The ISO / IEC 27034 Lead Auditor Course will provide you with the expertise to perform Application Security (AS) audits using generally accepted auditing principles, procedures, and techniques. During this training, you will gain the knowledge and skills to plan and perform application security audits. Through hands-on exercises, you will be able to master auditing techniques and have the skills to manage an audit program, audit team, client communication and conflict resolution.
In particular, the objectives of the training are:
• No
• Code : ISO/IEC 27034
• Durée : 5 Days
• schedule : 8h30 - 17h30
• place : training center, Center Urbain Nord
• Anyone responsible for maintaining compliance with the application security requirements of the organization
• Auditors wishing to conduct and conduct security audits of applications
• Course materials
• 40% demonstration
• 40% of theory
• 20% practical exercises
• Objectives and structure of the training
• Normative and regulatory frameworks
• Validation process
• Fundamentals of Application Security
• Overview of application security
• Business Risks to Application Threats
• Understand vulnerabilities
• Discover the vulnerabilities
• Test methods
• Session Management
• Authentication issues
• Authorization issues
• Specification of tools
• Best practices in application security
• Code evaluation techniques
• Analyze the flow of information across the entire application environment
• Validation of data
• Cryptography
• Dynamic tests or random data tests (Fuzzing)
• Define quality gates / bug bar
• Analyze security and privacy risks
• Check the threat / attack surface models
• Threat modeling
• Imposing prohibited functions
• Static Analysis
• Intervention plan
• Final Review of Security
• Competence and assessment of auditors
• Closing the training
Do not hesitate to contact our experts for any additional information, study and free calculation of an audit service.