Solidity For Qa, Devsecops And Tpms

QA, DevSecOps, and TPM, Best Practices for Developing Hack-Resistant Ethereum Applications

What you'll learn

Identify common security vulnerabilities in Solidity smart contracts like reentrancy, integer overflows, and access control issues.

Learn about secure coding standards like checks-effects-interactions to prevent reentrancy and race conditions.

Follow best practices like code simplicity, modularization, and threat modeling when architecting smart contracts.

Analyze past hacks and exploits to improve understanding of real-world Solidity security failures.

Learn about DevOps and SecDevOps to minimize security and functional issues in code

Requirements

Success in a Solidity security course, which focuses on an awareness of what needs to be completed to secure smart contracts and decentralized applications (DApps) built on blockchain platforms like Ethereum. This skill set requires a combination of technical skills, foundational knowledge, and the right mindset for change and problem solving.

Description

Course DescriptionThis "QA and SecDevOps Best Practices for Developing Hack-Resistant Ethereum Applications" course is designed to equip students with the skills and knowledge to develop secure and robust smart contracts and decentralized applications (DApps) on blockchain platforms like Ethereum. In today's rapidly evolving blockchain landscape, security is paramount, and this course focuses on teaching students how to identify, prevent, and mitigate common vulnerabilities and threats that can jeopardize the integrity and value of blockchain-based systems.This course is focused on QA, DevSecOps, and Technical Project Managers and their roles and knowledge for developing smart contracts on an Ethereum style blockchain. Course Highlights:Solidity Fundamentals: Students will start with a strong foundation in Solidity, the programming language used for Ethereum smart contracts. They will learn how to write and deploy basic contract agreements, understand the Ethereum Virtual Machine (EVM), and explore the intricacies of blockchain development.Security Best Practices: The course will explore security best practices for smart contract development. Topics include access control, input validation, secure data storage, and protection against reentrancy attacks. Students will also examine real-world case studies of smart contract vulnerabilities and breaches.By the end of the "QA and SecDevOps Best Practices for Developing Hack-Resistant Ethereum Applications" course, students will have a deep understanding of Solidity programming, blockchain security principles, and the ability to develop smart contracts and DApps that adhere to industry best practices. Whether students are aspiring blockchain developers, auditors, or security professionals, this course provides the knowledge and skills necessary to securely navigate blockchain technology's exciting and ever-evolving world.

Overview

Section 1: Introduction

Lecture 1 Introduction

Lecture 2 Navigating the uDemy video

Lecture 3 Book for this course

Section 2: Security Requirements Engineering

Lecture 4 Security Modeling

Lecture 5 What is Security Requirements Engineering

Lecture 6 Abuse Case Modeling

Lecture 7 Secure Case Modeling

Lecture 8 SQUARE

Lecture 9 OCTAVE

Lecture 10 Downloadable Document Templates

Section 3: Secure Design Principles

Lecture 11 Threat Modeling

Lecture 12 Secure Application Architecture

Lecture 13 Proxy Contracts

Section 4: Secure Coding Practices

Lecture 14 Input Validation

Lecture 15 Input Validation Examples

Lecture 16 Authorization and Authentication

Lecture 17 Contract Proxy

Lecture 18 Example Setting up RBAC in a Smart Contract

Lecture 19 Cryptography

Lecture 20 Session Management

Lecture 21 Error Handling

Lecture 22 The Defensive Programming Mindset

Lecture 23 Proof of Work - Consensus Protocols

Lecture 24 Proof of Stake - Consensus Protocols

Lecture 25 Other types of Consensus Protocols

Section 5: Static and Dynamic Application Security Testing (SAST & DAST)

Lecture 26 SAST and DAST

Lecture 27 Static Application Testing

Lecture 28 Manual Code Review

Lecture 29 Dynamic Application Testing

Lecture 30 Automated Security Testing

Lecture 31 Proxy Based Security Testing Tools

Lecture 32 Pre-Deployment Checks

Lecture 33 Using a Test Environment

Lecture 34 Post-Deployment Checks

Section 6: Security Levels

Lecture 35 Security Levels - Network

Lecture 36 Security Levels - Host

Lecture 37 Security Levels - Web

Lecture 38 Security Levels - Database

Lecture 39 Security Levels - Monitoring and Maintenance

Lecture 40 Security Levels - Audit

Lecture 41 Security Levels - Oracles and 3rd party systems

Lecture 42 How to monitor your contract

Lecture 43 Cost Management

Lecture 44 Wallet Security

Lecture 45 Vault Security

Lecture 46 Vault or Wallet

Lecture 47 Mnemonic Keys

Lecture 48 Mnemonic Reconstruction

Lecture 49 BIP-39 Overview

Lecture 50 Off-Chain Workers

Section 7: Secure Programming for QA, DevSecOps and TPMs

Lecture 51 ERCs

Lecture 52 Blockchain Security Vendors

Lecture 53 Past Attacks

Lecture 54 What is Open Zeppelin

Lecture 55 Open Zeppelin Templates

Lecture 56 Using Open Zeppelin Libraries

Lecture 57 Breaking Changes

Section 8: Common Attacks - Things to know and test for

Lecture 58 Using live examples from the internet for test ideas

Lecture 59 Bypass Contract Checks

Lecture 60 Rentracy Example

Lecture 61 Check Effects

Lecture 62 Collisions

Lecture 63 Contract Size Check

Lecture 64 Delegate Call

Lecture 65 Denial of Service

Lecture 66 External Calls

Lecture 67 Malicious Code

Lecture 68 Front Running

Lecture 69 Testing Governance Controls

Lecture 70 Testing Governance Wallets

Lecture 71 Finding Hidden Malicious Code

Lecture 72 On Chain Data

Lecture 73 Oracle Manipulation

Lecture 74 Overflow/Underflow

Lecture 75 Private Data via API

Lecture 76 Public Data via API

Lecture 77 Randomness

Lecture 78 Self Destruct

Lecture 79 Signature Replay

Lecture 80 Time

Lecture 81 DevOps

Lecture 82 DevSecOps

Lecture 83 QA process

Section 9: Finish

Lecture 84 Thank you for taking this course

Everyone, but a background in CEH, SecDevOps, or QA would be beneficial