In this course, students will gain knowledge of how to program defensively, using techniques that account for all possible code paths. The course is largely language agnostic with examples using Python, Java, Go, and C/C++ but can be customized for a particular language. Writing code that is functionally correct is an insufficient requirement in that applications are often misused, intentionally or inadvertently. Writing code that accounts for illegal input and potential system errors (e.g., lack of system resources) is necessary so that under such conditions, applications do not fail in awkward and dangerous ways. Completion of this course ensures that developers are aware of the dangers associated with writing non-defensive code and have the skills to mitigate these dangers to write professional and safe applications.
Who Should Attend
Developers, DevOps, IT and QA Staff, Release Engineers, Technical Managers and Build Team personnel
What Attendees Will Learn
This course is designed to provide engineering staff with a comprehensive overview of building applications with a mindset toward defensive coding techniques. Functionally correct code does not necessarily account for all possible illegal inputs, intentional or inadvertent. This course teaches process and techniques for ensuring that an application behaves in an acceptable manner even when presented with faulty inputs.
- Explain the need for defensive design
- Learn input validation techniques
- Describe how a language choice affects the defensive process
- Describe common concerns/threats and mitigation controls
- Show examples of SQL injection vulnerabilities
- Describe mitigation techniques within managed languages
- Learn how to test for vulnerabilities
Prerequisites
General technology background, experience with programming using Go, Python, Java, or C/C++.