Kenneth Ingham Consulting; Security classes

Security classes

Classes:

“Lab exercises and lecture were well-blended.”—Tarun Mandhania on a class evaluation form, December 4, 2002.

“Always made sure that all questions were answered.”—Maria Outland on a class evaluation form, April 12, 1991.

“Ken presented to the class an atmosphere that I found was interesting, educational, and very interactive.”—Casey Gleason on a class evaluation form, April 12, 1991.

“Overall I found this tutorial very helpful as well as useful. This opens up a whole range of opportunities for future projects.”— Anonymous student on a class evaluation form, July 2, 1991.

Kenneth is the lead courseware developer for security classes with SkillBridge. We were one of the first companies to offer security classes, starting in the late 1990s. Because Kenneth and his associates work in industry on real problems, the classes are not just theoretical, but carry a rea-lworld experience. The course materials regularly receive rave reviews for their thoroughness; they are much more than just a printout of a set of Powerpoint slides.

Class name	Description
Avoiding the CWE/SANS Top 25 Most Dangerous Programming Errors Overview document Class web page	The CWE/SANS Top 25 Most Dangerous Programming Errors list are the most dangerous errors that programmers and system designers regularly make. The OWASP Top 10 is a list of the top 10 security-related errors that web application programmers regularly make. Companies producing code that must meet SOX, HIPAA, PCI DSS, and/or other security regulations or laws need programmers trained in avoiding these errors. Companies producing code that they plan to sell will soon be meeting customers demanding that they certify that the code is free from these errors. In order to meet these demands, programmers must understand the errors, how to avoid, and how to test for them. GIAC offers certification for programmers who pass a knowledge test on secure coding concepts; this class can be an important aid in a student being ready to take the test. The class has examples, specific information, and labs written for C/C++, Java, and C#. Every chapter also has web and/or print references for the student to follow to obtain more information.
Designing and Coding Secure Systems Overview document Class web page	This class covers secure coding and some design issues from a language neutral approach---you can make mistakes such as poor input validation or failing to use defense in depth in any language. The course stresses how to avoid security problems through the proper implementation of programs. This class makes heavy use of labs where the instructor presents a case study and the students discuss how to apply the concepts presented to the example under discussion; the example can also be a system in which the students are involved. This class is appropriate for students who are programmers; you cannot code your way out of a bad design, and recognizing design flaws earlier allows them to be fixed with fewer resources. This class is also appropriate for program designers and system architects; they need to understand how to design in security from the beginning.
Introduction to Secure Software Architecture Overview document Class web page	This course is designed to teach software architects the basics of how to create secure software systems. The emphasis is how the organization, features, and interfaces of an application influence its security. General security principles and specific design strategies are discussed. Case studies of successful and unsuccessful designs from the commercial and open source world are presented.
Web Application Security Overview document Class web page	Web applications are essential to everything from embedded systems to e-commerce systems. This class looks at the problems unique to the web and shows how attackers target these systems, how easy the vulnerabilities are to exploit, and how to solve these problems. Students will also learn upcoming vulnerabilities in areas such as SOAP and XML use. Most of the OWASP Top Ten are covered in this course, as well as other security issues. The OWASP Top Ten not covered are covered in the complementary courses (e.g., buffer overflows are in the C/C++ class). This class complements the design and implementation courses, and should not be considered a replacement for either. This class is language-neutral.
Ethical Hacking Overview document Class web page	Attackers have at their disposal a large collection of tools that aid their exploiting systems. If you plan to defend against attacks, knowledge of these tools and the techniques behind their use is imperative. This class covers vulnerabilities in systems, how attackers locate these security holes, and how they can then exploit them to achieve their goals. Additionally, the class covers defenses against the attacker's tools and techniques. Labs in this course are of two types: (1) Attacking a vulnerable system, and (2) preventing your classmates from successfully attacking your system.
Security Testing Overview document Class web page	The threat that security breaches present to your products and ultimately your customer base can be significant. This course is designed to assist testers in updating their testing practices to include testing for security. The goal of this effort is to reduce the number of identified post-release security vulnerabilities. Many tools exist to assist testers. However, more important is to understand the testing techniques. This class uses the tools to teach the techniques. While the students will learn about some of the available tools, they are not the primary focus of the class.
Linux OS Security Overview document Class web page	This class is for students who want to learn how to configure systems to be secure, test the security of systems, and/or and manage the system more securely.
Secure Programming in C/C++ Overview document Class web page	This class is for C and C++ programmers who want to write code with fewer exploitable security bugs. The class focuses on the practice of C coding and is applicable to all software development models (e.g., agile development, the waterfall model, etc).