutral approach---you can make mistakes such as poor input validation or
failing to use defense in depth in any language. The course stresses
how to avoid security problems through the proper implementation
of programs. This class makes heavy use of labs where the instructor
presents a case study and the students discuss how to apply the concepts
presented to the example under discussion; the example can also be a
system in which the students are involved.
This class is appropriate for students who are programmers; you cannot
code your way out of a bad design, and recognizing design flaws earlier
allows them to be fixed with fewer resources. This class is also
appropriate for program designers and system architects; they need to
understand how to design in security from the beginning.
|
Introduction to Secure Software Architecture
Overview document
Class web page
|
This course is designed to teach software architects the basics of how to
create secure software systems. The emphasis is how the organization,
features, and interfaces of an application influence its security.
General security principles and specific design strategies are discussed.
Case studies of successful and unsuccessful designs from the commercial
and open source world are presented.
|
Web Application Security
Overview document
Class web page
|
Web applications are essential to everything from embedded systems to
e-commerce systems. This class looks at the problems unique to the web
and shows how attackers target these systems, how easy the vulnerabilities
are to exploit, and how to solve these problems. Students will also
learn upcoming vulnerabilities in areas such as SOAP and XML use.
Most of the OWASP Top Ten are covered in this course, as well as other
security issues. The OWASP Top Ten not covered are covered in the
complementary courses (e.g., buffer overflows are in the C/C++ class).
This class complements the design and implementation courses, and should
not be considered a replacement for either.
This class is language-neutral.
|
Ethical Hacking
Overview document
Class web page
|
Attackers have at their disposal a large collection of tools that aid
their exploiting systems. If you plan to defend against attacks,
knowledge of these tools and the techniques behind their use is
imperative. This class covers vulnerabilities in systems, how attackers
locate these security holes, and how they can then exploit them to
achieve their goals. Additionally, the class covers defenses against the
attacker's tools and techniques. Labs in this course are of two types:
(1) Attacking a vulnerable system, and (2) preventing your classmates
from successfully attacking your system.
|
Security Testing
Overview document
Class web page
|
The threat that security breaches present to your products and ultimately
your customer base can be significant. This course is designed to
assist testers in updating their testing practices to include testing for
security. The goal of this effort is to reduce the number of identified
post-release security vulnerabilities.
Many tools exist to assist testers. However, more important is to
understand the testing techniques. This class uses the tools to teach
the techniques. While the students will learn about some of the
available tools, they are not the primary focus of the class.
|
Linux OS Security
Overview document
Class web page
|
This class is for students who want to learn how to configure systems
to be secure, test the security of systems, and/or and manage the system
more securely.
|
Secure Programming in C/C++
Overview document
Class web page
|
This class is for C and C++ programmers who want to write code with
fewer exploitable security bugs. The class focuses on the practice of
C coding and is applicable to all software development models
(e.g., agile development, the waterfall model, etc).
|
|