EC-Council ECSP certification | 5-day course

Overview

Learn how to code and develop secure applications with greater stability and posing minimal security risks to the consumer. Get your EC-Council Certified Secure Programmer certification in just five days. Depending on whether you're used to working with .NET or Java, you'll be able to tailor your course based on the environment you work in. Choose either the .NET or Java labs and exam - and get the accreditation you want.

As an ECSP you'll improve the overall quality of your products and applications by identifying security flaws and implementing security countermeasures throughout the software development life cycle. This course is based on the OWASP (Open Web Application Security Project) Top Ten Threats, a guide to the most common categories of application security problems.

What you'll learn

This course builds on your development skills in C#, C++, Java, PHP, ASP, .NET and SQL. You'll learn about key secure programming topics, including:

Framework Security
.NET Authentication and Authorisation
.NET & Java Cryptography
Secure File Handling

If you're designing and building Windows/Web based applications with .NET/Java, the ECSP certification is for you. You'll learn the latest techniques and strategies in secure programming through classroom discussions and a series of practical labs.

9x Accredited Training Centre of the Year

Firebrand Training has again won the EC-Council Accredited Training Centre of the Year Award, from a Training Partner network that has more than 700 training centres across 107 countries. This extends a record-breaking run of successive awards to nine years.

Jay Bavisi, President of EC-Council said: “The annual EC-Council Awards highlights the commitment and achievements of our global partners and trainers that have contributed to the information security community.”

See prices now to find out how much you could save when you train at twice the speed.

See prices

Four reasons why you should sit your ECSP course with Firebrand Training

You'll be ECSP trained and certified faster. Learn more on this 5-day accelerated course. You'll get at least 12 hours a day of quality learning time in a distraction-free environment
Your ECSP course is all-inclusive. One simple price covers all course materials, exams, accommodation and meals – so you can focus on learning
Pass ECSP first time or train again for free. Your expert instructor will deliver our unique accelerated learning methods, allowing you to learn faster and be in the best possible position to pass first time. In the unlikely event that you don't, it's covered by your Certification Guarantee
Study ECSP with an award-winning training provider. We've won the Learning and Performance Institute's "Training Company of the Year" three times. Firebrand is your fastest way to learn, with 134.561 students saving more than one million hours since 2001

Benefits

This course will significantly benefit programmer and developers concerned about the security of their code.

Technical certification is a sound investment in your career - and your organisation. Although certification does not guarantee success, research has shown that it can have a significant impact on:

Morale and confidence
Efficiency and productivity on the job: 85% of managers view certified employees as more productive (Gartner Study)
Career advancement: 70.8% of IT managers view certification as a criteria for promotion (Gartner Study)
Financial rewards

Think you are ready for the course? Take a FREE practice test to assess your knowledge!

Free Practice Test

Curriculum

The curriculum will focus on your chosen ECSP certification language of either .NET or Java.

Introduction to Application Security

Become Familiar with. Application Security
Understand the Need for Application Security
Key Elements of Framework Architecture Security
Framework Security Features
Top 10 Security Attacks For OWASP
Secure Development Lifecycle (SDL)
Threat Modeling Process
Security Testing
Learn Various Secure Coding Principles
Guidelines for Developing Secure Codes
Confidentiality
Integrity
Availability
Minimal attack surface areas
Secure defaults
Principle of least privilege
Principle of defense in depth
Fail securely
External systems are insecure
Separation of duties
No security by obscurity
Simplicity
Fix security issues correctly

Framework Security

Become Familiar with Framework Architecture
Learn Framework Runtime Security Model
Understanding you’re only as secure as your Framework
Role-Based Security
Code Access Security (CAS)
Evidence-Based Security
Permissions and Permissions Classes
Become Familiar with Stack Walking Process
Isolated Storage
Learn About Class Libraries Security
.NET Assembly Security
Understand Common Threats To .NET Assemblies and Classes

Input Validation and Output Encoding

Understand Need of Input Validation
Various Input Validation Approaches
Learn Various Validation Controls
Understand Common Input Validation Attacks
Learn Defensive Techniques for XSS Attacks
Validation Control’s Vulnerabilities
Learn Mitigation Techniques for Validation Control’s Vulnerabilities
Learn Defensive Techniques for SQL Injection Attacks
Learn Output Encoding To Prevent Input Validation Attacks
Sandboxing to Prevent Input Validation Attacks
Various Sandboxing Software
Best Practices for Input Validation

.NET Authentication and Authorization

Authorization and Authentication Processes
Understand Common Threats on Authorization and Authentication
Authentication and Authorization Security Architecture
Understanding the Security Relationship between IIS and ASP.NET
Authentication and Its Modes in Detail
Authorization and Its Types in Detail
Become Familiar with Impersonation and Delegation Concepts
Mitigate Authentication and Authorization Vulnerabilities
Best Practices for Authentication and Authorization
Become Familiar with Secure Communication Concepts

Secure Session and State Management

Session Management Concepts
Security Principles for Session Management Tokens
Common Threats on Session Management
The Session Management Techniques
Various Session Attacks
Defensive Techniques against Session Attacks
Become Familiar with Cookie-Based Session Management
Cookie Security
Viewstate in .NET or HTTP Session Class in Java - Based Session Management
Common Threats on Viewstate in .NET or HTTP Session Class in Java
Viewstate in .NET or HTTP Session Class in Java Security
Guidelines for Secure Session Management

.NET & Java Cryptography

Become Familiar with Cryptography in .NET and Java
Understand Different Types of Cryptographic Attacks In .NET and Java
Become Familiar with Symmetric Encryption
Learn How to Secure Symmetric Encryption
Become Familiar with Asymmetric Encryption
Learn How to Secure Asymmetric Encryption
Become Familiar with the Hashing Concept
Reversing Hashing - EG. Cracking Passwords

Quick Overview on Password Cracking and how it affects programmers

Learn How to Implement Security in Hashing
Digital Signatures – If it is valid does that mean it’s not malicious?
Digital Certificates – The process start to finish
XML Signatures

Error Handling, Auditing, and Logging

Errors and Exception Handling
The Principles of Secure Error Handling
Different Levels of Exception Handling
Mitigate Vulnerabilities in Class Level Exception Handling
Manage Unhandled Errors
Guidelines and Checklists for Proper Exception Handling
Become Familiar with Logging and Auditing Process
Common Threats to Logging and Auditing
Become Familiar with Log Throttling Process
Learn How to Implement Windows Log Security against Various Attacks
Best Practices and Checklists for Auditing and Logging Security
Various Logging Tools

Secure File Handling

File Handling Concepts
Understand File Handling Security Concerns
Path Traversal Attacks on File Handling
Learn Defensive Techniques against Path Traversal Attack
Canonicalization Attack on File Handling
Learn Defensive Techniques against Canonicalization Attack
Static Files and their Security
The Security of File I/O Using Absolute Path and Map path
Security While Uploading Files
Become Familiar with the File Extension Handling Concept
File ACLS
Checklist for Securely Accessing Files

Configuration Management and Secure Code Review

Configuration Management
Common Threats on Configuration Management
Machine Configuration Files or Web XML or Properties Class in JAVA
Mitigate the Vulnerabilities in Machine Config Files or Web XML or Properties Class in JAVA
Application Configuration Files or Web XML or Properties Class in JAVA
Mitigate the Vulnerabilities in App Config Files or Web XML or Properties Class in JAVA
Code Access Security Configuration Files or Web XML or Properties Class or Web XML or Properties Class in JAVA
Policy Configuration Files
Best Practices for Configuration Management
Become Familiar with Secure Code Review
Security Code Review Approaches
Various Static Code Analysis Tools

JavaScript – Just don’t do it, but if you have to…

XSS
Reflected
Stored
DOM
XSRF
Click Jacking
Script Injection

Buffer Overflow

Write and implement a buffer overflow on various vulnerabilities

Reversing Java and .NET

Both Java and .NET compile to byte code which can be reversed
Learn techniques to secure your hard earned code.

OWASP Hands-On Labs:

Unvalidated Redirects and Forwards Lab

Testing the attack
Fixing the problem on the client side
Fixing the problem on the server side

Insufficient Transport Layer Protection Lab

Insecure pages
Secure login cookies
Secure other cookies

A8 Failure to Restrict URL Access Lab

Mounting the attack
Another hole

Insecure Cryptographic Storage Lab

Mounting the attack
Preparing to encrypt the file
Encrypting the file
Decrypting the file
Replaying the attack
Zeus

Security Misconfiguration Lab

Problem 1
Problem 2
Problem 3
Problem 4
Mounting an attack
Hardening the site

Cross Site Request Forgery Lab

Preparing
Mounting the attack
Hardening the site with a CAPTCHA
Re-running the attack
Protecting CSRF with synchronizer token pattern
Re-running the attack

Insecure Direct Object Reference Lab

Mounting the attack
Hardening the site
Hardening in .Net

Broken Authentication and Session Management Lab

Mounting the attack
Hardening the site with IP checking
Hardening the site with authentication

Cross-Site Scripting Lab

Testing for a vulnerability
Mounting the attack
Hardening the site – encoding output
Hardening the site – Using the Anti-XSS library

Injection Flaws Lab

Mounting the attack
Advanced attack vectors
Hardening the site with parameters
Bonus! Hardening the site with a whitelist
Protecting your update with a whitelist
Protecting your update with parameters

Information Leakage and Improper Error Handling Lab

Mounting the attack
Turning specific errors on
Create custom error pages
Capturing the error

Cryptography Lab

Exploring existing controls

Provider Model Lab

Exploring existing controls
Add the link
Add the page

Click jacking Lab

Testing the vulnerability
Protecting with X-Frame-Options
Protecting with frame-breaking JavaScript

Phishing Lab

Creating an uncomplicated site
Routes and default values
Sending an email

Static Code Analysis Lab

Testing the attack

Exam Track

Depending on the environment you're used to working in, you'll choose and sit one of the following exams:

EC-Council ECSP Java Exam: 312-94
EC-Council ECSP .NET Exam: 312-93

What's Included

Included:

Depending on the environment you're used to working in, you'll choose one of the following sets of courseware:

EC-Council ECSP Java

EC-Council ECSP .NET

Your accelerated course includes:

Accommodation *
Meals, unlimited snacks, beverages, tea and coffee *
On-site exams **
Exam vouchers **
Practice tests **
Certification Guarantee ***
Courseware
Up-to 12 hours of instructor-led training each day
24-hour lab access
Digital courseware **

* For residential training only. Accommodation is included from the night before the course starts. This doesn't apply for online courses.
** Some exceptions apply. Please refer to the Exam Track or speak with our experts
*** Pass first time or train again free as many times as it takes, unlimited for 1 year. Just pay for accommodation, exams, and incidental costs.

Prerequisites

The ECSP certification is intended for programmers who are responsible for designing and building secure Windows/Web based applications with .NET/Java Framework. It is designed for developers who have C#, C++, Java, PHP, ASP, .NET and SQL development skills.

In order to attend successfully you must have programming fundamental knowledge.

Are you ready to get certified in record time?

We interview all applicants for the course on their technical background, degrees and certifications held, and general suitability. If you get through this screening process, it means you stand a great chance of passing.

Firebrand Training is an immersive training environment. You must be committed to the course. The above prerequisites are guidelines, but many students with less experience have other background or traits that have enabled their success in accelerated training through Firebrand Training.

If you have any doubts as to whether you meet the pre-requisites please call 21 96 61 82 and speak to one of our enrolment consultants, who can help you with a training plan.

Reviews

We've currently trained 134.561 students in 12 years. We asked them all to review our Accelerated Learning. Currently,
96,41% have said Firebrand exceeded their expectations:

"Good facilities, very knowledgeable instructor."
Anonymous (27/4/2015 (Monday) to 1/5/2015 (Friday))

"Every professional .Net programmer should have a security qualification. ECSP will give you that."
S.R. (27/4/2015 (Monday) to 1/5/2015 (Friday))

"The trainer is a great instructor. He teached us very well!"
J. M.. (24/10/2016 (Monday) to 28/10/2016 (Friday))