Free Webinar: ForgeRock Launches On Demand Training

closeClose

Fundamentals of Secure Application Development

  • Tuition USD $1,295
  • Reviews star_rate star_rate star_rate star_rate star_half 944 Ratings
  • Course Code SECURE-APP-DEV
  • Duration 2 days
  • Available Formats Classroom, Virtual

The rules of information security aren’t what they used to be. Hackers aren’t kids in basements–they’re state-sponsored professionals and organized criminal groups all around the world. They break into systems and steal data in any way they can. Unfortunately, the vast majority of hacks are not due to insecure networks or misconfigured firewalls; they are a result of common software flaws that get coded into applications. Even with good information security policy and staff, the reality is that software developers are often underserved when it comes to security strategy. If their applications get built without attention to good software security practices, risk gets passed downstream and by the time an incident occurs, it’s too late to be proactive. From proactive requirements to coding and testing, this information security training course covers the best practices any software developer needs to avoid opening up their users, customers, and organization to attack at the application layer. We teach only constantly updated best practices, and our experts answer your questions live in class. Return to work ready to build higher quality, more robustly protected applications.

Skills Gained

  • Understand assets, threats, vulnerabilities, and risks
  • Gather and understand security requirements
  • Design secure software
  • Write secure code
  • How to test your software
  • Release & Operate secure software

Who Can Benefit

  • Application Development Managers
  • Software Engineers and Developers
  • CISOs, CISAs and Security Professionals
  • Software Testers
  • QA Managers, Directors and Staff
  • Test Management
  • Business Analysts
  • Project Managers
  • IT Specialists (Security, Capacity Management, Networking…)

Course Details

Information Security Training Outline

Part 1: Secure Software Development

  • Assets, Threats & Vulnerabilities
  • Security Risk Analysis (Bus & Tech)
  • Secure Dev Processes (MS, BSI…)
  • Defense in Depth
  • Approach for this course
  • Introductory Case Study

Part 2: The Context for Secure Development

  • Assets to be protected
  • Threats Expected
  • Security Imperatives (int&external)
  • Organization's Risk Appetite
  • Security Terminology
  • Organizational Security Policy
  • Security Roles and Responsibilities
  • Security Training for Roles
  • Generic Security Goals & Requirements
  • Exercise: Our Own Security Context

Part 3: Security Requirements

  • Project-Specific Security Terms
  • Project-Related Assets & Security Goals
  • Product Architecture Analysis
  • Use Cases & MisUse/Abuse Cases
  • Dataflows with Trust Boundaries
  • Product Security Risk Analysis
  • Elicit, Categorize, Prioritize SecRqts
  • Validate Security Requirements
  • Exercise: Managing Security Requirements

Part 4: Designing Secure Software

  • High-Level Design
  • Architectural Risk Analysis
  • Design Requirements
  • Analyze Attack Surface
  • Threat Modeling
  • Trust Boundaries
  • Eliminate Race Objects
  • Detail-Level Design
  • Secure Design Principles
  • Use of Security Wrappers
  • Input Validation
  • Design Pitfalls
  • Validating Design Security
  • Pairing Mem Mgmt Functions
  • Exclude User Input from format strings
  • Canonicalization
  • TOCTOU
  • Close Race Windows
  • Taint Analysis
  • ​Exercise: A Secure Software Design, Instructor Q and A

Part 5: Writing Secure Code

  • Coding
  • Developer guidelines & checklists
  • Compiler Security Settings (per)
  • Tools to use
  • Coding Standards (per language)
  • Common pitfalls (per language)
  • Secure/Safe functions/methods
  • Stack Canaries
  • Encrypted Pointers
  • Memory Initialization
  • Function Return Checking (e.e. malloc)
  • Dereferencing Pointers
  • Integer type selection
  • Range Checking
  • Pre/post checking
  • Synchronization Primitives
  • Early Verification
  • Static Analysis (Code Review w/tools)
  • Unit & Dev Team Testing
  • Risk-Based Security Testing
  • Taint Analysis
  • Exercise: Secure Coding Q and A

Part 6: Testing for Software Security

  • Assets to be protected
  • Threats Expected
  • Security Imperatives (int&external)
  • Organization's Risk Appetite
  • Static Analysis
  • Dynamic Analysis
  • Risk-Based Security testing
  • Fuzz Testing (Whitebox vs Blackbox)
  • Penetration Testing (Whitebox vs Blackbox)
  • Attack Surface Review
  • Code audits
  • Independent Security Review
  • Exercise: Testing Software for Security

Part 7: Releasing & Operating Secure Software

  • Incident Response Planning
  • Final Security Review
  • Release Archive
  • OS Protections:
  • Address Space Layout Randomization
  • Non-Executable Stacks
  • W^X
  • Data Execution Prevention
  • Monitoring
  • Incident Response
  • Penetration Testing
  • Exercise: A Secure Software Release

Part 8: Making Software Development More Secure

  • Process Review
  • Getting Started
  • Priorities
  • Exercise: Your Secure Software Plan

How do I enroll?

A comprehensive listing of ExitCertified courses can be found here. You can register directly for the required course/location when you select "register". If you have any questions or prefer to speak with an ExitCertified education consultant directly, please submit your query here. A representative will contact you shortly.

How do I pay for a class?

You can pay at the time of registration using credit card (Mastercard/Visa/American Express) cheque or PO.

When does class start/end?

Classes begin promptly at 9:00 am, and typically end at 5:00 pm.

Does the course schedule include a Lunchbreak?

Lunch is normally an hour long and begins at noon. Coffee, tea, hot chocolate and juice are available all day in the kitchen. Fruit, muffins and bagels are served each morning. There are numerous restaurants near each of our centers, and some popular ones are indicated on the Area Map in the Student Welcome Handbooks - these can be picked up in the lobby or requested from one of our ExitCertified staff.

How can someone reach me during class?

If someone should need to contact you while you are in class, please have them call the center telephone number and leave a message with the receptionist.

What languages are used to deliver training?

Most courses are conducted in English, unless otherwise specified. Some courses will have the word "FRENCH" marked in red beside the scheduled date(s) indicating the language of instruction.

What does GTR stand for?

GTR stands for Guaranteed to Run; if you see a course with this status, it means this event is confirmed to run. View our GTR page to see our full list of Guaranteed to Run courses.

Thank you for the opportunity which let me enjoy the Core Spring class. Looking forward for more classes

ExitCertified did a good job in hosting this course. From the instructor to facilities. Good job!

It is very good and very simple instructions. almost to much hand holding.

Content is great and useful lab exercise which can be related to tasks performed at work.

Very detailed training.Effective for Devops with cloud responsibilities.The Tech explanation and lab is very informative.

32 options available

undo
  • Oct 15, 2020 Oct 16, 2020 (2 days)
    Location
    Virtual
    Language
    English
    Time
    8:30am 4:30pm EDT
    Enroll
    Enroll
  • Nov 12, 2020 Nov 13, 2020 (2 days)
    Location
    Virtual
    Language
    English
    Time
    11:30am 7:30pm EST
    Enroll
    Enroll
  • Dec 17, 2020 Dec 18, 2020 (2 days)
    Location
    Virtual
    Language
    English
    Time
    10:30am 6:30pm EST
    Enroll
    Enroll
  • Jan 5, 2021 Jan 6, 2021 (2 days)
    Location
    Virtual
    Language
    English
    Time
    8:30 AM 4:30 PM EST
    Enroll
    Enroll
  • Jan 14, 2021 Jan 15, 2021 (2 days)
    Location
    Cary, NC
    Language
    English
    Time
    8:30 AM 4:30 PM
    Enroll
    Enroll
  • Jan 19, 2021 Jan 20, 2021 (2 days)
    Location
    Virtual
    Language
    English
    Time
    8:30 AM 4:30 PM EST
    Enroll
    Enroll
  • Feb 9, 2021 Feb 10, 2021 (2 days)
    Location
    Virtual
    Language
    English
    Time
    8:30 AM 4:30 PM EST
    Enroll
    Enroll
  • Feb 22, 2021 Feb 23, 2021 (2 days)
    Location
    Madison, WI
    Language
    English
    Time
    8:30 AM 4:30 PM
    Enroll
    Enroll
  • Mar 1, 2021 Mar 2, 2021 (2 days)
    Location
    Virtual
    Language
    English
    Time
    8:30 AM 4:30 PM EST
    Enroll
    Enroll
  • Mar 18, 2021 Mar 19, 2021 (2 days)
    Location
    Phoenix, AZ
    Language
    English
    Time
    8:30 AM 4:30 PM
    Enroll
    Enroll
  • Mar 29, 2021 Mar 30, 2021 (2 days)
    Location
    Virtual
    Language
    English
    Time
    8:30 AM 4:30 PM EDT
    Enroll
    Enroll
  • Apr 12, 2021 Apr 13, 2021 (2 days)
    Location
    Virtual
    Language
    English
    Time
    8:30 AM 4:30 PM EDT
    Enroll
    Enroll
  • Apr 21, 2021 Apr 22, 2021 (2 days)
    Location
    Boston, MA
    Language
    English
    Time
    8:30 AM 4:30 PM
    Enroll
    Enroll
  • May 5, 2021 May 6, 2021 (2 days)
    Location
    Atlanta, GA
    Language
    English
    Time
    8:30 AM 4:30 PM
    Enroll
    Enroll
  • May 11, 2021 May 12, 2021 (2 days)
    Location
    Virtual
    Language
    English
    Time
    8:30 AM 4:30 PM EDT
    Enroll
    Enroll
Contact Us 1-800-803-3948
Contact Us Live Chat
FAQ Get immediate answers to our most frequently asked qestions. View FAQs arrow_forward