Land In Our CyRe-sphere

1. Overview

• Understanding Mobile Platform Architecture
• IOS Security Perspective
• Android Security Perspective
• Application Security Concepts and Overview
• Typical Mobile Attacks and Case Studies
• Developing Mobile Security Policy – In line with company security policy
• Mobile App Security vs Web App Security
• Mobile Stack – Security Perspective
• Mobile Library – Security Perspective
• Mobile Application Framework – Security Perspective
• Mobile Application Layer – Security perspective
• Developing Secure Mobile Apps

2. Authentication

• Application Signing
• File System Access – Security Perspective
• Web Services Authentication
• Session Management on Android
• Authentication Best Practices
• Authorization
• Web Services Authentication
• Session Management on Android
• Authentication Best Practices

3. Encryption and Data Protection

• Encryption Overview – Security Practices
• Protecting Data at Rest
• Protecting Data in transit
• Web Services Encryption Best Practices
• Message Authentication and Non-Repudiation
• Data Privacy Issues and Concern

4. Secure Coding

• Protecting against Web Services Attacks – SQL Injection, XSS
• Protecting against File Inclusion Vulnerabilities
• Error and Exception Management
• API Level Security

5. Logging

• Logging Practices – Device Logging
• Centralized Logging Practices

6. BYOD and Device Administration

• BYOD and Device Administration – Need and Overview
• Device Admin API Coverage

7. Malware and Malware Prevention

• Malware and Android
• Malware – Typical Malware
• Typical Malware Behavior and Characteristics
• Credit card Skimmer example
• Malware Prevention Practices for Apps

8. Certification Exam

C-MASP program contains hands-on interactive sessions. The trainees attending these two programs are therefore required to bring their laptops to these programs. At no point during the program would it be required for the laptop to be connected to the internet.

1. Introduction to Web Application Security

Understanding the need for Web Application Security and its challenges faced by modern enterprises, previous security incidents, high profile hacks, etc.

2. Basic Concepts of Information Security

Information Security Concepts that form the bedrock of the understanding of Web Application Security.

3. Significant Web Application Breaches

An exploration of significant attacks against web applications with a Real-life Case Study.

4. Risk Assessment and Threat Profiling Modeling

Unique Risk Assessment and Threat Profiling Modeling Technique for Web Application Security from CTO’s book “Secure Java for Web Application Development”.

• Web Application Risk Assessment
• Exploring methods to perform Risk Assessment for Web Applications

5. Compliance Requirements for web Application Security

Specific compliance requirements and their scope on Web Application Security.

6. OWASP Top 1

OWASP Top 10 Vulnerabilities, Testing Techniques, and Mitigation Techniques.

7. Integrating Security into Application

Integrating Security into the Application Development Lifecycle (Secure SDLC).

8. Secure Coding Guidelines

Preventing against common Web Application Vulnerabilities and Penetration Techniques.

9. Web Application Security for Specific Frameworks

• Web Application Security for Specific Frameworks etc.
• Web Application Threat Analysis and Threat Modeling.
• Identifying Threat Models for Web Application and Integrating Security into the SDLC.
• Hands-on Session
• Hands-on Lab Session on major topics.
• Certification Exam
• C-WASP program contains hands-on interactive sessions. The trainees attending these two programs are therefore required to bring their laptops to these programs. At no point during the program would it be required for the laptop to be connected to the internet.

1. Information Security An Overview

• Defining Information Security and Risk
• Understanding Threats, Vulnerabilities, and their Interplay
• Understanding Security Risk in Depth
• Workshop exercises and Case Studies

2. Information Security Compliance

•  Importance of Risk Management for Compliance
• Linking the Risk Treatment Plan to the
• Compliance Framework Compliance Standards around the world – An Overview
• The ISO-27001:2005 Standard and Implementation Framework
• Success Factors – ISO-27001
• Management Commitment to Security
• Measurement of Effectiveness of Controls
• Information Security Policies and Procedures
• Security Management – Organization Structure

3. Incident Response and Incident Management

•  Designing a Comprehensive and Proactive Incident Management Framework
• Identifying Incidents
• Performing Root Cause Analysis
• Incident Response and Closure
• Learnings from Incidents and Corrective Action
• Workshop Exercises

4. Enterprise Risk Management Framework

•  Risk Management Practices
• Risk Assessment
• Risk assessment methodology
• Risk approaches
• Threat Profiling
• Threat Modeling
• Calculating risk Authentication vs. Authorization
• Data classification
• Vulnerabilities
• Defense-in-depth
• Computer security policies
• Policies, Procedures, and Working Guidelines
• Workshop Exercise on Risk Assessment and Risk Management

5. Business Continuity and Disaster Recovery

•  Policies and Procedures – Information Security
• Roles and responsibilities
• Contingency and Business continuity planning
• Legal and regulatory requirements
• Disaster recovery strategy and plan
• Business impact analysis
• Incident Reporting and Handling

1. Information Security Stories Involving

• Password Strength, security, and so on – for general users
• Protection against Phishing and other Social Engineering attacks – Stories of real-world incidents
• Physical Security Practices
• Generic Data Security Practices
• Acceptable Usage Best Practices for an organization
• Mobile Security Best Practices for general users
• Incident Reporting and End-User Security Responsibility
• Data Protection for Mobile Devices, Secondary Storage Devices, and so on.

2. Imprint of Compliance and Privacy Regulations on Data Security

• US Data Protection and Privacy Regulations and their impact on Indian Companies
• UK based Data Protection and Privacy Regulations and impact on Indian Companies
• EU based Data Protection and Privacy Regulations and impact on Indian Companies
• Data Protection and Privacy Regulations in the Middle East – KSA, UAE, and others