Training & Hands on Workshop

Center for Information Security Assurance & Governance is pleased to announce a training program " Application Security Unleashed ® An Application Security Training & Hands on Workshop. "

As corporations leverage the power of the World Wide Web, information security has reached its third age, the age of Application Security. With new attacks being launched on applications daily and insecure coding vulnerabilities creeping into production, the need to train our developers on secure design and development practices has never been stronger. Without question, application security is an ever-growing field that consists of many different classifications of attack vectors. So how do we decide what elements to focus on?

There is no simple solution when it comes to the protection of applications and the sensitive data they contain. In fact, the many choices available to an organization make what can be fairly straightforward seemingly more complex. Application security can be a daunting task without a solid understanding of your protection options.

Course Introduction

The Application Security Unleashed is a 2 Day Application Security Training & Hands on Workshop. A unique training program that covers information security integration throughout the application development life cycle. This program is strengthened with a series of live demonstrations and hands on student workshop on the final day.

CISAG's Value Proposition

No more traditional classroom trainers! The RLX Factor (Real Life Execution) Unlike traditional Trainer led programs that clearly lack real world & practical experience. CISAG's programs are delivered by its experienced security consultants, who have more than a decade of experience working with fortune 500 companies and have executed numerous security assessment projects for different industry verticals.

Course Description

CISAG's Application Security Unleashed is a 2 Day Application Security Training & Hands on Workshop which is aimed at bridging the Security GAP that exists between Application developers and Security professionals. This program focuses on the core importance of integrating security inside the traditional SDLC while encompassing the three main organizational pillars- People, Process and Technology.

Course Modules-Two Days (9:00 AM-6:00 PM)

» Need for Application Security	» Application Security Essentials
» OWASP® : Top 10 Vulnerabilities	» Threat Modelling
» Authentication- Attacks & Countermeasures	» Authorization- Attacks & Countermeasures
» Session Management- Attacks & Countermeasures	» Data Validation- Attacks & Countermeasures
» Error Handling / Information Leakage	» Logging
» Configuration Management-Fundamentals	» Cryptography-Channel Protection
» Application Security Testing	» Code Review-Tools & Techniques
» Application Security Regulatory compliance	» Hands on workshop-Student Assignments
» Program Wrap Up -Q&A

Learning Benefits

By the end of this course, you will be able to:
• Understand the application security requirements.
• Integrate Security checkpoints inside traditional SDLC.
• Identify security defects at the early phases of SDLC.
• Assess risk, disclose vulnerabilities and weaknesses, and prove progress both internally and for compliance requirements.
• Cost Savings (ROI)-Identify & reduce development time and number of cycles
• Establish an Application Securiy program inside your organization.

Who Should Attend

• Senior IT / Project Managers who can influence decisions pertaining to Information Security.
•Software Development professionals, who are responsible for Application development
•Software Architects who are responsible for architecting web applications
•Quality Professionals who are responsible for delivering quality web applications
•IT Security Professionals

Training Details

Duration : 2 Days (9:00 AM-6:00 PM)

Date : June 28th & 29th, 2008

Venue : Magnolia, India Habitat Center, Lodhi Road, New Delhi.

Fees:
Rs.18,000 + 12.36% S.T.

Discount:

ISACA / ISSA / OWASP Member- 5% Discount
Sponsored batch of 5 Candidates- 10% Discount
Sponsored bacth of 10 Candidates- 20 % Discount

CPE Credits : ISACA / ISC2 Certified Professionals may claim 14 CPE Credits towards this Training. "CPE credits may also apply to other certifications , not mentioned above.Kindly check with the Specific Certifying body CPE guidelines for the same".

Consultant Profile:

Dhruv Soi, Founder & Chief Security Evangelist
CISAG(Center for Information Security Assurance & Governance)

Dhruv Soi is the Founder & Chief Security Evangelist at CISAG, where he heads the Information security research Lab and is responsible for analyzing and creating countermeasures for new vulnerabilities & attacks both on the network and application layer. Dhruv is also on the board of Torrid Networks (P) Ltd. as Founder & Principal Consultant, where he is responsible for planning and execution of Information Security & IT Infrastructure Management related projects. As a Co-Founder & Principal Security Consultant at Ariose Software (P) Ltd.,he is responsible for delivering product engineering and innovation to few NG security products being developed at Ariose. He is a volunteer participant to many community groups including ISSA & OWASP, where he is associated as Founder & Director –Delhi Chapter and is responsible to promote OWASP initiatives and events in India.

Prior to this, he worked with Fidelity Investments where he was a part of the global security team and was responsible for conducting security reviews of transactional and non-transactional applications of Fidelity Investments. He has conducted risk assessment assignments for many vendors of Fidelity and also imparted secure application development trainings to more than 400 developers at Fidelity all across the globe.

Previously, Dhruv played a key role in SWAT (Special Weapon and Tactics) team of iPolicy Networks (acquired by Tech Mahindra). He worked as a security researcher and made a remarkable contribution to intrusion prevention system (IPS) product of iPolicy Networks lauded by the management team.

Registration :
Request you to kindly go through the details and let us know of your interest in participating / nominating your team for the same. You may confirm your participation by completing the registration and payment formalities using the standard registration form attached separately.

For Confirmations & Registrations, please contact Mr. Gaurav Dhyani at [M: +91-991-006-4022], [Fax: +91-120-423-5046]
or email: infosec.trainings@cisag.in

Looking forward to your participation & awaiting your kind response.

All rights reserved.
Center for Information Security Assurance & Governance (An Information Security Lab and Training Division of Torrid Networks (P) Ltd.)