advanced search
Do you have any questions?
+420 731 175 867 (Mo-Fr: 9A.M.-5P.M.)
EN
0 Basket

Certified Security Champion (CSC)

Course code: CSC

The students master application security, OWASP Top 10 basics, and secure coding practices. You’ll identify and fix code vulnerabilities using CI/CD tools to strengthen pipeline security and bolster organizational defense.

Course Inclusions:

  • Course Manual
  • 3 Years of Course Videos and Checklists
  • Access to a dedicated Mattermost channel
  • 40+ Guided Exercises
  • Earn 24 CPE Points on course completion
  • 30 days of Browser-based Lab Access
  • One exam attempt for the Certified Security Champion certification
470 EUR

569 EUR including VAT

Selection of dates
onas
Do you have a question?
+420 731 175 867 edu@edutrainings.cz

Professional
and certified lecturers

Internationally
recognized certifications

Wide range of technical
and soft skills courses

View soft skills courses

Great customer
service

Making courses
exactly to measure your needs

Course dates

Starting date: Upon request

Type: E-learning

Course duration: 30 days

Language: en

Price without VAT: 470 EUR

Register

Starting
date		 Place
Type Course
duration		 Language Price without VAT
Upon request E-learning 30 days en 470 EUR Register
G Guaranteed course

Didn't find a suitable date?

Write to us about listing an alternative tailor-made date.

Contact

Course description

Upon successful completion of this course, students will be able to:

  • Building solid foundations that are required to understand the application security landscape.
  • Building foundational knowledge required to work with infrastructure security.
  • Understanding the wide range of skills and abilities that are required to be a security champion.
  • Embedding security while creating, running, and maintaining modern applications.
  • Gaining abilities to apply practical application security skills in a real-world environment.
  • Gaining skills and knowledge to liaise with security and other departments to make everyone responsible for the security.
  • Gaining analytical abilities to observe and advise various security controls, and solutions to secure DevOps.
  • Understanding the fundamentals of assessing and managing risks.

Course structure

Chapter 1: AppSec Basics

  • Introduction to Application Security.
  • HTTP Security basics.
  • Introduction to Burp Suite.
  • OWASP top 10 basics
    • Injection (SQL and other injections).
    • Cross-Site Scripting (XSS).
    • Cross-Site Request Forgery (CSRF) and SSRF.
    • Broken Authentication and Session Management.
    • XML External Entities (XXE).
    • Insecure Direct Object Reference (IDOR).
    • Security Misconfiguration.
    • Unvalidated Requests and Forwards.
  • Hands-on labs
    • SQL Injection.
    • XSS and CSRF.
    • SSRF.
    • Local File Inclusion (LFI) and File Upload issues.

Chapter 2: Secure Code Review

  • What is Secure Code Review?
  • How to approach Secure code review.
  • Tools of the trade.
  • Reviewing the code from a security perspective
    • Input and output validation.
    • Authentication issues.
    • Authorization issues.
    • Security Misconfigurations.
  • Hands-on labs
    • Input validation using industry best practices.
    • Output encoding to prevent client-side attacks like XSS.
    • Bruteforce attacks and secret questions.
    • Information leakage with password reset workflows.
    • Best practices in implementing role-based access control.
    • Risks with unvalidated redirects and forwards.

Chapter 3: Primer on Risk Management

  • Introduction to Risk management.
  • Risk Assessment.
  • Risk Calculation.
  • Risk Treatment
    • How to mitigate risks.
    • How to avoid risks.
    • How to transfer risks.
    • How to accept risks.
  • Plan, design, and implement a risk-management process.
  • Understand the current threat landscape.
  • Continuously improve security systems to reduce risk exposure.
  • Ensure business continuity while reducing the risks to the organization.

Chapter 4: Threat Modeling

  • What is Threat Modelling?
  • Risk Management vs. Threat modeling.
  • STRIDE vs. DREAD approaches.
  • Threat Modeling Process and its challenges
    • Decompose the application.
    • Identify the Threats.
    • Document and rate the threats, and risks.
    • DDesign and create defenses.
  • Classical Threat modeling tools and how they fit in CI/CD pipeline.
  • Hands-On Labs:
    • Automate security requirements as code.
    • Using ThreatSpec to achieve Threat Modelling as Code.

Chapter 5: DevSecOps Basics

  • DevOps Building Blocks – People, Process, and Technology.
  • DevOps Principles – Culture, Automation, Measurement and Sharing (CAMS).
  • Benefits of DevOps – Speed, Reliability, Availability, Scalability, Automation, Cost, and Visibility.
  • Overview of the DevSecOps critical toolchain
    • Repository management tools.
    • Continuous Integration and Continuous Deployment tools.
    • Infrastructure as Code (IaC) tools.
    • Communication and sharing tools.
    • Security as Code (SaC) tools.
  • Common Challenges faced when using the DevOps principles.
  • Secure SDLC
    • Overview of secure SDLC and CI/CD.
    • Review of security activities in secure SDLC.
    • Continuous Integration and Continuous Deployment.
  • Hands-On Labs:
    • How to embed SCA tool into CI/CD pipeline.
    • How to embed SAST tool into CI/CD pipeline.

Chapter 6: Infrastructure as Code and Its Security

  • Infrastructure as Code and its benefits.
  • Platform + Infrastructure Definition + Configuration Management.
  • Introduction to Ansible.
  • Benefits of Ansible.
  • Push and Pull based configuration management systems.
  • Modules, tasks, roles, and Playbooks.
  • Tools and Services that help to achieve IaC.
  • Hands-On Labs:
    • Docker and Ansible.
    • Using Ansible to create Golden images and harden Infrastructure.

Chapter 7: Agile Communications, Collaboration, and Soft Skills

  • The need for Agile communication and collaboration.
  • How to handle conflicting priorities among teams.
  • How to work security teams to find common ground.
  • Holding people accountable for security.
  • Staying empathetic and assertive.
  • Plan, design, and implement processes to resolve any issues among the teams.

Prerequisites

  • Foundational knowledge of software development life cycle.
  • Understanding of developing or testing web applications.

Do you need advice or a tailor-made course?

onas

product support

+420 731 175 867

edu@edutrainings.cz

Certification

After completing the course, you can schedule the CSC exam on your preferred date.

ComGate payment gateway MasterCard Logo Visa logo