SF - Certified Cyber Defender - Secure Web Development Expert

Overview
Course Outline
Assessment
Target Audience
Fees & Funding

What Will Be Taught For This Secure Web Development Expert Course?

In today’s context, the assets of a company that operates a website such as Lazada, Amazon and Carousell etc. is not the number of servers or offices but the information or data that are kept in the database such as credit card and identity information. If you have assets of importance or anything about your site puts you in the public spotlight then your web security will be tested.

Technically, the very same programming that increases the value of a web site, namely interaction with visitors, also allows scripts or SQL commands to be executed on your web and database servers in response to visitor requests. Any web-based form or script installed at your site may have weaknesses or outright bugs and every such issue presents a web security risk.

This course will equip and teach you how websites are being attack through applications and will also give you the knowledge and skills to implement and write secure code that will safe guard your websites.

Learning Outcome

In this course, you will be able to identify the vulnerabilities in your code and how these vulnerabilities are being exploited by the attackers on your website and learn how to defend against such attacks.

You will be able to:

Identify security threats and vulnerabilities.
Understand and explain how these security threats and vulnerabilities works
Learn how to implement defense mechanisms to such security threats and vulnerabilities

Module 1: Introduction to Web Application Security

Web Application Security Misconception
What Is Web Application Security?
Why Web Application Security Is Important?

Module 2: Defending Against SQL Injection Attack

Categorize and explain various types of SQL injection attacks
Describe coding and design strategies for avoiding SQL injection attacks
Apply coding standards to eliminate SQL injection vulnerabilities

Module 3: Defending Against Cross Site Scripting Attack

Understand What is Cross-Site Scripting
Describe the impact of Cross-Site Scripting attacks
Understand Cross-Site Scripting Client-Side Code
Explain the differences between various types of Cross-Site Scripting
Defending against Cross-Site Scripting

Module 4: Defending Against Broken Authentication and Session Management

Understand What is Broken Authentication and Session Management
Describe the impact of Broken Authentication and Session Management
Understand How Broken Authentication and Session Management Works
Defending against Broken Authentication and Session Management

Module 5: Defending Against Cross Site Request

Understand What is Cross Site Request Forgery
Describe the impact of Cross Site Request Forgery
Understand How Cross Site Request Forgery Attack Is Carried Out
Defending against Cross Site Request Forgery Attack

Module 6: Defending Against Unvalidated Redirects and Forwards Attack

Understand What is Unvalidated Redirects and Forwards
Describe the impact of Unvalidated Redirects and Forwards
Understand How Unvalidated Redirects and Forwards Works
Defending against Unvalidated Redirects and Forwards

Module 7: Defending Against Missing Function Level Access Control

Understand What is Missing Function Level Access Control Attack
Describe the impact of Missing Function Level Access Control
Understand How Missing Function Level Access Control Works
Defending against Missing Function Level Access Control Attack

Module 8: Defending Against Sensitive Data Exposure

Understand What is Sensitive Data Exposure
Describe the impact of Sensitive Data Exposure
Defending against Sensitive Data Exposure

Module 9 – Defending Against Insecure Deserialization Attack

Understand What is Insecure Deserialization
Describe the impact of Insecure Deserialization
Understand How Insecure Deserialization Works
Defending against Insecure Deserialization

Module 10: Defending Against Using Components with Known Vulnerabilities

Understand What is Using Components with Known Vulnerabilities
Describe the impact of Using Components with Known Vulnerabilities
Defending against Unknown Vulnerable Components

Module 11: Defending Against Insecure Direct Object

Understand What is Insecure Direct Object Reference
Describe the impact Insecure Direct Object Reference
Understand How Insecure Direct Object Reference Works
Defending against Insecure Direct Object Reference

Module 12: Defending Against XML External Entities(XXE) Attack

Understand What is XML External Entities (XXE)
Describe the impact of XML External Entities (XXE) Attack
Understand How XML External Entities (XXE) Attack Works
Defending against XML External Entities (XXE) Attack

Module 13: Defending Against Security Misconfiguration

Understand What is Security Misconfiguration?
Describe the impact of Security Misconfiguration
Defending against Security Misconfiguration

Module 14: Defending Against Insufficient Logging and Monitoring

Understand What is Insufficient Logging and Monitoring Malpractices
Describe the impact of Insufficient Logging and Monitoring Malpractices
Explain the differences between logging and monitoring
Defending against Insufficient Logging and Monitoring Malpractices

Assessment Format & Duration (only applicable for learner taking SF grant)

Assessment	Format	Duration
Written Assessment	Assess learners on their mastery of the Performance Statements.	1.5 Hours
Practical Performance	Assess learners on their understanding of the competencies.	3.25 Hours
Total		4.75 Hours

Who Should Attend This Secure Web Development Expert Training?

This course is targeted toward the web developers, Project Managers, or anyone with working experience developing web applications using languages such as PHP, .NET, Ruby, Java or Python.

Self Sponsored

	w/o GST	w GST
Course Fee	$1,500	$1,605
Singapore Citizen & PR aged ≥ 21 years	$1,132.50	$1,237.50
Singapore Citizen aged ≥ 40 years (SkillsFuture Mid-Career Enhancement Funding)	$275	$380
Singapore Citizen aged ≥ 35 years with earning ≤ $2,000/month (WTS Scheme)	$75	$180

Company Sponsored - Non SME

	w/o GST	w GST
Course Fee	$1,500	$1,605
Singapore Citizen & PR aged ≥ 21 years	$1,132.50	$1,237.50
Singapore Citizen aged ≥ 40 years (SkillsFuture Mid-Career Enhancement Funding)	$275	$380
Singapore Citizen aged ≥ 35 years with earning ≤ $2,000/month (WTS Scheme)	$75	$180

Company Sponsored - SME

	w/o GST	w GST
Course Fee	$1,500	$1,605
Singapore Citizen & PR aged ≥ 21 years	$275	$380
Singapore Citizen aged ≥ 40 years (SkillsFuture Mid-Career Enhancement Funding)	$275	$380
Singapore Citizen aged ≥ 35 years with earning ≤ $2,000/month (WTS Scheme)	$75	$180

Remarks:

Individual Sponsored

Eligible Singapore Citizens can use their SkillsFuture Credit to offset course fee payable after funding.

Company Sponsored

Absentee Payroll claimable by SMEs: Up to 80%of hourly basic salary capped at $7.50/hr
Absentee Payroll claimable by Non-SMEs: Up to 80% of hourly basic salary capped at $4.50/hr
Absentee payroll claimable by companies (SMEs and Non-SMEs) sponsoring candidates under WTS Scheme: Up to 95% of hourly basic salary (no dollar cap)

Terms & Conditions

All prices stated above are in Singapore Dollars (SGD). This funding support is only applicable for Singapore Citizen and Permanent Residents.
Trainee must attained minimum 75% attendance and pass all assessment within 3 months to qualify for SF Funding.
Trainee undertakes to reimburse ST Electronics (e-Services) FULL course fees should he/she be ineligible for course fee grant. ST Electronics (e-Services) is not liable for any other funding not approved by WSG.
Trainees must be competent for all assessments before they are eligible for SF funding.
ST Electronics (e-Services) reserves the right to change the date or venue without prior notice.
ST Electronics (e-Services) reserves the right to cancel or reschedule the course due to class size or unforeseen circumstances.

Please select the course date to enrol
APR: 1-3
JUN: 10-12
Duration: 3 days Time: 9am to 5pm