IDRBT Workshop @ Secure Coding Practices


          IDRBT is conducting a short-term course on ‘Secure Coding Practices’, helmed by Dr.V.Radha.

          The duration of the fully residential program is 5 days and the next program is from January 01 to January 05, 2018.

          Background:

          The preferred access for bank customers is moving from offline mode to online mode. The numbers of bank customers accessing their bank accounts through their own devices is higher than the bank customers visiting bank branches.

          This places an enormous responsibility on Banks Information Technology team to protect the Banks digital channels from unauthorized access.

          IDRBT program on Secure Coding Practices is a step in that direction.

Banks are under stress to open APIs, develop new Applications for customers as well as employees around their core banking. Building new apps around core banking without proper understanding of OWASP top 10 security vulnerabilities like SQL Injection, Remote Code Execution etc might put the bank in higher risk zone.

Whether the bank develops the application on its own or buys it, it is advisable for the bankers to understand the OWASP vulnerabilities, how do they manifest and what are the remedial measures. For majority of the attacks, bad programming is the sole source of problem.

Security experts deploy remedial measures across the entire enterprise network stack right from Web application firewalls, to end-point security. It is like making the outer wall stronger to secure the weak inner applications. None of these solutions is needed if the programs are written with security in mind.

Core Objective of the Program:-

·       To bring awareness about  OWASP top 10.
·       Discuss and demonstrate the remedial measures;
·       Automated testing of applications;
·       Code Scanning and Code Analysis

Contents

  • ·       OWASP Top 10 – Overview

  • ·       PKI for Information Security in banking services

  • ·       SSL

  • ·       Web Application Security

  • ·       Cross Site Scripting and remedial measures

  • ·       Database Security

  • ·       SQL Injection and Remedial Measures

  • ·       Remote Code Execution – Buffer Overflow Attacks and remedial Measures

  • ·       Session Hijacking and remedial Measures

  • ·       Insecure Authentication and remedial Measures

  • ·       Insecure Data Storage and remedial measures

  • ·       Weak Encryption and remedial measures

  • ·       Testing Overview

  • ·       Automated Testing tools

  • ·       Secure Coding


OWASP is an active body advocating open standards  in the Application Security space.

The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software.

OWASP mission is to make software security visible, so that individuals and organizations are able to make informed decisions. OWASP is in a unique position to provide impartial, practical information about AppSec to individuals, corporations, universities, government agencies and other organizations worldwide. Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security.

Everyone is free to participate in OWASP. OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.

OWASP Top 10 vulnerabilities ::
A1:2017 - Injection
A2:2017 - Broken Authentication
A3:2017 - Sensitive Data Exposure
A4:2017 - XML External Entities (XXE)
A5:2017 - Broken Access Control
A6:2017 - Security Misconfiguration
A7:2017 - Cross-Site Scripting (XSS)
A8:2017 - Insecure Deserialization
A9:2017 - Using Components with Known Vulnerabilities
A10:2017 - Insufficient Logging & Monitoring…

Comments

Popular posts from this blog

CERTIFICATE EXAMINATION IN INTERNATIONAL TRADE FINANCE

IIBF-Certificate Examination in Foreign Exchange Facilities for Individuals

IIBF introduces Self-Paced E-learning courses (SPeL) for its two certificates