1. Home
  2. Fundamentals of Software Security

Fundamentals of Software Security

A Pragmatic Approach to Building Secure Software

Learn how to integrate security concepts into every phase of your software development process. This two-day course teaches the fundamentals of software security – providing participants with a comprehensive understanding of how to build and test secure software.

Full Description and Outline

Upcoming Classes

= Guaranteed to Run
Dates
Mode
Location
Price
Call to Schedule
Anytime
On-Site / Private
Your Location
Your Location
Request a Quote
Contact Us
Select a learning mode button (Public, Live Virtual, etc.) for pricing, details, and a downloadable fact sheet.
Description
  • Understand how to build and test secure software
  • Practice identifying software vulnerabilities within code
  • Get techniques to start implementing a security improvement program

Software security is the weakest link in information security today. It is common for software applications to contain security vulnerabilities that allow unauthorized personnel to compromise systems, steal intellectual property, or disclosure sensitive customer data. To combat these risks, a proactive approach to building secure software applications is necessary.

This two-day course teaches the fundamentals of software security – providing participants with a comprehensive understanding of how to build and test secure software. In this course you will learn:

  • why software is insecure and how to best address these concerns
  • how to build security into applications from the ground up
  • where to integrate security testing into a software development process
  • how continuous integration can be leverage to automate security analysis
  • what secure software development approaches are available for use
  • how to measure the maturity of your software security approach
  • how to combat malicious code

Fundamentals of Software Security includes exercises to practice identifying actual software vulnerabilities within code and learn how to avoid introducing them. Tools and techniques for web application security testing, secure code scanning, and fuzz testing are discussed and applied to software.

Attendees will leave this class with an in-depth understanding of how to build security into software from the ground up as well as analyze software to identify existing risks and vulnerabilities.

Who Should Attend
The audience includes software developers, software architects, and software designers. A strong educational and experiential background in software development is recommended.

Questions? 929.777.8102 [email protected]
Course Outline

Introduction to Software Security
History of information security
The software security problem
How attackers think
Approaches to solving the problem
Roles in software security
Discussion: Understanding your software

Common Software Security Attacks
Web application attacks
• XSS
• CSRF
• SQL Injection
• Session Hijacking
• Command Injection
• XML Injection
Demos: Example web app attacks
Traditional application attacks
• Buffer overflows
• Race conditions
Discussion: Where are your security problems?

Building Secure Software
Secure requirements
Secure architectures and defensive design
Securing coding practices
Security testing
Case study: Building security requirements

Security Assurance
Threat modeling/Architectural risk analysis
Case study: Developing threat models
Secure code review
Case study: Reviewing code
Penetration testing / red teaming

Secure Software Development Approaches
Microsoft SDL
Security Touchpoints
Secure Agile
• Security stories
• Secure TDD
• Pair programming
• Secure CI
Case study: Security testing

Getting Started
Assess your risks
• Threat models
• Code scanning
• Security testing
Fix critical vulnerabilities
Move toward building security in

Wrap up
References
Q & A

Related Courses
Implementing DevSecOps

Explore security within a DevSecOps pipeline in an informal and interactive workshop setting. Attendees will gain practical experience through...Learn more

GitHub Enterprise Foundations

This hands-on course provides a wide-ranging examination of GitHub, its various features, and how they can help each phase of the software...Learn more

Security Testing for Test Professionals

Explore security testing in an interactive workshop setting. This course is appropriate for software development and testing professionals who...Learn more

Bring this course to your team at your site. Contact us to learn more at 929.777.8102.

= Guaranteed to Run
Dates
Mode
Location
Price
Call to Schedule
Anytime
On-Site / Private
Your Location
Your Location
Request a Quote
Contact Us
Download Fact Sheet
Course Duration: 2 Days
Description
  • Understand how to build and test secure software
  • Practice identifying software vulnerabilities within code
  • Get techniques to start implementing a security improvement program

Software security is the weakest link in information security today. It is common for software applications to contain security vulnerabilities that allow unauthorized personnel to compromise systems, steal intellectual property, or disclosure sensitive customer data. To combat these risks, a proactive approach to building secure software applications is necessary.

This two-day course teaches the fundamentals of software security – providing participants with a comprehensive understanding of how to build and test secure software. In this course you will learn:

  • why software is insecure and how to best address these concerns
  • how to build security into applications from the ground up
  • where to integrate security testing into a software development process
  • how continuous integration can be leverage to automate security analysis
  • what secure software development approaches are available for use
  • how to measure the maturity of your software security approach
  • how to combat malicious code

Fundamentals of Software Security includes exercises to practice identifying actual software vulnerabilities within code and learn how to avoid introducing them. Tools and techniques for web application security testing, secure code scanning, and fuzz testing are discussed and applied to software.

Attendees will leave this class with an in-depth understanding of how to build security into software from the ground up as well as analyze software to identify existing risks and vulnerabilities.

Who Should Attend
The audience includes software developers, software architects, and software designers. A strong educational and experiential background in software development is recommended.

Questions? 929.777.8102 [email protected]
Course Outline

Introduction to Software Security
History of information security
The software security problem
How attackers think
Approaches to solving the problem
Roles in software security
Discussion: Understanding your software

Common Software Security Attacks
Web application attacks
• XSS
• CSRF
• SQL Injection
• Session Hijacking
• Command Injection
• XML Injection
Demos: Example web app attacks
Traditional application attacks
• Buffer overflows
• Race conditions
Discussion: Where are your security problems?

Building Secure Software
Secure requirements
Secure architectures and defensive design
Securing coding practices
Security testing
Case study: Building security requirements

Security Assurance
Threat modeling/Architectural risk analysis
Case study: Developing threat models
Secure code review
Case study: Reviewing code
Penetration testing / red teaming

Secure Software Development Approaches
Microsoft SDL
Security Touchpoints
Secure Agile
• Security stories
• Secure TDD
• Pair programming
• Secure CI
Case study: Security testing

Getting Started
Assess your risks
• Threat models
• Code scanning
• Security testing
Fix critical vulnerabilities
Move toward building security in

Wrap up
References
Q & A

Class Schedule
Sign-In/Registration 7:30 - 8:30 a.m.
Morning Session 8:30 a.m. - 12:00 p.m.
Lunch 12:00 - 1:00 p.m.
Afternoon Session 1:00 - 5:00 p.m.
Times represent the typical daily schedule. Please confirm your schedule at registration.
 
Class Fee Includes
• Tuition
• Course notebook
• Letter of completion
 
Instructors
Jeff Payne

Jeffery Payne

Spotlight

Jeffery Payne has led Coveros since its inception in 2008. Under his guidance, the company has become a recognized market leader in secure agile software development. He is a popular keynote and featured speaker at technology conferences and has testified before Congress on technology issues such as intellectual property rights...Learn More

Questions?

Get in Touch Ways To Save

On-Site/Private Training

Let us bring the learning to your team at your location or in an interactive virtual classroom!
Choose from more than 50 courses.

View all courses

Combine World-Class Training and

Certification with a Conference

Maximize Your Learning Potential

STAR Conference logo

AI Con USA logo

Agile + DevOps USA logo