 |
|
|
|
|
|
A very important link in the security chain are smart people.
Thus, we have founded the Virtual Forge college in order to spread our software security expertise.
Improve your knowledge and skills in our workshops.
We offer trainings for secure ABAP programming as well as preparation courses for the ISSECO "Certified Professional for Secure Software Engineering" exam.
|
|
|
|
|
|
Secure ABAP Programming |
|
|
|
Like any other programming language, ABAP code can contain weaknesses that lead to severe business risks.
Therefore, the goal of our unique training course is explaining the vulnerabilities, providing hands-on examples and teaching best coding practices for developing secure ABAP.
In our 2-day course you will examine several fictional incidents in order to understand what happened, reproducing the attack, identifying the dangerous code, determining root causes of the issue and elaborating a solution.
|
|
|
|
Contents: |
|
|
|
In eleven lessons, the following weaknesses are covered:
- ABAP Command Injection
- Authority Checks
- Backdoors
- Generic Function Calls
- OS Command Injection
- SQL Injection
- Directory Traversal
- Cross Site Scripting (XSS)
- Cross Site Request Forgery (XSRF)
- Forceful Browsing
- Phishing
The course is based on insights gained from a thorough analysis of more than 40.000 bugs that Virtual Forge discovered in SAP-related software security assessments during the past 6 years.
|
|
|
|
|
The theoretical knowledge transfer is endorsed by business case studies and practical exercises.
|
|
|
|
Duration: 2 days |
|
|
|
Date:September 29 - 30, 2009 |
|
|
|
It is also possible for companies to book a course for their staff on location. |
|
|
|
For further information or to register for a workshop, please contact Virtual Forge. |
|
|
|
|
|
ISSECO Certified Professional for Secure Software Engineering - Preparation Workshop |
|
|
|
The 1st official training course for secure development.
The course prepares you for a certification by iSQI.
We will offer the training together with the former CSO of SAP, Prof. Dr. Sachar Paulus.
You can find a success story here (in German language).
|
|
|
|
Contents: |
|
|
|
- Insight in hackers' view
- Trust and threat models
- Security methodologies
- Requirements engineering
- Secure Design
- Secure Coding
- Secure Testing
- Secure Deployment
- Security Response
- Security Metrics
- Code and resource protection
|
|
|
|
|
The theoretical knowledge transfer is endorsed by business case studies and practical exercises.
|
|
|
|
Duration: 3 days |
|
|
|
Date & Location:September 21 - 23, 2009, at the Virtual Forge Office, Heidelberg |
|
|
|
Price:EUR 1500,-
|
|
|
|
The certification fee will be EUR 300,- charged bei ISQI |
|
|
|
For further information or to register for a workshop, please contact Virtual Forge. |
|
|
- the 1. ABAP Security Scannner
