Skill Up Card - Course Bundles

Pricing is per delegate, giving you huge savings over the cost of individual courses.

  • UK = £2,000 + VAT per Skill Up Card
  • Ireland = €2,400 per Skill Up Card
skill up card logo - Nexus Human

Information Assurance (DISA STIG) Overview (TT8800)

4.6 out of 5 rating Last updated 05/12/2024   English

Jump to outline

Global Schedule

GTR = Guaranteed to Run

05 Feb 25 Book
15:00 - 23:00 Live Online 2,195
16 Apr 25 Book
15:00 - 23:00 Live Online 2,195

18 Jun 25 Book
15:00 - 23:00 Live Online 2,195
20 Aug 25 Book
15:00 - 23:00 Live Online 2,195
22 Oct 25 Book
15:00 - 23:00 Live Online 2,195
03 Dec 25 Book
15:00 - 23:00 Live Online 2,195
Duration

2 Days

12 CPD hours

Overview

Working in an interactive learning environment, guided by our application security expert, you'll explore:
- the concepts and terminology behind defensive coding
- Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets
- the entire spectrum of threats and attacks that take place against software applications in today's world
- the role that static code reviews and dynamic application testing to uncover vulnerabilities in applications
- the vulnerabilities of programming languages as well as how to harden installations
- the basics of Cryptography and Encryption and where they fit in the overall security picture
- the requirements and best practices for program management as specified in the STIGS
- the processes and measures associated with the Secure Software Development (SSD)
- the basics of security testing and planning

Description

The Information Assurance (STIG) Overview is a comprehensive two-day course that delves into the realm of Information
Assurance, empowering you to enhance your cybersecurity skills, understand the essentials of STIGs, and discover cuttingedge web application security practices. This immersive experience is tailored for IT professionals, developers, project teams, technical leads, project managers, testing/QA personnel, and other key stakeholders who seek to expand their knowledge and expertise in the evolving cybersecurity landscape. The course focuses on the intricacies of best practices for design, implementation, and deployment, inspired by the diverse and powerful STIGs, ultimately helping participants become more proficient in application security.
The first half of the course covers the foundations of DISA's Security Technical Implementation Guides (STIGs) and learn the ethical approach to bug hunting, while exploring the language of cybersecurity and dissecting real-life case studies. Our expert instructors will guide you through the importance of respecting privacy, working with bug bounty programs, and avoiding common mistakes in the field.
The next half delves into the core principles of information security and application protection, as you learn how to identify and mitigate authentication failures, SQL injections, and cryptographic vulnerabilities. You'll gain experience with STIG walkthroughs and discover the crucial steps for securing web applications.
Throughout the course, you'll also explore the fundamentals of application security and development, including checklists, common practices, and secure development lifecycle (SDL) processes. You'll learn from recent incidents and acquire actionable strategies to strengthen your project teams and IT organizations. You'll also have the opportunity to explore asset analysis and design review methodologies to ensure your organization is prepared to face future cybersecurity challenges.
Note: For a deeper (or next-step) exploration of STIGs and Application Security attendees might consider the five-day course TT8815: Understanding and Verifying ASD STIGs

Prerequisites

While specific prerequisites may vary depending on the course provider and the targeted audience, a general set of prerequisites for attending a course on Information Assurance and STIGs could include:
- Basic understanding of information security concepts and terminology.
- Familiarity with web application architecture and development.
- Knowledge of networking and web protocols (e.g., HTTP, HTTPS, TCP/IP).
- Experience with programming languages commonly used in web application development, such as JavaScript, Python,
Java, or C# would be helpful but not required, as this is not a hands-on class.
- A general understanding of operating systems, databases, and web servers.

Session: STIG Foundation

Lesson: DISA's Security Technical Implementation Guides (STIGs)

The motivations behind STIGs
Requirements that the various software development roles must meet
Implementing STIG requirements and guidelines
Lab: Exploring the STIG Viewer


Lesson: Why Hunt Bugs

The Language of Cybersecurity
The Changing Cybersecurity Landscape
AppSec Dissection of SolarWinds
The Human Perimeter
Interpreting the 2021 Verizon Data Breach Investigation Report
First Axiom in Web Application Security Analysis
First Axiom in Addressing ALL Security Concerns
Lab: Case Study in Failure


Session: Foundation for Securing Web Applications

Lesson: Identification and Authentication Failures

Applicable STIGs
Quality and Protection of Authentication Data
Proper hashing of passwords
Handling Passwords on Server Side
Session Management
HttpOnly and Security Headers
Lab: STIG Walk-Throughs


Lesson: Injection

Applicable STIGs
Injection Flaws
SQL Injection Attacks Evolve
Drill Down on Stored Procedures
Other Forms of Server-Side Injection
Minimizing Injection Flaws
Client-side Injection: XSS
Persistent, Reflective, and DOM-Based XSS
Best Practices for Untrusted Data
Lab: STIG Walk-Throughs


Lesson: Database Security

Design and Configuration
Identification and Authentication
Computing Environment
Database Auditing
Boundary Defenses
Continuity of Service
Vulnerability and Incident Management
Lab: STIG Walk-Throughs


Session: Moving Forward

Lesson: Applications: What Next

Common Vulnerabilities and Exposures
CWE/SANS Top 25 Most Dangerous SW Errors
Strength Training: Project Teams/Developers
Strength Training: IT Organizations


Lesson: Cryptographic Failures

Applicable STIGs
Identifying Protection Needs
Evolving Privacy Considerations
Options for Protecting Data
Transport/Message Level Security
Weak Cryptographic Processing
Keys and Key Management
Threats of Quantum Computing
Steal Now, Crack Later Threat
Lab: STIG Walk-Throughs


Session: Moving Forward with Application Security

Lesson: Application Security and Development Checklists

Checklist Overview, Conventions, and Best Practices
Leveraging Common AppSec Practices and Control
Actionable Application Security
Additional Tools for the Toolbox
Strength Training: Project Teams/Developers
Strength Training: IT Organizations
Lab: Recent Incidents


Time Permitting

Session: Secure Development Lifecycle (SDL)

Lesson: Principles of Information Security

Security Is a Lifecycle Issue
Minimize Attack Surface Area
Layers of Defense: Tenacious D
Compartmentalize
Consider All Application States
Do NOT Trust the Untrusted
Lab: Risk Escalators
Additional course details:

Nexus Humans Information Assurance (DISA STIG) Overview (TT8800) training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward.

This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts.

Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success.

While we feel this is the best course for the ITS Data Analytics course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you.

Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

FAQ for the Information Assurance (DISA STIG) Overview (TT8800) Course

Available Delivery Options for the Information Assurance (DISA STIG) Overview (TT8800) training.
  • Live Instructor Led Classroom Online (Live Online)
  • Traditional Instructor Led Classroom (TILT/ILT)
  • Delivery at your offices in London or anywhere in the UK
  • Private dedicated course as works for your staff.
How many CPD hours does the Information Assurance (DISA STIG) Overview (TT8800) training provide?

The 2 day. Information Assurance (DISA STIG) Overview (TT8800) training course give you up to 12 CPD hours/structured learning hours. If you need a letter or certificate in a particular format for your association, organisation or professional body please just ask.

Which exam does the Information Assurance (DISA STIG) Overview (TT8800) training course prepare you for?

The Information Assurance (DISA STIG) Overview (TT8800) prepares you for the Yes official exam. You can take this exam at any exam center across Ireland including, Dublin, Cork, Galway, Northern Ireland or live online where ever you are. Exams vary in duration and if required you can request with the provider for any accommodations appropriate for you.

What is the correct audience for the Information Assurance (DISA STIG) Overview (TT8800) training?

The content is appropriate for IT professionals, Developers, Software engineers, technical leads,
Project managers, Testing/QA personnel or other key stakeholders .

Do you provide training for the Information Assurance (DISA STIG) Overview (TT8800).

Yes we provide corporate training, dedicated training and closed classes for the Information Assurance (DISA STIG) Overview (TT8800). This can take place anywhere in Ireland including, Dublin, Cork, Galway, Northern Ireland or live online allowing you to have your teams from across Ireland or further afield to attend a single training event saving travel and delivery expenses.

What is the duration of the Information Assurance (DISA STIG) Overview (TT8800) program.

The Information Assurance (DISA STIG) Overview (TT8800) training takes place over 2 day(s), with each day lasting approximately 8 hours including small and lunch breaks to ensure that the delegates get the most out of the day.

What other terms do people search for when looking for this course?

Popular related searched include STIG; Security.

Why are Nexus Human the best provider for the Information Assurance (DISA STIG) Overview (TT8800)?
Nexus Human are recognised as one of the best training companies as they and their trainers have won and hold many awards and titles including having previously won the Small Firms Best Trainer award, national training partner of the year for Ireland on multiple occasions, having trainers in the global top 30 instructor awards in 2012, 2019 and 2021. Nexus Human has also been nominated for the Tech Excellence awards multiple times. Learning Performance institute (LPI) external training provider sponsor 2024.
Is there a discount code for the Information Assurance (DISA STIG) Overview (TT8800) training.

Yes, the discount code PENPAL5 is currently available for the Information Assurance (DISA STIG) Overview (TT8800) training. Other discount codes may also be available but only one discount code or special offer can be used for each booking. This discount code is available for companies and individuals.

Jump to dates

Training Insurance Included!

When you organise training, we understand that there is a risk that some people may fall ill, become unavailable. To mitigate the risk we include training insurance for each delegate enrolled on our public schedule, they are welcome to sit on the same Public class within 6 months at no charge, if the case arises.

What people say about us


Top