Best Embedded Linux Application Security for Embedded Systems Training
TOPICS
Training materials
LearnChase training materials are renowned for being the most comprehensive and user friendly available. Their style, content and coverage is unique in the embedded systems training world, and has made them sought after resources in their own right. The materials include:
Fully indexed class notes creating a complete reference manual
Workbook full of practical examples and solutions to help you apply your knowledge
Structure and Content
Security fundamentals
What is security and why is it necessary? • Security concepts and terminology • Defense-in-depth approach • Why are devices attacked and who attacks them? •The guiding principles of securing a system
The Secure Software Development Lifecycle
Introduction to the Secure Software Development Lifecycle process • Why built-in-by-design security is important • Identifying what to protect • Security design and architecture • Threat modelling and mitigation design • Security assessment • Software implementation • Security testing • Release and maintenance •Practicals: Creating a threat model, defining security requirements
Common attacks and mitigations
Fundamental system software vulnerabilities • Application level attacks • Attacks against the system • Side-channel attacks • Mobile application security • Practical: Common attacks and protecting against them
Using Open Source software
What is Open Source Software? • Why is Open Source Software used? • What are the disadvantages of Open Source Software? • The GNU Public Licenses • How to use OSS in commercial code • OSS security vulnerability disclosure policies
Introduction to cryptography
What is cryptography and cryptanalysis? • Hashes • Block and stream ciphers • Asymmetric and symmetric ciphers • Retrofitting security to an existing design • Message authentication codes • Common cryptographic software libraries
Network security
Data in motion • The internet protocol suite • Link layer protection • Internet and transport layer protection • Application layer protection • Network domains, firewalls and port forwarding • Wireless security • Other digital connectivity threats • Practicals: Port scanning, implementing a firewall
Securing the software environment
Dynamic loading • Limiting resources • Limiting kernel access • Practical: Dynamic linking
Developing, building and maintaining secure software
Writing secure software • The secure software developer • Coding conventions and standards • Working with sensitive data and algorithms • Code review and test • Choice of programming language • Software maintenance
Security testing and release control
Testing and the Secure Software Development Lifecycle • Release management • Test tools • Practical: basic penetration testing
Security testing tools
System breaking tools • Network tools • File system tools • Vulnerability testing and exploit frameworks • Web server test tools
The course can also be tailored to suit your particular hardware and software environment. Please contact LearnChase to discuss your specific requirements.