Your Cart Is Empty
Home > Technical Courses > IT Security > Fundamentals of Secure Application Development
Application developers often aren’t trained in security, yet the vast majority of breaches are related to the application layer. Learn secure development best practices that keep software safe.
The vast majority of hacks are not due to insecure networks or misconfigured firewalls; they are a result of common software flaws that get coded into applications. Even with good information security policy and staff, the reality is that software developers are often underserved when it comes to security strategy. If their applications get built without attention to good software security practices, the risk gets passed downstream and by the time an incident occurs, it’s too late to be proactive. From proactive requirements to coding and testing, this information security training course covers the best practices any software developer needs to avoid opening up their users, customers, and organization to attack at the application layer. We teach only constantly updated best practices, and our experts answer your questions live in class. Return to work ready to build higher quality, more robustly protected applications.
Category
ID
Duration
Level
Price
IT Security
13857
2 Day(s)
Foundation
$1,495.00
Objectives
• Understand assets, threats, vulnerabilities, and risks • Gather and understand security requirements • Design secure software • Write secure code • Test your software for security • Release & operate secure software
Part 1: Secure Software Development 1. Assets, Threats & Vulnerabilities 2. Security Risk Analysis (Bus & Tech) 3. Secure Dev Processes (MS, BSI…) 4. Defense in Depth 5. Approach for this course Introductory Case Study Part 2: The Context for Secure Development 1. Assets to be protected 2. Threats Expected 3. Security Imperatives (int&external) 4. Organization's Risk Appetite 5. Security Terminology 6. Organizational Security Policy 7. Security Roles and Responsibilities 8. Security Training for Roles 9. Generic Security Goals & Requirements Exercise: Our Own Security Context Part 3: Security Requirements 1. Project-Specific Security Terms 2. Project-Related Assets & Security Goals 3. Product Architecture Analysis 4. Use Cases & MisUse/Abuse Cases 5. Dataflows with Trust Boundaries 6. Product Security Risk Analysis 7. Elicit, Categorize, Prioritize SecRqts 8. Validate Security Requirements Exercise: Managing Security Requirements Part 4: Designing Secure Software 1. High-Level Design 1. Architectural Risk Analysis 2. Design Requirements 3. Analyze Attack Surface 4. Threat Modeling 5. Trust Boundaries 6. Eliminate Race Objects 2. Detail-Level Design 1. Secure Design Principles 2. Use of Security Wrappers 3. Input Validation 4. Design Pitfalls 5. Validating Design Security 6. Pairing Mem Mgmt Functions 7. Exclude User Input from format strings 8. Canonicalization 9. TOCTOU 10. Close Race Windows 11. Taint Analysis Exercise: A Secure Software Design, Instructor Q and A Part 5: Writing Secure Code 1. Coding 1. Developer guidelines & checklists 2. Compiler Security Settings (per) 3. Tools to use 4. Coding Standards (per language) 5. Common pitfalls (per language) 6. Secure/Safe functions/methods 1. Stack Canaries 2. Encrypted Pointers 3. Memory Initialization 4. Function Return Checking (e.e. malloc) 5. Dereferencing Pointers 7. Integer type selection 1. Range Checking 2. Pre/post checking 8. Synchronization Primitives 2. Early Verification 1. Static Analysis (Code Review w/tools) 2. Unit & Dev Team Testing 3. Risk-Based Security Testing 4. Taint Analysis Exercise: Secure Coding Q and A Part 6: Testing for Software Security 1. Assets to be protected 2. Threats Expected 3. Security Imperatives (int&external) 4. Organization's Risk Appetite 5. Static Analysis 6. Dynamic Analysis 7. Risk-Based Security testing 8. Fuzz Testing (Whitebox vs Blackbox) 9. Penetration Testing (Whitebox vs Blackbox) 10. Attack Surface Review 11. Code audits 12. Independent Security Review Exercise: Testing Software for Security Part 7: Releasing & Operating Secure Software 1. Incident Response Planning 2. Final Security Review 3. Release Archive 4. OS Protections: 1. Address Space Layout Randomization 2. Non-Executable Stacks 3. W^X 4. Data Execution Prevention 5. Monitoring 6. Incident Response 7. Penetration Testing Exercise: A Secure Software Release Part 8: Making Software Development More Secure 1. Process Review 2. Getting Started 3. Priorities Exercise: Your Secure Software Plan
Questions?
CompTIA Security+ Certification (Exam SY0-501)
Professionals who may benefit include: · Application Development Managers · Software Engineers and Developers · CISOs, CISAs and Security Professionals · Software Testers · QA Managers, Directors, and Staff · Test Management · Business Analysts · Project Managers · IT Specialists (Security, Capacity Management, Networking…)
Fundamentals of Secure Application Development
Class Schedule
Live Online
Course Overview
Training Delivery Methods
With Productivity Point, you will have a spectrum of delivery methods to choose from... when where and how you like it. Whether it's in a classroom or online, we have a delivery option to meets your needs.
Classroom Live
Classroom Virtual
Private Group
On Demand
Classroom Live Training
Get in-person, hands-on instruction with live lab exercises taught by subject matter experts who deliver authorized and industry-leading content.
With classrooms in almost every major U.S. city, Productivity Point has something for users of every level, so you can earn the most popular industry certifications. You get hands-on learning experience with live lab exercises taught by experienced instructors. We proudly advocate our learning services to be hosted by the best-qualified trainers in terms of technical knowledge and teaching skills.
Classroom Virtual Training
Prefer to have a dedicated classroom for your virtual experience? Attend live, hands- on training via remote instructor from one of Productivity Point’s multiple locations.
Enjoy a focused and professional training environment, including all technical equipment provided along with administrative and technical support at your fingertips. With over 150 locations to choose from, review our course catalog or contact your personal Productivity Point Account Manager to see if the course you have in mind is delivered at one of our dedicated virtual classrooms in your area.
Live Online Training
Blend the best from traditional face-to-face instructor-led training with the latest in conferencing technology.
Private Group Training
Your private group classroom experience will not only take place in the location of your choice (including any of our training centers), but you will enjoy the following amenities:
On-Demand Learning
On-Demand is an IT training solution designed around your schedule, budget, and learning needs. Combining high-quality video, reading, and knowledge checks in a self-paced format, On-Demand helps you build skills as your schedule allows—all at once or five minutes at a time.
With On-Demand, you learn at your own pace and in the convenience of your own space.
With Learn at your own pace…
Productivity Point Learning Solutions evolved out of a desire to increase our outreach both nationally and internationally.
Productivity Point Headquarters 1580 Sawgrass Corporate Parkway Suite 205 Sunrise, Florida 33323 United States
Contact T 1-844-238-8607 P 1-954-425-6141 F 1-954-928-9057 E info@productivitypointls.com