Secure Coding Training Curriculum

From FedoraProject

Jump to: navigation, search
  • Basics (100-level)
    • Basic security - Sparks
    • QE Training - Sparks
    • buffer overflow
    • XSS
    • cross-site scripting (CSRF)
    • SQL injection
    • input validation
    • storing user provided passwords (proper hashing)
    • Encryption (using libraries, cipher choices, FIPS, Suite B) -- Eric
      • FIPS 140-2 - Cryptographic Modules
      • FIPS 197 - AES
      • FIPS 186-4 - DSS
    • Thinking like an attacker
  • Languages (200-level)
    • C
    • Python
    • Ruby
    • Java
    • JavaScript (node.js)
  • CWEs
    • Top 10
  • Security Response
    • What is a security flaw (report suspicious packages)
    • Notifying SRT
    • Handling security bugs
    • Handling embargoes
    • Fixing security flaws
    • Testing security fixes
    • Handling Errata
    • Other stuff? should we discuss via email?
  • Identity Management (Dpal's team can provide content)
    • Basic
      • What is Kerberos and its values?
      • Introduction to PKI
      • OS level identity managment component overview
      • Security libraries and thier value (SASL, GSSAPI, TLS...)
    • Advanced (dev)
      • Best practices building authentication for your application
      • Best practices of integrating Kerberos into your application
      • Where, when and how use PKI in your application
      • Web applications and identity managment: authentication, authorization, identity mapping, SSO
      • Best practices around building access control for your application
    • Advanced (SA)
      • Implementing identity managment solutions and eSSO