SVA and SCA, Basic DevSecOps


Key Highlights

  • What is threat modelling
  • Application of threat model to a building
  • STRIDE Model
  • Elements of Models
  • Data Flow Diagrams
  • SDL Threat Modelling Tool
  • Creating threat model with SDL threat modelling
  • Design View
  • Analysis View
  • Analysing Threats to propose controls
  • Framing security requirements
  • Reading demo bank application code PHP
  • Reading Altroz / JAVA application Code
  • Reading Web Goat .Net Application Code
  • Session management
  • Session
  • Cookie
  • SQL Injection
  • OS Command Injection
  • Cross Site Scripting
  • Use of Hard-coded Keys/Credentials. –Truffle Hog
  • CSRF
  • Access Control: Database
  • XML Injection
  • Buffer Overflow
  • Passwords in clear text
  • Scanning application with automated tool
  • Analysing Results
  • False Positive Analysis
  • Manual code review
  • Source to Sink
  • Keyword based review
  • Dataflow based review
  • Control flow-based review
  • A06:2021 – Vulnerable and Outdated Components
  • Third party components and Open-Source Libraries
  • Common Vulnerability and Exposures (CVE)
  • National Vulnerability Database (NVD)
  • OWASP Dependency checkers or Equivalent tool
  • DevOps and Software Development Life Cycle
  • Jenkins/AzDevOps Installation
  • Plugins Management
  • Builds Setup
  • Integration with Git
  • Integration with Maven
  • Integration with fortify
  • PowerShell for custom policy definition

What you'll learn

1.Reports and Analytics Code
2.Key Business supplies and Key presentation Indicators
3.Custom Traffic Variables, Traffic Features and Functions
4.Custom adaptation Variables, Conversion Features and Functions
5.Information Tools
6.Approval and Troubleshooting

Course Duration

Course Name
Course Duration
Adobe Analytics
40 hrs
Adobe Analytics
Adobe Analytics
Training & Workshop