Fundamentals of Secure Software Development Training

Course 1825

  • Duration: 2 days
  • Language: English
  • Level: Foundation
Get This Course $1,295
  • 2-day instructor-led training course
  • After-course instructor coaching benefit
  • Learning Tree end-of-course exam included
#1825
  • Sep 19 - 20 10:00 AM - 6:00 PM EDT
    Live, Online Training
  • Nov 3 - 4 8:30 AM - 4:30 PM EDT
    Live, Online Training

From proactive requirements to coding and testing, this secure software development training course covers the best practices any software developer needs to avoid opening up their users, customers and organization to attack at the application layer. We teach only constantly updated best practices, and our experts answer your questions live in class.

Even with good information security policy and staff, the reality is that software developers are often underserved when it comes to security strategy. If their applications get built without attention to good software security practices, risk gets passed downstream and by the time an incident occurs it’s too late to be proactive. To mitigate these risks, attend this secure programming training course and return to work ready to build higher quality, more robustly protected applications.

There are no formal prerequisites for this course.

Fundamentals of Secure Software Development Training Delivery Methods

  • After-course instructor coaching benefit
  • Learning Tree end-of-course exam included

Fundamentals of Secure Software Development Training Course Benefits

  • Best practices any software developer needs to avoid opening up their users, customers and organization to attack at the application layer.

Secure Software Development Course Outline

  • Assets, Threats & Vulnerabilities
  • Security Risk Analysis (Bus & Tech)
  • Secure Dev Processes (MS, BSI…)
  • Defense in Depth
  • Approach for this course
  • Assets to be protected
  • Threats Expected
  • Security Imperatives (int&external)
  • Organization's Risk Appetite
  • Security Terminology
  • Organizational Security Policy
  • Security Roles and Responsibilities
  • Security Training for Roles
  • Generic Security Goals & Requirements

Exercise: Our Own Security Context

  • Project-Specific Security Terms
  • Project-Related Assets & Security Goals
  • Product Architecture Analysis
  • Use Cases & MisUse/Abuse Cases
  • Dataflows with Trust Boundaries
  • Product Security Risk Analysis
  • Elicit, Categorize, Prioritize SecRqts
  • Validate Security Requirements

Exercise: Managing Security Requirements

  • High-Level Design
    • Architectural Risk Analysis
    • Design Requirements
    • Analyze Attack Surface
    • Threat Modeling
    • Trust Boundaries
    • Eliminate Race Objects
  • Detail-Level Design
    • Secure Design Principles
    • Use of Security Wrappers
    • Input Validation
    • Design Pitfalls
    • Validating Design Security
    • Pairing Mem Mgmt Functinos
    • Exclude User Input from format strings
    • Canonicalization
    • TOCTOU
    • Close Race Windows
    • Taint Analysis

Exercise: A Secure Software Design, Instructor Q & A

  • Coding
    • Developer guidelines & checklists
    • Compiler Security Settings (per)
    • Tools to use
    • Coding Standards (per language)
    • Common pitfalls (per language)
    • Secure/Safe functions/methods
      • Stack Canaries
      • Encrypted Pointers
      • Memory Initialization
      • Function Retrun Checking (e.e. malloc)
      • Dereferencing Pointers
    • Integer type selection
      • Range Checking
      • Pre/post checking
    • Synchronization Primatives
    • Early Verification
    • Static Analysis (Code Review w/tools)
    • Unit & Dev Team Testing
    • Risk-Based Security Testing
    • Taint Analysis

Exercise: Securing Coding Q & A

  • Assets to be protected
  • Threats Expected
  • Security Imperatives (int&external)
  • Organization's Risk Appetite
  • Static Analysis
  • Dynamic Analysis
  • Risk-Based Security testing
  • Fuzz Testing (Whitebox vs Blackbox)
  • Penetration Testing (Whitebox vs Blackbox)
  • Attack Surface Review
  • Code audits
  • Independent Security Review

Exercise: Testing Software for Security

Releasing & Operating Secure Software

Exercise: A Secure Software Release

  • Incident Response Planning
  • Final Security Review
  • Release Archive
  • OS Protections:
    • Address Space Layout Randomization
    • Non-Executable Stacks
    • W^X
    • Data Execution Prevention
    • /ul>
    • Monitoring
    • Incident Response
    • Penetration Testing
  • Process Review
  • Getting Started
  • Priorities

Exercise: Your Secure Software Plan

Need Help Finding The Right Training Solution?

Our training advisors are here for you.

Course FAQs

This developer security training course teaches secure software development through the practice of ensuring that the code and processes that go into developing applications are as secure as they can possibly be.

Yes! We know your busy work schedule may prevent you from getting to one of our classrooms which is why we offer convenient online training to meet your needs wherever you want. This course is available in class and live online.

Chat With Us