Ec-Council Certified Secure Programmer (ECSP) Eğitimi

Daha güvenli ve kontrol edilebilir yazılım geliştirmek için gereken mantığı ve pratik bilgiyi aktaran, uygulamalı bir eğitimdir. EC-Council Certified Secure Programmer .NET (ECSP .NET) eğitimi güvenli uygulamalar ve web uygulamaları kodlayan, geliştiren uygulama geliştiriciler için düzenlenmektedir.

Daha güvenli ve kontrol edilebilir yazılım geliştirmek için gereken mantığı ve pratik bilgiyi aktaran, uygulamalı bir eğitimdir. EC-Council Certified Secure Programmer .NET (ECSP .NET) eğitimi güvenli uygulamalar ve web uygulamaları kodlayan, geliştiren uygulama geliştiriciler için düzenlenmektedir.

EC-Council Certified Secure Programmer .NET (ECSP .NET) eğitimi ürün ve uygulamaların kalitesini arttırmak ve güvenlik açıklarının tespiti ile uygulama geliştirme yaşam döngüsüne güvenlik önlemlerinin dahil edilmesine yöneliktir. .Net neredeyse tüm firmalarda web uygulama geliştirmede kullanılmaktadır.

Ec-Council Certified Secure Programmer (ECSP) Eğitimi

CEH eğitimi, öğrencilere hacking araçlarını ve teknolojilerini gösterirken, ECSA bir adım öteye geçerek bu araçlar ve teknolojilerden elde edilen sonucun nasıl analiz edildiğini ortaya çıkartmaktadır. Test etme metotları ve teknikler ışığında, ECSA sınıfı katılımcılarına, altyapı güvenliği risklerini etkili olarak tanımak ve hafifletmek üzere yoğun değerlendirmelerde yardımcı olur.  ESCP eğitiminde ise daha güvenli ve kontrol edilebilir yazılım geliştirmek için gereken mantığı ve pratik bilgiyi aktaran, uygulamalı bir eğitim olarak karşımıza gelmektedir.

Pentest uzmanı yetiştirme amaçlı Ec-Council tarafından geliştirilen eğitim Türkçe olarak anlatılmaktadır. BGA Bilgi Güvenliği AKADEMİSİ, Türkiye’deki EC-Council onaylı ve resmi akredite kurumdur. Aynı zamanda EC-Council CEH, LPT, ECSP, ESCA ve benzeri eğitimleri yapmaya yetkili eğitim merkezidir.

Eğitim konuları aşağıdaki bölümde belirtilmiştir. Sınav ve eğitim ücretleri ile detaylı bilgi için egitim@bga.com.tr adresimiz ile iletişime geçebilirsiniz.

Eğitim takvimini inceleyerek eğitim programınızı oluşturun!
Eğitimlerden haberdar olmak için e-posta listesimize üye olmayı unutmayın.

Ec-Council Certified Secure Programmer (ECSP) Eğitimi İçeriği

Eğitim içeriklerini görmek için başlıklara tıklayınız

  • Software Security Scenario
  • Secure Coding
  • Common Security Mistakes
  • Why Security Mistakes Are Made
  • Need for Secure Programming
  • Building Blocks of Software Security
  • Types of Security Vulnerabilities
  • Vulnerability Cycle
  • Types of Attacks
  • Hackers and Crackers or Attackers
  • Risk Assessment and Threat Modeling
  • STRIDE Threat Model
  • Common Criteria
  • Security Architecture
  • Security Principles
  • Secure Development Checklists:
  • Use of Privilege
  • Data, Configuration, and Temporary Files
  • Network Port Use
  • Audit Logs
  • User-Server Authentication
  • Summary
  • Introduction
  • Secure Architecture
  • Application Security
  • Factors Affecting Application Security
  • Software Engineering and System Development Life Cycle (SDLC)
  • Different Phases of Software Development Life Cycle
  • System Requirements
  • Specifications
  • Design
  • Coding
  • Testing
  • Integration Testing
  • Maintenance
  • Software Methodology Models:
  • Waterfall Model
  • RAD (Rapid Application Development)
  • JAD (Joint Application Development)
  • Fountain Model
  • Spiral Model
  • Build and Fix
  • Synchronize-and-Stabilize
  • Agile Methodologies
  • Extreme Programming (XP)
  • XP Practices
  • The Rules and Practices of Extreme Programming
  • Unified Modeling Language (UML)
  • Primary Goals
  • Diagram
  • UML Tool
  • Rational Rose
  • Vulnerabilities and Other Security Issues in a Software Application
  • Security Through Obscurity
  • Buffer Overflows
  • Format String Vulnerabilities/ Race Conditions
  • Locking Problems
  • Exception Handling
  • Fundamentals of Control Granularity
  • Concepts Of Fail Safe Design Strategies
  • Fail Safe Design Strategies:
  • Fault Tolerance and Detection
  • Fault Removal and Avoidance
  • Input and Parameter Validation
  • Encrypting Secrets in Memory and Storage
  • Scrubbing Information
  • Privilege Levels for Information Access
  • Loose Coupling
  • High Cohesion
  • Change Management and Version Control
  • Best Practices for Software Development Projects
  • Summary
  • Introduction to Cryptography
  • Encryption
  • Decryption
  • Use of Cryptography
  • Classical Cryptographic Techniques
  • Modern Cryptographic Techniques
  • Cipher
  • RSA (Rivest Shamir Adleman)
  • Example of RSA Algorithm
  • RSA Attacks
  • Implementation of RSA in C++
  • Data Encryption Standard (DES)
  • DES Overview
  • Implementation of DES in Java
  • RC4, RC5, RC6, Blowfish
  • RC5
  • Blowfish Algorithm in C
  • Message Digest Functions
  • One-way Bash Functions
  • MD5
  • Implementation of MD5 in Java
  • SHA (Secure Hash Algorithm)
  • SHA Implementation in Java
  • SSL (Secure Sockets Layer)
  • What is SSH?
  • SSH (Secure Shell)
  • Algorithms and Security
  • Disk Encryption
  • Government Access to Keys (GAK)
  • Digital Signature
  • Components of a Digital Signature
  • Method of Digital Signature Technology
  • Use of Digital Signature
  • Digital Signature Standard
  • Digital Signature Algorithm: Signature Generation/Verification
  • Digital Signature Algorithms: ECDSA, ElGamal Signature Scheme
  • Challenges and Opportunities
  • Digital Certificates
  • Creating and Verifying a Simple XML Digital Signature in C#
  • Cleversafe Grid Builder http://www.cleversafe.com/
  • PGP (Pretty Good Privacy)
  • CypherCalc
  • Command Line Scriptor
  • CryptoHeaven
  • Cryptanalysis
  • Cryptography Attacks
  • Brute-Force Attack
  • Use Of Cryptography
  • Summary
  • Buffer Overflows
  • Reasons for Buffer Overflow Attacks
  • Why are Programs/Applications Vulnerable?
  • Understanding Stacks
  • Understanding Heaps
  • Types of Buffer Overflows: Stack-based Buffer Overflow
  • A Simple Uncontrolled Overflow of the Stack
  • Stack Based Buffer Overflows
  • Types of Buffer Overflows: Heap-based Buffer Overflow
  • Heap Memory Buffer Overflow Bug
  • Heap-based Buffer Overflow
  • How to Detect Buffer Overflows in a Program
  • Attacking a Real Program
  • Defense Against Buffer Overflows
  • Tool to Defend Buffer Overflow: Return Address Defender (RAD)
  • Tool to Defend Buffer Overflow: StackGuard
  • Tool to Defend Buffer Overflow: Immunix System
  • Vulnerability Search – ICAT
  • Valgrind
  • Insure++
  • Insure++: Features
  • Buffer Overflow Protection Solution: Libsafe
  • Comparing Functions of libc and Libsafe
  • Simple Buffer Overflow in C
  • Code Analysis
  • Summary
  • Introduction of C/C++
  • Vulnerable C/C++ Functions
  • Strcpy()
  • Strncat()
  • Strncpy()
  • Sprintf()
  • Gets()
  • C/C++ Vulnerabilities:
  • Buffer Overflow
  • Strings
  • Countermeasures
  • Integer Vulnerabilities
  • Truncation
  • Sign Error
  • Countermeasures
  • Pointer Subterfuge
  • Dynamic Memory Management
  • Stack Smashing
  • GCC Extension to Protect Stack-Smashing Attacks
  • Heap-Based Buffer Overflow
  • Off By One/Five Errors
  • Double Free Vulnerability
  • Secure Memory Allocation Tips
  • Symmetric Encryption
  • Symmetric Encryption in C++
  • Blowfish Algorithm in C
  • Public Key Cryptography
  • Public Key Cryptography in C++
  • Networking
  • Creating an SSL Client in C++
  • Creating an SSL Server
  • Random Number Generation Problem
  • Anti-Tampering
  • Anti-Tampering Techniques
  • Erasing Data from Memory Securely using C/C++
  • Preventing Memory From Being Paged to Disk
  • Using Variable Arguments Properly
  • Signal Handling
  • Encapsulation in C++
  • Best Practices for Input Validation
  • Code Profiling And Memory Debugging Tool: Val grind
  • Summary
  • Introduction to Java
  • JVM
  • Java Security
  • Sandbox Model
  • Security Issues with Java
  • SQL Injection Attack
  • SQL Injection using UNION
  • Preventive Measures for SQL Injection
  • URL Tampering
  • Denial-of-Service (DoS) Attack on Applet
  • Sample Code for DoS Attack
  • DoS by Opening Untrusted Windows
  • Preventing DOS Attacks
  • .Class File Format
  • Byte Code Attack
  • Reverse Engineering/ Decompilation by Mocha
  • Obfuscation Tools: Jmangle
  • Cinnabar Canner
  • Byte Code Verifier
  • Class Loader
  • Building a SimpleClassLoader
  • Security Manager
  • jarsigner – JAR Signing and Verification Tool
  • Signing an Applet Using RSA-Signed Certificates
  • Signing Tools
  • Getting RSA Certificates
  • Bundling Java Applets as JAR Files
  • Signing Java Applets Using Jarsigner
  • Signing Java Applets Using Netscape Signing Tool
  • Security Extensions
  • Java Authentication and Authorization Service (JAAS)
  • Java Cryptographic Extension (JCE)
  • Java Cryptography Architecture
  • JCE: Pseudo Code for Encryption
  • JCE: Pseudo Code for Decryption
  • Sample Code for Encryption and Decryption
  • Java(TM) Secure Socket Extension (JSSE)
  • Creating Secure Client Sockets
  • Creating Secure Server Sockets
  • Choosing the Cipher Suites
  • Java GSS Security
  • Code for GSS Server
  • Code for GSS Client
  • Problem of Untrusted User Input
  • Security From Untrusted User Input
  • Cross Site Scripting
  • Overcoming Cross Site Scripting Problem
  • Permissions in Java
  • How to create new types of permissions?
  • Security Policy
  • Specifying an additional Policy File at runtime
  • Policy Tool
  • Policy Tool: Creating a new Policy File
  • Best practices for developing secure Java Code
  • Summary
  • Script: Introduction
  • JavaScript Vulnerability
  • Cross-Site Scripting (XSS)
  • How to Avoid XSS?
  • JavaScript Hijacking
  • Defending Against JavaScript Hijacking
  • Decline Malicious Requests
  • Prevent Direct Execution of the JavaScript Response
  • Malicious Script Embedded in Client Web Requests
  • Malicious Script Embedded in Client Web Requests: Impacts
  • Malicious Script Embedded in Client Web Requests: Solution
  • Tool: Thicket Obfuscator for JavaScript
  • JavaScript Security in Mozilla
  • JavaScript Security in Mozilla: Same Origin Policy
  • Same Origin Check
  • JavaScript Security in Mozilla: Signed Script Policy
  • Netscape’s SignTool
  • Netscape’s SignTool: Signing a File
  • Privileges
  • Tool for Encryption: TagsLock Pro
  • JavaScript Shell (Jash): Javascript Command-Line Debugging Tool
  • Tool: Script Encoder
  • Tool: Scrambler
  • VBScript: CryptoAPI Tools
  • Signing A Script (Windows Script Host )
  • Verifying a Script
  • Signature Verification Policy
  • Software Restriction Policies for Windows XP
  • Step-by-Step Guide for Designing a Software Restriction Policy
  • Step-by-Step Guide for Creating Additional Rules
  • Rule for Blocking Malicious Scripts
  • Summary
  • ASP- Introduction
  • ASP Design Problems
  • Improving ASP Design
  • Using Server-Side Includes
  • Using Server-Side Includes: Example
  • Using Server-Side Includes: Protecting the Contents of Include Files
  • Taking Advantage of VBScript Classes
  • Using Server.Execute
  • Using Server.Transfer
  • #include Directive
  • .BAK Files on the Server
  • Programming Errors
  • Detecting Exceptions with Scripting Language Error-Handling Mechanisms
  • Using VBScript to Detect an Error
  • Using Jscript to Detect an Error
  • Notifying the Support Team When an Error Occurs Using CheckForError
  • Attacks on ASP
  • ASP DypsAntiSpam: A CAPTCHA for ASP
  • How To Prevent Automatic Submission With DypsAntiSpam
  • CAPTCHA: Examples
  • How to Use Database and ASP Sessions to Implement ASP Security
  • Step 1: Create A User Database Table
  • Step 2: Create And Configure The Virtual Directory
  • Step 3: Create The Sample Pages
  • Step 4: Add Validation Code To Pages
  • Protecting Your ASP Pages
  • Encoding ASP Code: Script Encoder
  • Protecting Passwords of ASP Pages with a One-way Hash Function
  • ASP Best Practices
  • ASP Best Practices: Error Handling
  • Summary
  • Microsoft .NET: IntroductionCommon Terminology
  • .NET FrameworkMicrosoft .NET: Introduction
  • .NET Framework
  • .NET Framework Security Policy Model
  • Security Policy Levels
  • Security Features in .NET
  • Key Concepts in .NET Security
  • Code Access Security (CAS)
  • Evidence-Based Security
  • Role-Based Security
  • Role-Based Security: Windows Principal
  • Role-Based Security: Generic principal
  • Declarative and Imperative Security
  • Cryptography
  • Generate Key for Encryption and Decryption
  • Symmetric Encryption in .Net
  • Asymmetric Encryption in .Net
  • Symmetric Decryption in .Net
  • Asymmetric Decryption in .Net
  • Protecting Client and Server Data Using Encryption
  • Cryptographic Signatures
  • Write a Signature in .Net
  • Verify a Signature in .Net
  • Ensuring Data Integrity with Hash Codes
  • Hash Code Generation
  • Verification of Hash Code
  • Permissions
  • Code Access Permissions
  • Identity Permissions
  • Role-Based Security Permissions
  • SkipVerification
  • Stack Walk
  • Writing Secure Class Libraries
  • Runtime Security Policy
  • Step-By-Step Configuration of Runtime Security Policies
  • Creating a Security Policy Deployment Package
  • Type Safety
  • Canonicalization
  • Access Control List Editor
  • Securing User Credentials and Logon Information
  • Obfuscation
  • Dotfuscator: .NET Obfuscator Tool
  • Administration Tool: Authorization Manager (AzMan) with ASP.Net
  • ASP.NET Security Architecture
  • Authentication and Authorization Strategies
  • URL Authorization
  • File Authorization
  • Windows Authentication
  • Forms Authentication
  • Passport Authentication
  • Custom Authentication
  • Implementing Custom Authentication Scheme
  • Configuring Security with Mscorcfg.msc
  • Process Identity for ASP.NET
  • Impersonation
  • Impersonation Sample Code
  • Secure Communication
  • Storing Secrets
  • Options for Storing Secrets in ASP.NET
  • Securing Session and View State
  • Web Form Considerations
  • Securing Web Services
  • Secure Remoting
  • Create a Remotable Object
  • Secure Data Access
  • .NET Security Tools
  • Code Access Security Policy Tool
  • Caspol.exe
  • Caspol.exe Parameters
  • Certificate Creation Tool: Makecert.exe
  • Options in Makecert.exe
  • Certificate Manager Tool: Certmgr.exe
  • Certificate Verification Tool: Chktrust.exe
  • Permissions View Tool: Permview.exe
  • PEVerify Tool: Peverify.exe
  • Best Practices for .NET Security
  • Summary
  • Introduction to PHP (Hypertext Preprocessor)
  • PHP Security Blunders
  • Unvalidated Input Errors
  • Solution for Access Control Flaws
  • Solution for Session ID Protection
  • Error Reporting
  • Data Handling Errors
  • Security Sensitive PHP Functions:
  • File Functions
  • Security Sensitive PHP Functions: ezmlm_hash
  • PHP Vulnerabilities
  • Informational Vulnerabilities
  • Common File Name Vulnerability
  • Revealed Source Code Vulnerability
  • Revealing Error Message Vulnerability
  • Sensitive Data in Web Root Vulnerability
  • Session File in Shared Server Vulnerability
  • Sensitive Data in Globally Readable File Vulnerability
  • Revealing HTML Comment Vulnerability
  • Web Application Fingerprint Vulnerability
  • Packet Sniffing Vulnerability
  • Attack Vulnerabilities
  • Global Variable Vulnerability
  • Default Password Vulnerability
  • Online Backup Vulnerability
  • Common PHP Attacks
  • Remote Code Execution
  • Cross-Site Scripting Attack (CSS)
  • Cross Site Scripting Attack: Example
  • Cross-Site Request Forgeries (CSRF, Sea-Surf or XSRF)
  • Workaround for Cross-Site Request Forgeries
  • SQL Injection
  • Defending SQL Injection Attacks
  • PHP Configuration Attacks
  • Preventing PHP Configuration Attacks
  • File System Attacks
  • Defending File System Attacks
  • Information Gathering Attacks
  • PHP Injection Attacks
  • Secure PHP Practices:
  • Safe Mode
  • Disable Register Globals
  • Validating Input
  • PHP Input Filter Class
  • Best Practices for PHP Security
  • Acunetix Web Vulnerability Scanner
  • Encryption Software: PHP Code Lock
  • Zend Guard
  • POBS stands for PHP Obfuscator/Obscurer
  • Summary
  • Common Terminology
  • Introduction: Practical Extraction and Report Language (PERL)
  • Security Issues in Perl Scripts
  • Basic User Input Vulnerabilities
  • Overcoming Basic User Input Vulnerabilities
  • Insecure Environmental Variables
  • Algorithmic Complexity Attacks
  • Perl: Taint, Strict, and Warnings
  • Taint Mode
  • How Does Taint Mode Work?
  • Taint Checking
  • Using Tainted Data
  • Securing the Program Using Taint
  • Strict Pragma
  • Setuid
  • Setuid Sample Code
  • Setuid: Authenticating the user
  • Security bug with Setuid
  • The Perl crypt() Function
  • Logging Into a Secure Web Site with Perl Script
  • Secure Log-in Checklist
  • Program for Secure Log-in
  • Securing open() Function
  • Unicodes
  • Displaying Unicode As Text
  • Summary
  • Web Application and Web Services
  • Web Application Vulnerabilities
  • Coding Errors
  • Design Flaws
  • XML- Introduction
  • XSLT and XPath
  • XML Signature
  • Applying XML Signatures to Security
  • An Enveloped, Enveloping and Detached XML Signature Simultaneously
  • XML Encryption
  • The abstract Element
  • Security Considerations for the XML Encryption Syntax
  • Canonicalization
  • Validation Process in XML
  • XML Web Services Security
  • XML-aware Network Devices Expand Network Layer Security
  • Security of URI in XML
  • Security of Opaque Data in XML
  • Growth of XML as Percentage of Network Traffic
  • XML Web Services Security Best Practices
  • XML Security Tools
  • V-Sentry
  • Vordel SOAPbox
  • AJAX- Introduction
  • Anatomy of an AJAX Interaction (Input Validation Example)
  • AJAX: Security Issues
  • How to Prevent AJAX Exploits
  • Tool: HTML Guardian ™
  • Tool: Sprajax- AJAX Security Scanner
  • Tool: DevInspect
  • Summary
  • RPC Introduction
  • RPC Authentication
  • RPC Authentication Protocol
  • NULL Authentication
  • UNIX Authentication
  • Data Encryption Standard (DES) Authentication
  • Data Encryption Standard (DES) Authentication on Server Side
  • Diffie-Hellman Encryption
  • Security Methods
  • Security Support Provider Interface (SSPI)
  • Security Support Providers (SSPs)
  • Writing an Authenticated SSPI Client
  • Writing an Authenticated SSPI Server
  • Secure RPC Protocol
  • RpcServerRegisterAuthInfo Prevents Unauthorized Users from Calling your Server
  • RPC Programming Best Practices
  • Make RPC Function Calls
  • Making RPC Function Calls: Using Binding Handles
  • Making RPC Function Calls: Choose the Type of Binding Handles and Choose a Protocol Sequence
  • Use Context Handles
  • Deal of RPC With Network
  • Write a Secure RPC Client or Server
  • ActiveX Programming: Introduction
  • Preventing Repurposing
  • SiteLock Template
  • IObjectSafety Interface
  • Code Signing
  • How to Create Your Own Code Signing Certificate and Sign an ActiveX Component in Windows
  • Protecting ActiveX Controls
  • DCOM: Introduction
  • Security in DCOM
  • Application-Level Security
  • Security by Configuration
  • Programmatic Security
  • Run As a Launching user
  • Run As a Interactive User
  • Run As a Specific User
  • Security Problem on the Internet
  • Security on the Internet
  • Heap Overflow Vulnerability
  • Workarounds for Heap Overflow Vulnerability
  • Tool: DCOMbobulator
  • DCOM Security Best Practices
  • Summary
  • Introduction
  • Is Open Source Good for Security?
  • Linux – Basics
  • Linux File Structure
  • Basic Linux Commands
  • Linux Networking Commands
  • Linux Processes
  • POSIX Capabilities
  • UTF-8 Security Issues
  • UTF-8 Legal Values
  • Advantages of Security Functionality
  • Security Audit
  • Communication
  • Encryption
  • Identification and Authentication
  • Security Management
  • Requirements for Security Measure Assurance
  • Enabling Source Address Verification
  • iptables and ipchains
  • iptables and ipchains (cont’d)
  • Code to save the ip6tables state
  • Controlling Access by MAC Address
  • Permitting SSH Access Only
  • Network Access Control
  • Layers of Security for Incoming Network Connections
  • Prohibiting Root Logins on Terminal Devices
  • Authentication Techniques
  • Authentication Techniques (cont’d)
  • Authorization Controls
  • Authorization Controls (cont’d)
  • Running a Root Login Shell
  • Protecting Outgoing Network Connections
  • Logging in to a Remote Host
  • Invoking Remote Programs
  • Copying Remote Files
  • Public-key Authentication between OpenSSH Client and Server
  • Authenticating in Cron Jobs
  • Protecting Files
  • File Permissions
  • Shared Directory
  • Encrypting Files
  • Listing Keyring
  • Signing Files
  • Encrypting Directories
  • POP/IMAP Mail Server (cont’d)
  • Testing an SSL Mail Connection
  • Securing POP/IMAP with SSL and Pine
  • SMTP Server
  • Testing and Monitoring
  • Testing Login Passwords (John the Ripper)
  • Testing Login Passwords (CrackLib)
  • Testing Search Path
  • Searching Filesystems Effectively
  • Finding Setuid (or Setgid) Programs
  • Securing Device Special Files
  • Looking for Rootkits
  • Tracing Processes
  • Observing Network Traffic
  • Detecting Insecure Network Protocols
  • Detecting Intrusions with Snort
  • Log Files (syslog)
  • Testing a Syslog Configuration
  • Logwatch Filter
  • Linux Security Best Practices
  • Structure Program Internals and Approach
  • Minimize Privileges Sample Code
  • Filter Cross-Site Malicious Content on Input
  • Filter HTML/URIs that may be Re-Presented
  • Avoid Buffer Overflow
  • Language−Specific Issues:
  • C/C++
  • C/C++ (cont’d)
  • Dangers in C/C++
  • Sample Codes
  • Perl
  • Perl (cont’d)
  • Ada
  • Java
  • Java (cont’d)
  • Tcl
  • Tcl Sample Code
  • PHP
  • PHP (cont’d)
  • Linux Security Tools
  • Linux Application Auditing Tool: grsecurity
  • grsecurity Configuration
  • Summary
  • Introduction
  • What to do after Building Kernel?
  • Linux Kernel Configuration Menu
  • Steps to compile a Linux Kernel
  • Compiling the Kernel
  • Summary
  • Introduction to Xcode
  • Mac OS X applications
  • Cocoa
  • Carbon
  • AppleScript
  • Script Editor
  • Script Window
  • CDSA
  • Secure Transport API Set and Cryptographic Service Provider (CSP)
  • Creating SSL Certificate on Mac OS X Server
  • Using SSL with the Web Server
  • Setting up SSL for LDAP
  • Protecting Security Information
  • Security in Mac OS X
  • Security Management Using System Preferences
  • Authentication Methods
  • Encrypted disk images
  • Networking Security Standards
  • Personal firewall
  • Checklist of recommended steps required to secure Mac OS X
  • Summary
  • Introduction: PL/SQL
  • PL/SQL in Oracle Server
  • Security Issues in Oracle
  • SQL Injection
  • Defending SQL Injection Attacks
  • SQL Manipulation
  • Code Injection Attack
  • Function Call Injection Attack
  • Buffer Overflow and Other Vulnerabilities
  • DBMS_SQL in PL/SQL
  • Prevent DBMS_SQL in PL/SQL
  • Types of Database Attacks
  • Establishing Security Policies
  • Password Management Policy
  • Password Management policy: Password History
  • Auditing Policy
  • Oracle Policy Manager
  • Oracle Label Security (OLS)
  • Create an Oracle Label Security Policy
  • Step 1: Define the Policy
  • Step 2: Define the Components of the Labels
  • Step 3: Identify the Set of Valid Data Labels
  • Step 4: Apply Policy to Tables and Schemas
  • Step 5: Authorize Users
  • Step 6: Create and Authorize Trusted Program Units (Optional)
  • Step 7: Configure Auditing (Optional)
  • Using Oracle Label Security with a Distributed Database
  • Oracle Identity Management
  • Security Tools
  • Secure Backups: Tool
  • Encryption and Its Types: Obfuscation
  • Obfuscation Sample Code
  • Encryption Using DBMS_CRYPTO
  • Advanced Security Option
  • Row Level Security
  • Oracle Database Vaults: Tool
  • Auditing
  • Auditing Methods
  • Audit Options
  • View Audit Trail
  • Oracle Auditing Tools
  • Fine-Grained Auditing (FGA)
  • Testing PL/SQL Programs
  • SQL Unit Testing Tools: SPUnit
  • SQL Unit Testing Tools: TSQLUnit
  • SQL Unit Testing Tools: utPLSQL
  • Steps to Use utPLSQL
  • Summary
  • Introduction
  • SQL Server Security Model
  • SQL Server Security Model: Login
  • Steps to Create a SQL Server Login
  • Database User
  • Guest User
  • Permissions
  • Database Engine Permissions Hierarchy
  • Roles
  • Public Role
  • Predefined Roles
  • Fixed Server Roles
  • Fixed Database Roles
  • User-Defined Roles
  • Application roles
  • Security Features of MS-SQL Server 2005
  • SQL Server Security Vulnerabilities:
  • Buffer Overflow in pwdencrypt()
  • Extended Stored Procedures Contain Buffer Overflows
  • SQL Injection
  • Prevent SQL Injection
  • Sqlninja:
  • SQL Server Injection & Takeover Tool
  • Finding Target
  • Data Encryption
  • Built-in Encryption Capabilities
  • Encryption Keys
  • Encryption Hierarchy
  • Transact-SQL
  • Create Symmetric Key in T-SQL
  • Create Asymmetric Key in T-SQL
  • Certificates
  • Create Certificate in T-SQL
  • SQL Server Security: Administrator Checklist
  • Database Programming Best Practices
  • SQL Server Installation:
  • Authentication
  • Authorization
  • Best Practices for Database Authorization
  • Auditing and Intrusion Detection
  • How to Enable Auditing
  • Database Security Auditing Tools:
  • AppDetective
  • NGSSquirrel
  • AuditPro
  • Summary
  • Basic Network Concepts:
  • Network
  • Protocols
  • Client Server Model
  • Basic Web Concepts
  • Network Programming
  • Benefits of Secure Network Programming
  • Network Interface
  • How to Secure Sockets:
  • Server Program
  • Client Program
  • Ports
  • UDP Datagram and Sockets
  • Internet Address
  • How to connect to secure websites
  • URL Decoder
  • Reading Directly from a URL
  • Content Handler
  • Cookie Policy
  • RMI Connector
  • .Net : Internet Authentication
  • Network Scanning Tool: ScanFi www.securecentral.com
  • Network Programming Best Practices
  • Summary
  • Introduction
  • Windows NT and Windows 2000 Sockets Architecture
  • Socket Programming
  • Client-Side Socket Programming
  • The Socket Address Structure
  • The Socket Address Structure: Code Analysis
  • Initializing a Socket and Connecting
  • Server-Side Socket Programming
  • Creating a Server
  • Winsock 2.0
  • Winsock Linking Methods
  • Starting a Winsock 2 API
  • Accepting Connections:
  • AcceptEx
  • WinSock: TransmitFile and TransmitPackets
  • Grabbing a Web Page Using Winsock
  • Generic File – Grabbing Application
  • Writing Client Applications
  • TCP Client Application Sample Code
  • Writing Server Applications
  • TCP Server Application Sample Code
  • Winsock Secure Socket Extensions
  • WSADeleteSocketPeerTargetName
  • WSAImpersonateSocketPeer
  • WSAQuerySocketSecurity
  • WSARevertImpersonation
  • WSASetSocketPeerTargetName
  • WSASetSocketSecurity Function
  • SOCKET_SECURITY_SETTINGS
  • Case Study: Using WinSock to Execute a Web Attack
  • Case Study: Using Winsock to Execute a Remote Buffer Overflow
  • MDACDos Application
  • Summary
  • Introduction
  • Shellcode Development Tools
  • Remote Shellcode
  • Port Binding Shellcode
  • FreeBSD Port Binding Shellcode
  • Clean Port Binding Shellcode
  • Clean Port Binding Shellcode: sckcode
  • Socket Descriptor Reuse Shellcode
  • Socket Descriptor Reuse Shellcode in C
  • Socket Descriptor Reuse Shellcode: Sample Code
  • Local Shellcode
  • execve
  • Executing /bin/sh
  • Byte Code
  • setuid Shellcode
  • chroot Shellcode
  • Breaking of chroot jails in Traditional Way
  • Breaking Out of Chroot Jails on Linux Kernels
  • Windows Shellcode
  • Shellcode Examples
  • Steps to Execute Shell Code Assembly
  • The Write System Call
  • Linux Shellcode for “Hello, world!”
  • The Write System Call in FreeBSD
  • execve Shellcode in C
  • FreeBSD execve jmp/call Style
  • FreeBSD execve Push Style
  • FreeBSD execve Push Style, Several Arguments
  • Implementation of execve on Linux
  • Linux Push execve Shellcode
  • System Calls
  • The Socket System Call
  • The Bind System Call
  • The Listen System Call
  • The Accept System Call
  • The Accept System Call: Sample Code
  • The dup2 System Calls
  • The execve System Call
  • Linux Port Binding Shellcode
  • Compile, Print, and Test Shellcode
  • Reverse Connection Shellcode
  • Socket Reusing Shellcode
  • Linux Implementation of Socket Reusing Shellcode
  • Reusing File Descriptors
  • setuid Root
  • setuid Root: Executing the Program
  • setuid Root: System calls used by the program
  • Using ltrace utility
  • Using GDB
  • Assembly Implementation
  • SysCall Trace
  • RW Shellcode
  • Encoding Shellcode
  • Decoder Implementation and Analysis
  • Decoder Implementation Program
  • Results of Implementation Program
  • OS-Spanning Shellcode
  • Assembly Creation
  • Summary
  • Introduction
  • Targeting Vulnerabilities
  • Remote and Local Exploits
  • A Two-Stage Exploit
  • Format String Attacks
  • Example of a Vulnerable Program
  • Using %n Character
  • Fixing Format String Bugs
  • Case Study: xlockmore User-Supplied Format String Vulnerability CVE-2000-0763
  • TCP/IP Vulnerabilities
  • Race Conditions
  • File Race Conditions
  • Signal Race Conditions
  • Case Study: ‘man’ Input Validation Error
  • Case Study: ‘man’ Input Validation Error (Snippet 1)
  • Case Study: ‘man’ Input Validation Error (Snippet 2)
  • Writing Exploits and Vulnerability Checking Programs
  • Writing Exploits and Vulnerability Checking Programs Sample Code
  • Stack Overflow Exploits
  • Memory Organization
  • Stack Overflows
Kimler Katılmalı
Windows / .NET / Java Framework ile Web tabanlı uygulamaların tasarım ve geliştirilmesinde sorumlu kişiler için tasarlanmıştır. C #, C + +, Java, PHP, ASP,. NET ve SQL geliştiricileri için tasarlanmıştır.

Diğer Bilişim Güvenliği Sertifikasyon Eğitimleri

PCI DSS Uygulayıcı Eğitimi
PCI DSS Uygulayıcı Eğitimi

PCI DSS eğitimi bankalar tarafından üye işyerleri ve ödeme servis sağl...

DEVAMI
Sertifikalı SOME Uzmanlığı Eğitimi
Sertifikalı SOME Uzmanlığı Eğitimi

Bilişim sistemlerinde yaşanan ihlal olayları profesyonel bakış açısıyl...

DEVAMI
LPIC-1 SysAdmin Sertifikasyon Hazırlığı Eğitimi
LPIC-1 SysAdmin Sertifikasyon Hazırlığı Eğitimi

Linux dünyasında LPI sınavı olarak adlandırılan sertfikasyon LPIC1, LP...

DEVAMI
iso 27001 eğitimi
ISO 27001 Bilgi Güvenliği Yönetimi Eğitimi

BGA-ISO27001 , bilgi güvenliği yönetimi sistemi gereksinimlerini tanım...

DEVAMI
Ec-Council Licensed Penetration Tester (LPT) Eğitimi
Ec-Council Licensed Penetration Tester (LPT) Eğitimi

Ec-Council tarafından geliştirilmiş Lisanslı Penetrasyon Test uzmanı e...

DEVAMI
Siber Güvenlik Uzmanı Eğitimi
Ec-Council CEH (Certified Ethical Hacker) Eğitimi

Ec-Council tarafından geliştirilmiş CEH sertifikasyonu eğitim programı...

DEVAMI
Bilgi Güvenliği İhlal Olayı Yönetimi Eğitimi
Bilgi Güvenliği İhlal Olayı Yönetimi Eğitimi

Kamu kurumları ve kurumsal iş ortamlarında yaşanan bilişim güvenliği i...

DEVAMI
Sertifikalı Ağ Güvenliği Uzmanı Eğitimi
Sertifikalı Ağ Güvenliği Uzmanı Eğitimi

Uygulamalı Ağ Güvenliği ve İleri Seviye Ağ Güvenliği eğitimlerinin bir...

DEVAMI
Beyaz şapkalı hacker CEH V10 eğitimi
Beyaz Şapkalı Hacker (C.E.H) Eğitimi

Beyaz Şapkalı Hacker (Certified Ethical Hacker) yetiştirme amaçlı bir...

DEVAMI
Cissp Hazırlık Eğitimi
CISSP Sertifikası Hazırlık Eğitimi

Bilgi güvenliği sektörünün en önemli sertifikalarından biri olan CISSP...

DEVAMI
Duyuru Listemize Kayıt

25.000 profesyonel; eğitim, etkinlik ve kampanyalarımızdan haberdar oluyor. Sizi de bu listeye dahil etmemizi ister misiniz?