Descrizione
Attending the iSAQB® CPSA-A Web Security (WEBSEC) course gives participants 20 Technical Competence (TC) and 10 Methodological Competence (MC) points towards the 70 points required for eligibility to take the iSAQB CPSA-A exam with Brightest. It is important to remember that as part of the 70 points required to take the iSAQB CPSA-A exam with Brightest, you will need at least ten competence points in each of the following areas:
- Technical Competence (TC)
- Methodological Competence (MC)
- Communicative Competence (CC)
Accredited iSAQB® WEBSEC - Web Security (CPSA-A) training is based on the current iSAQB® curriculum:
Part 1 - Web Security Analysis
- Risks and models
- The fundamental security goals
- Asset identification and access concepts
- Identify criteria for acceptance and auditing
- Tradeoff of security against other quality attributes
- Understand security as a process, not as a single measure
- Understand security as the responsibility of all stakeholders
- Know common guidelines, standards, and recommendations
- Know common classification systems for security issues
- Categorize common certifications
Part 2 - Secure design and development process
- The concept of "validation of all inputs and escaping of all outputs"
- The principle of security gates, review, and "trust no one"
- Indicators of secure application design
- Basic patterns for secure coding guidelines
- Content of a secure development process and example framework
- Access concepts for system landscape, artifacts, and source code
- Which tools and infrastructure components support the secure development process
- Demarcation of analytical methods
- Incident management
Part 3 - Cryptography
- The basics of cryptography
- Hashing
- Encryption procedures
- Trust concepts
- Practical use
Part 4 - Web: A Technical Foundation
- Common "good practices"
- Authentication types
- "Security through obscurity" security measures
- Security-related protocols (e.g., TLS)
- Common authorization concepts and relevant implementations
- Supporting tools
Part 5 - Web: Known Attacks and Attack Vectors
- Attack vectors and classification
- Specific dangers of social engineering in web applications
- Injection attacks
- Significance and functioning of denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks
- Attacks via the runtime environment/application platform
- Identifying security vulnerabilities via fuzzing
- Man-in-the-middle attacks
- Important sources for current threats and attacks
Part 6 - Web: Security and Infrastructure
- Function/operation and processes of firewalls
- Web Application Firewalls
- Intrusion Detection / Prevention systems
- Validation with feedback from operations
- Use of Transport Layer Security (TLS)
Pubblico destinatario
The CPSA-A Web Security Training seminar is particularly valuable for professionals who want to integrate security into the analysis and development lifecycle with a technical focus on web-based systems.
Requisiti
Pour participer à un cours iSAQB® CPSA – Niveau Avancé, il vous faut être titulaire du certificat iSAQB® Certified Professional for Software Architecture – Niveau Foundation (CPSA‑F).
Pré-requis de connaissances :
Les personnes participantes doivent disposer des connaissances préalables suivantes :
- Connaissances de base en communication réseau
- Connaissances de base des technologies web telles que HTML, CSS et JavaScript
- Connaissances de base en création d’applications web
D’autres prérequis peuvent s’appliquer aux systèmes d’information et aux systèmes embarqués. Toutefois, des connaissances de base en architecture et en mise en œuvre de ces systèmes sont suffisantes.
I syllabi e gli esami di prova saranno presto disponibili!
