Information Assurance (STIG) Overview (TT8805)

About This Course:

The course is a comprehensive four-day course that delves into the realm of Information Assurance, empowering you to enhance your cybersecurity skills, understand the essentials of STIGs, and discover cutting-edge web application security practices. This immersive experience is tailored for IT professionals, developers, project teams, technical leads, project managers, testing/QA personnel, and other key stakeholders who seek to expand their knowledge and expertise in the evolving cybersecurity landscape. The course focuses on the intricacies of best practices for design, implementation, and deployment, inspired by the diverse and powerful STIGs, ultimately helping participants become more proficient in application security.

The first half of the course covers the foundations of DISA's Security Technical Implementation Guides (STIGs) and learn the ethical approach to bug hunting, while exploring the language of cybersecurity and dissecting real-life case studies. Our expert instructors will guide you through the importance of respecting privacy, working with bug bounty programs, and avoiding common mistakes in the field.

The remainder of the course delves into the core principles of information security and application protection, as you learn how to identify and mitigate authentication failures, SQL injections, and cryptographic vulnerabilities. You’ll gain experience with STIG walkthroughs and discover the crucial steps for securing web applications.

Throughout the course, you'll also explore the fundamentals of application security and development including checklists. You’ll learn from recent incidents and acquire actionable strategies to strengthen your project teams and IT organizations.

Course Objectives:

• the concepts and terminology behind defensive coding

• the spectrum of threats and attacks that take place against software applications in today’s world

• the effectiveness of static code and dynamic application scanners in uncovering vulnerabilities in applications

• the vulnerabilities of programming languages as well as how to harden installations

• the basics of Cryptography and Encryption and where they fit in the overall security picture

• the requirements and best practices for program management as specified in the STIGS

Audience:

• IT professionals who manage or secure systems and networks 

• Developers and engineers who build or maintain web applications 

• Project managers and team leads overseeing secure software projects 

• QA and testing personnel verifying application security and performance 

Prerequisites:

• Basic cybersecurity awareness — Know fundamental information security terms and concepts. 

• Familiarity with web applications — Understand how websites and web apps are structured and function. 

• Basic networking knowledge — Know common web/network protocols like HTTP, HTTPS, and TCP/IP. 

• Some programming exposure — Experience with or understanding of programming languages such as JavaScript, Python, Java, or C# (helpful but not required). 

• General IT background — Have a basic grasp of operating systems, databases, and web servers.