Learning by doing
Trainers with practical experience
Detailed course material
Clear content description
Tailormade content possible
Training that proceeds
The course Data Security for Developers covers the most common risks in securing data and how you can arm yourself against them. Attention is paid to data protection, securing communication, configuring access control and using authentication methods. Standards such as the General Data Protection Regulation (GDPR) are discussed as well.
The course starts with a discussion and explanation of the main concepts that play a role in Data Security such as authentication, access control, encryption, confidentiality, integrity, as well as backup and recovery.
Subsequently setting up secure connections over Secure Sockets Layers (SSL) is treated. The creation of client and server certificates and the role of certificate authorities is covered.
Then the different types of encryption are explained such as symmetric, asymmetric and hash encryption. And various encryption algorithms such as RSA and ECC are considered.
Next attention is paid to typical security risks that play a role in web applications. The prevention of cross site scripting, SQL injection, cross site request forgery and session hijacking are debated then.
The safe regulation of access control by means of key management systems, secure password storage and two factor authentication are also on the program of the course. The importance of role-based and permission-based authorization is treated as well.
Next the importance of keeping systems and applications secure by applying updates is covered. And the importance of monitoring, logging and incident responding is discussed also.
Finally attention is paid to keeping Apps and APIs secure by testing endpoints for data leakage and security flaws. Various standards for data regulation such as GDPR, CCPA, PCI DSS and HIPAA are also treated then.
The course Data Security for Developers is intended for developers who want to learn what data security risks there are and how you can arm yourself against them.
To participate in the course Data Security for Developers, experience with software development is required. Experience with object-oriented programming in C#, Python or Java is beneficial for understanding.
The course Data Security for Developers has a hands-on character. The theory is treated on the basis of presentation slides and is interchanged with practical exercises.
After successfully completing the training, the attendants receive a certificate of participation in the course Data Security for Developers.
Module 1 : Intro Data Security
Module 2 : Secure Communication
Module 3 : Secure Data at Rest
Backups and Recovery
Secure Sockets Layer (SSL)
Private and Public Key
Client and Server Certificates
Chain of Trust
Trusted certificate authorities (CAs)
Transport Layer Security
Verify network connections
Verify metadata in HTTP headers
Using standard encryption
Encoding and obfuscation
Protect against Malware
Module 4 : Web App Risks
Module 5 : Keys and Passwords
Module 6 : Access Controls
Cross Site Scripting
Prevent Untrusted Data
Escaping User Input
Cross-Site Request Forgery
Key management systems
Secure passwords storage
Avoid embedding in code
Two factor Authentication
Provide Two Factor option
Remove vendor-supplied defaults
Role Base Security
Lattice Based Access Control
Separate Roles and Functions
Mandatory Access Control
Discretionary Access Control
Removing access and privileges
Module 7 : Updates and Patches
Module 8 : Monitor and Log
Module 9 : Securing Apps and API's
Addressing Security Vulnerabilities
Keeping Systems Updated
Use Trusted Network Locations
Emails and Attachments
Updating Core libraries
Tracing Sending Data
Tracing Storing Data
Ensure system stability
Identify security breaches
Basic app security practices
Assessing permissions and data needs
Aligning data access to purpose of use
Testing APIs for data leakage
Testing endpoints for data leakage
Testing transmissions third parties
Scanning app and code
Searching security flaws
Regularly test security systems
Module 10 : Data Security Regulations
GDPR, CCPA, PCI DSS and HIPAA
General Data Protection Regulation
California Consumer Protection
Health Insurance Accountability Act
PCI Data Security Standard