Experience expert-led training delivered privately to your team either at your location or in an interactive virtual classroom. Our On-Site/Private Training options—including Virtual Team Training—is both cost-effective and convenient for your team of six or more. Get a no-obligation quote and details about how easy it is to give your team a private training experience. Call our Learning & Coaching Advocates at 929.777.8102, or email [email protected].
- Home
- Fundamentals of Software Security
Fundamentals of Software Security
A Pragmatic Approach to Building Secure Software
Learn how to integrate security concepts into every phase of your software development process. This two-day course teaches the fundamentals of software security – providing participants with a comprehensive understanding of how to build and test secure software.
Upcoming Classes
Save on Private Training for Your Team
- Understand how to build and test secure software
- Practice identifying software vulnerabilities within code
- Get techniques to start implementing a security improvement program
Software security is the weakest link in information security today. It is common for software applications to contain security vulnerabilities that allow unauthorized personnel to compromise systems, steal intellectual property, or disclosure sensitive customer data. To combat these risks, a proactive approach to building secure software applications is necessary.
This two-day course teaches the fundamentals of software security – providing participants with a comprehensive understanding of how to build and test secure software. In this course you will learn:
- why software is insecure and how to best address these concerns
- how to build security into applications from the ground up
- where to integrate security testing into a software development process
- how continuous integration can be leverage to automate security analysis
- what secure software development approaches are available for use
- how to measure the maturity of your software security approach
- how to combat malicious code
Fundamentals of Software Security includes exercises to practice identifying actual software vulnerabilities within code and learn how to avoid introducing them. Tools and techniques for web application security testing, secure code scanning, and fuzz testing are discussed and applied to software.
Attendees will leave this class with an in-depth understanding of how to build security into software from the ground up as well as analyze software to identify existing risks and vulnerabilities.
Who Should Attend
The audience includes software developers, software architects, and software designers. A strong educational and experiential background in software development is recommended.
Introduction to Software Security
History of information security
The software security problem
How attackers think
Approaches to solving the problem
Roles in software security
Discussion: Understanding your software
Common Software Security Attacks
Web application attacks
• XSS
• CSRF
• SQL Injection
• Session Hijacking
• Command Injection
• XML Injection
Demos: Example web app attacks
Traditional application attacks
• Buffer overflows
• Race conditions
Discussion: Where are your security problems?
Building Secure Software
Secure requirements
Secure architectures and defensive design
Securing coding practices
Security testing
Case study: Building security requirements
Security Assurance
Threat modeling/Architectural risk analysis
Case study: Developing threat models
Secure code review
Case study: Reviewing code
Penetration testing / red teaming
Secure Software Development Approaches
Microsoft SDL
Security Touchpoints
Secure Agile
• Security stories
• Secure TDD
• Pair programming
• Secure CI
Case study: Security testing
Getting Started
Assess your risks
• Threat models
• Code scanning
• Security testing
Fix critical vulnerabilities
Move toward building security in
Wrap up
References
Q & A
Accredited training for the ISTQB® Advanced Agile Technical Tester (CTAL-ATT) certification. This course covers requirements engineering, testing...Learn more
Explore security within a DevSecOps pipeline in an informal and interactive workshop setting. Attendees will gain practical experience through...Learn more
Accredited training for the ISTQB® Security Tester (CT-ST) certification. This course covers security testing strategies, security testing...Learn more
Bring this course to your team at your site. Contact us to learn more at 929.777.8102.
Save on Private Training for Your Team
Experience expert-led training delivered privately to your team either at your location or in an interactive virtual classroom. Our On-Site/Private Training options—including Virtual Team Training—is both cost-effective and convenient for your team of six or more. Get a no-obligation quote and details about how easy it is to give your team a private training experience. Call our Learning & Coaching Advocates at 929.777.8102, or email [email protected].
- Understand how to build and test secure software
- Practice identifying software vulnerabilities within code
- Get techniques to start implementing a security improvement program
Software security is the weakest link in information security today. It is common for software applications to contain security vulnerabilities that allow unauthorized personnel to compromise systems, steal intellectual property, or disclosure sensitive customer data. To combat these risks, a proactive approach to building secure software applications is necessary.
This two-day course teaches the fundamentals of software security – providing participants with a comprehensive understanding of how to build and test secure software. In this course you will learn:
- why software is insecure and how to best address these concerns
- how to build security into applications from the ground up
- where to integrate security testing into a software development process
- how continuous integration can be leverage to automate security analysis
- what secure software development approaches are available for use
- how to measure the maturity of your software security approach
- how to combat malicious code
Fundamentals of Software Security includes exercises to practice identifying actual software vulnerabilities within code and learn how to avoid introducing them. Tools and techniques for web application security testing, secure code scanning, and fuzz testing are discussed and applied to software.
Attendees will leave this class with an in-depth understanding of how to build security into software from the ground up as well as analyze software to identify existing risks and vulnerabilities.
Who Should Attend
The audience includes software developers, software architects, and software designers. A strong educational and experiential background in software development is recommended.
Introduction to Software Security
History of information security
The software security problem
How attackers think
Approaches to solving the problem
Roles in software security
Discussion: Understanding your software
Common Software Security Attacks
Web application attacks
• XSS
• CSRF
• SQL Injection
• Session Hijacking
• Command Injection
• XML Injection
Demos: Example web app attacks
Traditional application attacks
• Buffer overflows
• Race conditions
Discussion: Where are your security problems?
Building Secure Software
Secure requirements
Secure architectures and defensive design
Securing coding practices
Security testing
Case study: Building security requirements
Security Assurance
Threat modeling/Architectural risk analysis
Case study: Developing threat models
Secure code review
Case study: Reviewing code
Penetration testing / red teaming
Secure Software Development Approaches
Microsoft SDL
Security Touchpoints
Secure Agile
• Security stories
• Secure TDD
• Pair programming
• Secure CI
Case study: Security testing
Getting Started
Assess your risks
• Threat models
• Code scanning
• Security testing
Fix critical vulnerabilities
Move toward building security in
Wrap up
References
Q & A
Questions?
On-Site/Private Training
Let us bring the learning to your team at your location or in an interactive virtual classroom!
Choose from more than 50 courses.
Combine World-Class Training and
Certification with a Conference
Maximize Your Learning Potential
Never Miss a Thing.
Sign up for our mailing list and stay up to date
on training opportunities.