Cloud Computing and Other Training / Security Training
Secure Coding For Healthcare
In the healthcare sector, application security is crucial, as exploited vulnerabilities can result in severe medical, operational, legal, and regulatory consequences. In order to remain a trusted provider, your systems and applications need to comply with the Health Information Portability and Accountability Act (HIPAA) requirements.
This Secure Coding For Healthcare training teaches application and network developers how to write their code in a maximally secure way.
Location and Pricing
Most Accelebrate courses are delivered as private, customized, on-site training at our clients' locations worldwide for groups of 3 or more attendees and are custom tailored to their specific needs. Please visit our client list to see organizations for whom we have delivered private in-house training. These courses can also be delivered as live, private online classes for groups that are geographically dispersed or wish to save on the instructor's or students' travel expenses. To receive a customized proposal and price quote for private training at your site or online, please contact us.
Healthcare Secure Coding Training Objectives
All students will:
Healthcare Secure Coding Training Outline
IT security and secure coding
Nature of security
What is risk?
IT security vs. secure coding
From vulnerabilities to botnets and cybercrime
Classification of security flaws
Special Threats in the Healthcare Sector
Threats in healthcare – trends and numbers
Most significant targets
Industry and regulatory response to threats
How is cybersecurity different for medical devices?
Attacker tools and vectors
Regulations and Standards
Web Application Security (OWASP Top Ten 2017)
Sensitive data exposure
XML external entity (XXE)
Broken access control
Cross-Site Scripting (XSS)
Using components with known vulnerabilities
Insufficient logging and monitoring
Same Origin Policy
Client-side authentication and password management
Embedding JSON server-side
Case study – XSS via spoofed JSON element
Denial of Service
Case study – Denial-of-service against ICDs
Case study – ReDos in Stack Exchange
Hashtable collision attack
Rule #1 of implementing cryptography
Other cryptographic algorithms
Asymmetric (public-key) cryptography
Public Key Infrastructure (PKI)
Secure network protocols
Specific vs. general solutions
Improper use of security features
Principles of Security and Secure Coding
Matt Bishop’s principles of robust programming
The security principles of Saltzer and Schroeder
Secure coding sources – a starter kit
Healthcare cybersecurity resources
All students must have general desktop and Web application development experience.
All Healthcare Secure Coding training attendees receive comprehensive courseware.
Software needed for each student PC:
Accelebrate can either provide a VMware virtual machine that can be run locally for the training or can provide access to a preconfigured cloud environment for each participant. Please contact us for details.
For classes delivered online, all participants need either dual monitors or a separate device logged into the online session so that they can do their work on one screen and watch the instructor on the other. A separate computer connected to a projector or large screen TV would be another way for students to see the instructor's screen simultaneously with working on their own.