888Poker ! Let's us help you to became best player

Review and Tips: Poker Casino Sport .

You are not logged in.

#1 2020-09-13 18:13:56

From: Tunisia
Registered: 2020-09-13
Posts: 1

Lab Exercise: Documenting Security Requirements

Training Course: Gathering and Documenting Web Application Security Requirements

Business Analysts are being called upon as never before to include functional and non-functional security  requirement s in their Requirements specifications.
Writing Security Requirements for web applications is not intuitive and to be effective you need to provide the additional information that  developers  need to create robust applications.
This course provides the insights you need to augment Requirements specifications with practical  information  that will facilitate the creation of secure sites.
Experienced Business Analysts who wish to produce comprehensive and concise Security Requirements for their web applications.   Development  teams that want to build secure applications from the beginning.
Be familiar with the Secure Software Development  Lifecycle .
Understand what  developer s need to know to produce secure features.

Understand what Use Cases are and their value in specifying Security Requirements
Be prepared to address Authentication in Security Requirements
Be prepared to address role-based Access Control in Security Requirements
Be prepared to address secure I/O in Security Requirements
Be prepared to address secure data handling in Security Requirements
Be prepared to address secure Session management in Security Requirements

A solid understanding of web  application  Requirements gathering and documentation.
Topic 2:      Requirements  Gathering.
Purpose, Process,  Deliverables .
Who Gathers  Requirements  ?.
Types Of Requirements.
Requirements Outline Template.
Information Gathering Techniques.
Effective Communication.
Active Listening.

Facilitating Requirements Sessions

Requirements Verification.
Facilitating Requirements Reviews.
Messages, and Logging.

Lab Exercise: Planning Requirements Gathering

Topic 3:     Security Requirements.
Protecting Sensitive Information.
Role-based Access Control.
Secure I/O.
Form Considerations.
Recognizing and Responding to Attack.
Session Management.
Lab Exercise: Documenting Security Requirements.
Topic 4:     Overview of Use Case Analysis.
Use Cases As Actor/Goals Lists.
Identifying Actors.
Documenting Objectives.
Preconditions, Guarantees, and Triggers.
Use Case Prioritization.
Actors/Goals List.

Lab Exercise: Documenting Actors and Goals

Use Cases As Narratives.
Use Case Narratives.
Primary Scenario.
Scenario Steps.
Alternative Scenarios.
Exception Scenarios.
Sequence Numbering.
Use Case Example.
When Are We Done ?.

Lab Exercise: Documenting Use Case Narratives

Topic 5:     Authentication.
Certificate-based Authentication.
Single vs.
Multi-Factor Authentication.
Password Strength.
Password Reset.
Security Questions.
Lab Exercise: Who Are You ?.
Topic 6:     Protecting Sensitive Information.
Defining Sensitive Information.
Protection at Rest.
Protection in Transit.
In Memory Handling.
Data Masking.
Logging and Other Output.

Lab Exercise: Data Masking at Home

Topic 7:     Role-based Access Control.
Principle of Least Privilege.
Enforcing Navigation.
Maintaining State.
Protecting Critical Transactions.
Dynamic Control Management.
Dynamic Permissions Management.
Lab Exercise: Role Play.
Topic 8:     Secure I/O.
Trust Zones.
What is Untrusted Input ?.
Data Meta-Data.
Secure File Handling.
Handling Filenames and Directories.
Handling URLs.
Denial of Service Considerations.
Lab Exercise: File Upload.
Topic 9:     Form Considerations.
How HTTP Works.
GET vs.
Request Parameters.
Field-Level Validation.
Cross-Field Validation.
Parameter Meta-data.
Client-Side and Server-Side Validation.
Detecting Automation.
Avoiding Multiple Submission.
Client Side Validation.
Lab Exercise: Design a Form.
Topic 10:     Data Handling.
What is an Injection Attack ?.
Encoding to Prevent Injection.
Avoiding Denial of Service.
Lab Exercise:.
Topic 11:     Session Management.
What is a Session ?.
Session Tracking.
The Session Lifecyle.
Lab Exercise:.
For more information or to register for this training course, call 1-800-840-2335 or  on our website.
[email protected]
Training Course: Gathering and Documenting Web Application Security Requirements.
Theme:  by aThemes.


Kèo nhà cái

Board footer

Powered by FluxBB