New We Hack Purple course

Secure Coding Course

Defensive coding techniques that are a must know for developers!

Sign up to get early access to our upcoming Secure Coding course. This language-agnostic course will teach you the basics of secure coding for the web, as well as give an overview of common vulnerabilities found in web applications, common application security activities and what you as a software developer need to do in order to be PCI complaint while handling credit card and other payment information from your customers.

Get Early Access to our Secure Coding Course.

When you sign up for early access, you'll have the first chance to enroll in the course at our early bird pricing. More details and perks will come closer to our release date in June 2021!

    We Hack Purple respects your privacy. We will never sell or share your information, or use it for any other purpose than to deliver information about We Hack Purple. Unsubscribe at any time.

    Full Course Outline

    • Introduction to secure coding
    • Secure SDLC and Application Security Programs
      • Secure SDLC
      • Example S-SDLC
      • Threat Modelling
      • Secure Software Supply Chain (SCA & 3rd Party Components)
      • Security Testing
      • Code Review and SAST
    • The Seventeen Secure Coding Commandments
      1. Validate ALL types of input.
      2. Output Encoding is required.
      3. Parameterized queries are required, dynamic SQL is forbidden.
      4. Use Authorization and Authentication in your framework, do not write your own.
      5. Use the identity and session management features in your framework, network, or cloud.
      6. All applicable security headers should be used.
      7. Do not cache sensitive page data.
      8. Sensitive data should be stored in secure cookies, and all available security features used.
      9. Take every possible precaution when performing file uploads.
      10. All errors should be caught, handled, logged, and, if appropriate, alerted upon.
      11. Sensitive or decision-making information should never be stored in URL parameters.
      12. Your application should be served over HTTPS only.
      13. All data must be encrypted in transit and at rest, use the latest version of TLS.
      14. Allow users to cut and paste into the password field, for password managers.
      15. All connection strings, hashes, passwords and other secrets must be kept in a secret store.
      16. Hash and salt all passwords. Make the salt at least 28 characters.
      17. Keep your programming framework(s) and dependencies up to date.
      18. A special note on APIs
    • What Developers need to know to be PCI Compliant
      • PCI Security Standards Council
      • PCI Compliance and You
      • PCI Jumpstart
      • PCI DSS Requirements
    • OWASP Top 10, plus a few extra vulnerabilities
    • Conclusion

    Each module will include a quiz. Some will also contain programming and/or code review exercises. By the end you should be able to spot poor coding practices easily, and know how to correct them.

    All contents of this email course, newsletter, podcast, training materials, etc. 2021 copyright We Hack Purple. All Rights Reserved.