Fundamentals of Software Security

A Pragmatic Approach to Building Secure Software

Learn how to integrate security concepts into every phase of your software development process. This two-day course teaches the fundamentals of software security – providing participants with a comprehensive understanding of how to build and test secure software.

Upcoming Classes

Dates
Mode
Location
Event
Venue
Call to Schedule
Anytime
Virtual Classroom
Your Location
Anywhere
Select a learning mode button (Public, Live Virtual, etc.) for pricing, details, and a downloadable fact sheet.
Ways to Save

Train Your Team at Your Location and Save

Bring any course to your location for team training. On-Site Training is both cost-effective and convenient for your team of six or more. Get a no-obligation quote and details about how easy it is to bring an on-site training course to your location. Call our On-Site Training Advocate at 929.777.8102, or email [email protected].

Description
  • Understand how to build and test secure software
  • Practice identifying software vulnerabilities within code
  • Get techniques to start implementing a security improvement program

Software security is the weakest link in information security today. It is common for software applications to contain security vulnerabilities that allow unauthorized personnel to compromise systems, steal intellectual property, or disclosure sensitive customer data. To combat these risks, a proactive approach to building secure software applications is necessary.

This two-day course teaches the fundamentals of software security – providing participants with a comprehensive understanding of how to build and test secure software. In this course you will learn:

  • why software is insecure and how to best address these concerns
  • how to build security into applications from the ground up
  • where to integrate security testing into a software development process
  • how continuous integration can be leverage to automate security analysis
  • what secure software development approaches are available for use
  • how to measure the maturity of your software security approach
  • how to combat malicious code

Fundamentals of Software Security includes exercises to practice identifying actual software vulnerabilities within code and learn how to avoid introducing them. Tools and techniques for web application security testing, secure code scanning, and fuzz testing are discussed and applied to software.

Attendees will leave this class with an in-depth understanding of how to build security into software from the ground up as well as analyze software to identify existing risks and vulnerabilities.

Who Should Attend
The audience includes software developers, software architects, and software designers. A strong educational and experiential background in software development is recommended.

Questions? 929.777.8102 [email protected]
Course Outline

Introduction to Software Security
History of information security
The software security problem
How attackers think
Approaches to solving the problem
Roles in software security
Discussion: Understanding your software

Common Software Security Attacks
Web application attacks
• XSS
• CSRF
• SQL Injection
• Session Hijacking
• Command Injection
• XML Injection
Demos: Example web app attacks
Traditional application attacks
• Buffer overflows
• Race conditions
Discussion: Where are your security problems?

Building Secure Software
Secure requirements
Secure architectures and defensive design
Securing coding practices
Security testing
Case study: Building security requirements

Security Assurance
Threat modeling/Architectural risk analysis
Case study: Developing threat models
Secure code review
Case study: Reviewing code
Penetration testing / red teaming

Secure Software Development Approaches
Microsoft SDL
Security Touchpoints
Secure Agile
• Security stories
• Secure TDD
• Pair programming
• Secure CI
Case study: Security testing

Getting Started
Assess your risks
• Threat models
• Code scanning
• Security testing
Fix critical vulnerabilities
Move toward building security in

Wrap up
References
Q & A

Dates
Mode
Location
Event
Venue
Call to Schedule
Anytime
Virtual Classroom
Your Location
Anywhere
Course Duration: 2 Days
Ways to Save

Train Your Team at Your Location and Save

Bring any course to your location for team training. On-Site Training is both cost-effective and convenient for your team of six or more. Get a no-obligation quote and details about how easy it is to bring an on-site training course to your location. Call our On-Site Training Advocate at 929.777.8102, or email [email protected].

Description
  • Understand how to build and test secure software
  • Practice identifying software vulnerabilities within code
  • Get techniques to start implementing a security improvement program

Software security is the weakest link in information security today. It is common for software applications to contain security vulnerabilities that allow unauthorized personnel to compromise systems, steal intellectual property, or disclosure sensitive customer data. To combat these risks, a proactive approach to building secure software applications is necessary.

This two-day course teaches the fundamentals of software security – providing participants with a comprehensive understanding of how to build and test secure software. In this course you will learn:

  • why software is insecure and how to best address these concerns
  • how to build security into applications from the ground up
  • where to integrate security testing into a software development process
  • how continuous integration can be leverage to automate security analysis
  • what secure software development approaches are available for use
  • how to measure the maturity of your software security approach
  • how to combat malicious code

Fundamentals of Software Security includes exercises to practice identifying actual software vulnerabilities within code and learn how to avoid introducing them. Tools and techniques for web application security testing, secure code scanning, and fuzz testing are discussed and applied to software.

Attendees will leave this class with an in-depth understanding of how to build security into software from the ground up as well as analyze software to identify existing risks and vulnerabilities.

Who Should Attend
The audience includes software developers, software architects, and software designers. A strong educational and experiential background in software development is recommended.

Questions? 929.777.8102 [email protected]
Course Outline

Introduction to Software Security
History of information security
The software security problem
How attackers think
Approaches to solving the problem
Roles in software security
Discussion: Understanding your software

Common Software Security Attacks
Web application attacks
• XSS
• CSRF
• SQL Injection
• Session Hijacking
• Command Injection
• XML Injection
Demos: Example web app attacks
Traditional application attacks
• Buffer overflows
• Race conditions
Discussion: Where are your security problems?

Building Secure Software
Secure requirements
Secure architectures and defensive design
Securing coding practices
Security testing
Case study: Building security requirements

Security Assurance
Threat modeling/Architectural risk analysis
Case study: Developing threat models
Secure code review
Case study: Reviewing code
Penetration testing / red teaming

Secure Software Development Approaches
Microsoft SDL
Security Touchpoints
Secure Agile
• Security stories
• Secure TDD
• Pair programming
• Secure CI
Case study: Security testing

Getting Started
Assess your risks
• Threat models
• Code scanning
• Security testing
Fix critical vulnerabilities
Move toward building security in

Wrap up
References
Q & A

Class Schedule
Sign-In/Registration 7:30 - 8:30 a.m.
Morning Session 8:30 a.m. - 12:00 p.m.
Lunch 12:00 - 1:00 p.m.
Afternoon Session 1:00 - 5:00 p.m.
Times represent the typical daily schedule. Please confirm your schedule at registration.
 
Class Fee Includes
• Tuition
• Course notebook
• Letter of completion
 
Instructors
Jeff Payne
Coveros

Questions?

On-Site Training

Let us bring the training directly to you! Choose from over 60 courses.

Combine World-Class Training and

Certification with a Conference

Maximize Your Learning Potential

STAR Conference logo

Agile + DevOps Conference logo

Agile Testing Days Conference logo