GN3plus Secure Code Training

GÉANT logo

Berlin, Germany, 28 - 30 October 2014

Overview

Producing secure code for applications is a key aspect of protecting GÉANT applications and systems. With the move towards multi-domain systems and services, there is a greater emphasis on securing these multi-domain systems as well as ensuring secure deployment of them. This year's Secure Code Training will focus on areas that affect the development, authenticated access to and deployment of applications.

A key aspect of this year's Secure Code Training is the emphasis on understanding threat and risk modelling that will enable developers to think about security from the very earliest stage of the project lifecycle.

With the imminent deployment of several multi-domain services additional time will be spent on introductions to authentication mechanisms and on how to design and implement secure authentication mechanisms.

Apart from the main security concepts for this session, a review of the most significant bad and good programming practices covering Perl, Python and shell scripting languages will be covered and an introduction to the JWS sandbox model, its constraints and capabilities.

The training will also contain a hands-on workshop aspect. The workshop will be divided into four blocks, covering some specific coding security problems which lead to various security vulnerabilities. After covering the theoretical basics, the participants will begin to search for the vulnerabilities which were covered, and analyse the code of the modified MDS tools. At the end of the practical part, participants will have the opportunity to take part in a "HackMe" contest, where they will be able to further strengthen the knowledge that they will have obtained during the workshop.

Presenters

Pawel Berus (PSNC), Gerard Frankowski (PNSC) and Tomasz Nowak (PSNC)

Objectives

Attendees having completed this training should be able to:

  • Perform a threat and risk assessment on their development projects.
  • Implement AAI mechanisms to protect their applications
  • Develop a secure deployment process to protect applications and systems
  • Have a clear understanding on some of the major bad and good programming concepts

No introductory issues will be provided for and the participants must be developers with a working knowledge of JAVA and C/PHP