Category : Cyber Security

Application Security – Hardening and Deployment configuration

Start Date : December 15, 2020
Course Duration : 49.5
Course Type : Self paced
Course Validity : 180 days
5000
Description

Application Security – Hardening and Deployment configuration NOS: Aligned to Competency Standards developed by SSC NASSCOM in collaboration with Industry and approved by Government

Application hardening is a process of taking a finished application and making it more difficult to reverse engineer and tamper. Combined with secure coding practices, application hardening is a best practice for companies to protect their app's IP and prevent misuse, cheating, and repackaging by bad users.

Application hardening: 

Inhibits hackers’ efforts to reverse engineer an app back to source code Thwarts hackers’ efforts to inspect internal values, monitor, or tamper with an app  Helps validate the app is running in a safe environment

Keywords
IT and Security control, Attack Surface, String encryption, Watermarking, Code obfuscation, Hardening, Deployment, CIS Controls, Debugger detection, Symbol renaming, Reverse engineering

Course Description
This course prepares the graduate student to employ the theoretical and conceptual underpinnings to understand the methods in application hardening and its relevant techniques to configuration deployment along with center for internet security (CIS) controls. The academic engagement will cover the following topics: (i) Identify a secure baseline, (ii) Customize, (iii) Deploy. Students will be able to perform system hardening techniques with CIS controls.

Prerequisites

  • Network & Systems Administration
  • Security checklist
  • IT security architecture
  • Network security architecture
  • Hardening tools
Course Outline

  • Binary level code obfuscation to prevent attackers from seeing a functional view of an application. 
  • Application integrity checks ensure the application code has not been altered. 
  • Detect whether the app is running on a rooted or jailbroken device. 
  • Vary how protections are applied in each build to prevent attackers from building up a cumulative understanding of how apps are being protected. 
  • Determine what actions to take if app is being attacked or a device is determined to be compromised. 
  • Utilize white-box cryptographic protection to encrypt critical keys and data.
Learning Objectives

  • Provides best practices for securely deploying applications.
  • Protect the application from a hacker trying to reverse engineer the app back to source code 
  • Prevent hackers from trying to inspect internal values, monitor or tamper with the app 
  • Enable your application to safely run in zero‑trust environments 
  • Protect your users’ data and sensitive information
  • Helps protect the confidentiality, integrity, and availability of your application in production.
  • Identifies when each task should be performed: at or near the beginning of development, on an ongoing basis, or just before deployment.
  • Helps avoid expensive rework late in your development process.

Target Audience
Working Professional with Experience, Entry Level Working Professional, Graduates student.




Announcements
Theory Video Web Application Security
Lab Manual 910-LAB01_Web application vulnerability scanning
Quiz Web Application Security
Theory Video Security Technical Implementation Guides
Lab Manual 910-LAB02_Security breach prevention
Quiz Security Technical Implementation Guides
Theory Video Application Security
Lab Manual 910-LAB03_Web application security techniques
Quiz Application Security
Theory Video Application Vulnerabilities
Lab Manual 910-LAB04_Application vulnerability management techniques
Quiz Application Vulnerabilities
Theory Video Application Hardening
Lab Manual 910-LAB05_Hardening techniques and standards
Quiz Application Hardening
Theory Video Security & Patch Updates
Lab Manual 910-LAB06_Application security and patch management
Quiz Security & Patch Updates
Theory Video Patch Management
Lab Manual 910-LAB07_Managing patches and updates in web application
Quiz Patch Management
Theory Video Conclusion & Testing
Lab Manual 910-LAB08_DAST techniques
Quiz Conclusion & Testing