Review and Tips: Poker Casino Sport .
You are not logged in.
Business Analysts are being called upon as never before to include functional and non-functional security requirement s in their Requirements specifications.
Writing Security Requirements for web applications is not intuitive and to be effective you need to provide the additional information that developers need to create robust applications.
This course provides the insights you need to augment Requirements specifications with practical information that will facilitate the creation of secure sites.
Experienced Business Analysts who wish to produce comprehensive and concise Security Requirements for their web applications. Development teams that want to build secure applications from the beginning.
Be familiar with the Secure Software Development Lifecycle .
Understand what developer s need to know to produce secure features.
A solid understanding of web application Requirements gathering and documentation.
Topic 2: Requirements Gathering.
Purpose, Process, Deliverables .
Who Gathers Requirements ?.
Types Of Requirements.
Requirements Outline Template.
Information Gathering Techniques.
Effective Communication.
Active Listening.
Requirements Verification.
Facilitating Requirements Reviews.
Errors.
Messages, and Logging.
Topic 3: Security Requirements.
Protecting Sensitive Information.
Role-based Access Control.
Secure I/O.
Form Considerations.
Recognizing and Responding to Attack.
Session Management.
Lab Exercise: Documenting Security Requirements.
Topic 4: Overview of Use Case Analysis.
Use Cases As Actor/Goals Lists.
Identifying Actors.
Documenting Objectives.
Preconditions, Guarantees, and Triggers.
Use Case Prioritization.
Actors/Goals List.
Use Cases As Narratives.
Use Case Narratives.
Primary Scenario.
Scenario Steps.
Alternative Scenarios.
Exception Scenarios.
Sequence Numbering.
Use Case Example.
When Are We Done ?.
Topic 5: Authentication.
Certificate-based Authentication.
Single vs.
Multi-Factor Authentication.
Password Strength.
Password Reset.
Security Questions.
Re-authentication.
Lab Exercise: Who Are You ?.
Topic 6: Protecting Sensitive Information.
Defining Sensitive Information.
Protection at Rest.
Protection in Transit.
In Memory Handling.
Data Masking.
Logging and Other Output.
Topic 7: Role-based Access Control.
Principle of Least Privilege.
Enforcing Navigation.
Maintaining State.
Protecting Critical Transactions.
Dynamic Control Management.
Dynamic Permissions Management.
Lab Exercise: Role Play.
Topic 8: Secure I/O.
Trust Zones.
What is Untrusted Input ?.
Data Meta-Data.
Secure File Handling.
Handling Filenames and Directories.
Handling URLs.
Denial of Service Considerations.
Lab Exercise: File Upload.
Topic 9: Form Considerations.
How HTTP Works.
GET vs.
POST.
Request Parameters.
Cookies.
Field-Level Validation.
Cross-Field Validation.
Parameter Meta-data.
Client-Side and Server-Side Validation.
Detecting Automation.
Avoiding Multiple Submission.
Client Side Validation.
Lab Exercise: Design a Form.
Topic 10: Data Handling.
What is an Injection Attack ?.
Encoding to Prevent Injection.
Avoiding Denial of Service.
Lab Exercise:.
Topic 11: Session Management.
What is a Session ?.
Session Tracking.
The Session Lifecyle.
Lab Exercise:.
For more information or to register for this training course, call 1-800-840-2335 or on our website.
[email protected]
Training Course: Gathering and Documenting Web Application Security Requirements.
Theme: by aThemes.
Offline