The stakes for software security are very high. Yet, many development teams deal with software security only after the code has been developed and the software is being prepared for delivery. As with any aspect of software quality, to ensure successful implementation, security and privacy issues should be managed throughout the entire software development lifecycle.
This course presents an approach to security and privacy throughout the entire software development lifecycle. You will learn about vulnerabilities that undermine security, and how to identify and remediate them in your own projects. You will learn general strategies for dealing with security defects and misconfiguration, how to design software to deal with the human element in security, and how to incorporate security into all phases of development.
Objectives
In this course, you will employ best practices in software development to develop secure software.
You will learn:
- Identify the need for security in your software projects.
- Eliminate vulnerabilities within the software.
- Use a Security by Design approach to design a secure architecture for your software.
- Implement common protections to protect users and data.
- Apply various testing methods to find and correct security defects in your software.
- Maintain deployed software to ensure ongoing security.
This course includes hands-on activities for each topic area. These activities aim to demonstrate concepts utilizing two universal languages, Python and JavaScript. Developers who use alternate languages can apply the principles from the activities to any coding language.
Hands-on exercises are designed to keep code typing to a bare minimum. CertNexus provides students with all of the code they need to complete activities. The activities do not require a “deep dive” into code to understand the covered principles.
Outline
Below is the course content, which includes a detailed outline of topics and materials covered in the course. Explore and enhance your knowledge!
Lesson 1: Identifying the Need for Security in Your Software Projects
Topic A: Identify Security Requirements and Expectations
Topic B: Identify Factors That Undermine Software Security
Topic C: Find Vulnerabilities in Your Software
Topic D: Gather Intelligence on Vulnerabilities and Exploits
Lesson 2: Handling Vulnerabilities
Topic A: Handle Vulnerabilities Due to Software Defects and Misconfiguration
Topic B: Handle Vulnerabilities Due to Human Factors
Topic C: Handle Vulnerabilities Due to Process Shortcomings
Lesson 3: Designing for Security
Topic A: Apply General Principles for Secure Design
Topic B: Design Software to Counter Specific Threats
Lesson 4: Developing Secure Code
Topic A: Follow Best Practices for Secure Coding
Topic B: Prevent Platform Vulnerabilities
Topic C: Prevent Privacy Vulnerabilities
Lesson 5: Implementing Common Protections
Topic A: Limit Access Using Login and User Roles
Topic B: Protect Data in Transit and At Rest
Topic C: Implement Error Handling and Logging
Topic D: Protect Sensitive Data and Functions
Topic E: Protect Database Access
Lesson 6: Testing Software Security
Topic A: Perform Security Testing
Topic B: Analyze Code to find Security Problems
Topic C: Use Automated Testing Tools to Find Security Problems
Lesson 7: Maintaining Security in Deployed Software
Topic A: Monitor and Log Applications to Support Security
Topic B: Maintain Security after Deployment
Pre-Requisite
This course presents secure programming concepts that apply to many software development projects. Although this course uses Python, HTML, and JavaScript to demonstrate various programming concepts, you do not need experience in these languages to benefit from this course. However, you should have some programming experience, whether developing desktop, mobile, web, or cloud applications. Logical Operations provides a variety of Cybersecurity courses covering software development that you might use to prepare for this course, such as:
- Python Programming: Introduction
- Python Programming: Advanced
- HTML5: Content Authoring with New and Advanced Features
- SQL Querying: Fundamentals (Second Edition)
Methodology
- Batch-wise training
- Practical hands-on training with real-time examples