Secure Software Development

Learn via : Virtual Classroom / Online
Duration : 3 Days
  1. Home
  2. Secure Software Development

Description

    Secure software development training is a training program that aims to provide software developers with knowledge and skills in secure software design, development processes and best practices. This course teaches the principles and methods needed to reduce the risks associated with the security of the software, prevent security vulnerabilities, and protect user data.

    This type of training can be taught on .NET or Java language, depending on the technology your institution uses in software development.

    85% of attacks target software. The aim of the training; to convey to the participants the information they will need to establish secure software development processes and to establish environments that will develop secure software with these processes.


Outline

Threats and Risks Related to Software

  • Cybersecurity facts
  • Why software security is critical
  • Examples of software attacks

Secure Software Development Models and Frameworks

  • Software development models
  • CMMI, SSE-CMM, Microsoft Secure SDLC, OWASP OpenSAMM
  • IEC 62443, Common Criteria

Vulnerability Databases

  • CWE, CVE, CERT, DISA, OWASP Top 10, etc.

Secure Coding Practices

Software Code Security Analysis

  • Static code analysis
  • Dynamic code analysis
  • Static and dynamic code analysis tools
  • Examples of vulnerable code

Risk Management

  • Information assets
  • Properties of information that need protection
  • Vulnerabilities, Threats
  • Risk management
  • Risk analysis methods
  • Risk treatment
  • Fundamentals of cryptography

Web Application Security

  • Web application architecture
  • HTTP protocol structure
  • Digital signatures
  • Web attacks
  • Secure input validation
  • Secure authentication, authorization, and session management
  • Authentication methods
  • Password cracking techniques and countermeasures
  • Data encryption and privacy (SSL/TLS protocols, Encryption, Integrity checks)
  • Secure access to data
  • Error management and logging
  • Business logic errors

Social Engineering

Prerequisites

Basic software development knowledge and experience