Secure Coding Training (SCT24)

Starts
Ends
(Timezone - Europe/Warsaw)
Virtually Hosted
Description

Due to limited places this course is available to those working as part of the GN5-1 Project.

The secure coding training events are an unmissable opportunity for software development enthusiasts involved in the GN5-1 Project.  

SCT24 will take place from Tuesday 15th October to Thursday 17th October, 10am to 3pm daily.  This training will be delivered remotely by the PSNC team.  

Eligible participants can claim manpower to attend SCT24, information can be found here.  Participants should always allocate time and costs to the WP they are working on.

SCT24 will focus on the following topics:

  1. SDLC and Continuous Integration 
  2. Write Hacker Proof Code - OWASP ASVS 
  3. Secure Programming in Python
  4. Overview of Sonarqube capabilities 

More information on the course content can be found below.

Don't miss out on this opportunity to improve your skills and take your development to the next level.

If you have any questions regarding the course,do not hesitate to contact glad@geant.org

 

SCT24 Agenda:

Overview of SonarQube Capabilities by external training experts, SonarSource

  • Introduction to Sonar's Methodology: Clean as You Code & ShiftLeft
  • Overview of SonarLint, SonarQube, and SonarCloud
  • Understanding Quality Gates & Quality Profiles (Standards)
  • Sonarqube Best Practices & Roadmap

 

SDLC and Continuous Integration 

This session highlights the Paradigm of Shifting-Left Security. It covers the importance of Test-Driven-Development and clean software versioning using git branching.

  • Continuous Integration tools to support automated code security check-ups
  • New caveats and security risks introduced by using CI/CD automation (https://github.com/cider-security-research/top-10-cicd-security-risks),
  • How to provide secure and quality code
  • Strategy for managing dependencies madness using semantic versioning.
  • ‘not-a-novel’ yet testing on production

 

Write Hacker Proof Code - OWASP ASVS 

The presentation will cover the next areas of OWASP Application Security Verification Standard and includes practical examples and exercises.

  • Appropriate use of HTTP security headers
  • Prevent information leakage from the application
  • Avoid 3rd party libraries security problems 
  • How to use WP29T2 mechanisms to ensure the highest level of security for GÉANT development projects.

 

Secure Programming in Python

Deepen your knowledge of advanced secure coding techniques for Python-based web applications. 

Learn how to:

  • Strengthen authentication: Advanced techniques for securing login and authorization mechanisms.
  • Safeguard sensitive data: Techniques for securely storing, processing, and transmitting data.
  • Access control management: Effective methods for managing permissions and access to application resources.
  • Defend against common threats: Practical examples of common vulnerabilities (e.g., SQL injection, XSS, path traversal, command injection) and detailed methods for their elimination.
  • Recognise vulnerable code: Analysis of real-world vulnerability cases and practical approaches to fixing them.
  • Best practices and what to avoid: Discussion of secure coding principles and practices that can lead to vulnerabilities if not followed.

 

 

 

 

Registration
SCT 2024 registration
15 / 18
Participants
  • Anna Wilson
  • Guillaume Rousse
  • Robert Latta
  • Saket Agrahari
  • Sam Roberts
  • Sandor Kiss
  • +9
GLAD Team
The agenda of this meeting is empty