Maxtrain.com - info@maxtrain.com - 513-322-8888 - 866-595-6863
Information Assurance (STIG) Overview
Description
Information Assurance (STIG) Overview Introduction
The “Information Assurance (STIG) Overview” course offers a detailed exploration into the dynamic world of cybersecurity, focusing on Security Technical Implementation Guides (STIGs). Over two days, IT professionals, developers, project managers, and testing personnel will delve into advanced security practices and the application of STIGs to enhance web application protection. This course provides a practical approach to understanding the nuances of cybersecurity through real-world case studies, bug bounty programs, and ethical hacking insights.
Participants will start with a foundational understanding of the DISA’s STIGs, learning to navigate the ethical considerations in cybersecurity, such as privacy respect and common pitfalls in bug hunting. The course progresses to tackle complex security challenges like authentication errors, SQL injections, and cryptographic weaknesses, equipping attendees with the skills to conduct thorough security walkthroughs and apply robust protection strategies to their projects.
The curriculum is designed to reinforce secure development life cycles, asset analysis, and design review methodologies, ensuring participants can build resilient security frameworks within their organizations. Attendees will emerge from this course with a deeper comprehension of application security, ready to implement cutting-edge defenses against evolving cyber threats.
Information Assurance (STIG) Overview Course Objectives
Working in an interactive learning environment, guided by our application security expert, you’ll explore:
- The concepts and terminology behind defensive coding
- Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets
- The entire spectrum of threats and attacks that take place against software applications in today’s world
- The role that static code reviews and dynamic application testing play in uncovering vulnerabilities in applications
- The vulnerabilities of programming languages as well as how to harden installations
- The basics of Cryptography and Encryption and where they fit in the overall security picture
- The requirements and best practices for program management as specified in the STIGs
- The processes and measures associated with the Secure Software Development (SSD)
- The basics of security testing and planning
Prerequisites
While specific prerequisites may vary depending on the course provider and the targeted audience, a general set of prerequisites for attending a course on Information Assurance and STIGs could include:
- Basic understanding of information security concepts and terminology.
- Familiarity with web application architecture and development.
- Knowledge of networking and web protocols (e.g., HTTP, HTTPS, TCP/IP).
- Experience with programming languages commonly used in web application development, such as JavaScript, Python, Java, or C# would be helpful but not required, as this is not a hands-on class.
- A general understanding of operating systems, databases, and web servers.
Audience
Information Assurance (STIG) Overview Outline
DISA’s Security Technical Implementation Guides (STIGs)
- The motivations behind STIGs
- Requirements for software development roles
- Implementing STIG requirements and guidelines
- Lab: Exploring the STIG Viewer
Why Hunt Bugs?
- The Language of Cybersecurity
- The Changing Cybersecurity Landscape
- AppSec Dissection of SolarWinds
- The Human Perimeter
- Interpreting the 2021 Verizon Data Breach Investigation Report
- First Axiom in Web Application Security Analysis
- First Axiom in Addressing ALL Security Concerns
- Lab: Case Study in Failure
Foundation for Securing Web Applications
- Identification and Authentication Failures
- Applicable STIGs
- Quality and Protection of Authentication Data
- Proper hashing of passwords
- Handling Passwords on Server Side
- Session Management
- HttpOnly and Security Headers
- Lab: STIG Walk-Throughs
Injection
- Applicable STIGs
- Injection Flaws
- SQL Injection Attacks Evolve
- Drill Down on Stored Procedures
- Other Forms of Server-Side Injection
- Client-side Injection: XSS
- Best Practices for Untrusted Data
- Lab: STIG Walk-Throughs
Database Security
- Design and Configuration
- Identification and Authentication
- Computing Environment
- Database Auditing
- Boundary Defenses
- Continuity of Service
- Vulnerability and Incident Management
- Lab: STIG Walk-Throughs
Moving Forward
- Applications: What Next?
- Common Vulnerabilities and Exposures
- CWE/SANS Top 25 Most Dangerous SW Errors
- Strength Training for Project Teams/Developers and IT Organizations
Cryptographic Failures
- Applicable STIGs
- Identifying Protection Needs
- Evolving Privacy Considerations
- Options for Protecting Data
- Transport/Message Level Security
- Weak Cryptographic Processing
- Keys and Key Management
- Threats of Quantum Computing
- Steal Now, Crack Later Threat
- Lab: STIG Walk-Throughs
Moving Forward with Application Security
- Application Security and Development Checklists
- Checklist Overview, Conventions, and Best Practices
- Leveraging Common AppSec Practices and Control
- Actionable Application Security
- Additional Tools for the Toolbox
- Strength Training for Project Teams/Developers and IT Organizations
- Lab: Recent Incidents
Time Permitting: Secure Development Lifecycle (SDL)
- Principles of Information Security
- Security Is a Lifecycle Issue
- Minimize Attack Surface Area
- Layers of Defense: Tenacious D
- Compartmentalize
- Consider All Application States
- Do NOT Trust the Untrusted
- Lab: Risk Escalators
$1995.00
|
2 Days Course |