With the increase in cyber-attacks on business, it’s time to start building security into new systems developments right from the start. The majority of successful cyber-attacks depend on exploiting a few well-known common vulnerabilities. This course will show how to design security in, and maintain that security throughout a systems life-cycle from initial requirements through to de-commissioning and disposal of assets.
- Understand the main SDLC Models, and their principal differences
- Be able to choose which SDLC model is most appropriate in a given situation.
- Learn how to apply secure development techniques from the initial design stage and throughout a development lifecycle
- Understand the latest (2013) OWASP vulnerabilities and how to counter/mitigate them
- Learn about useful system design tools
- Understand and learn how to apply secure design and coding techniques
- Discover resources to help introduce and use secure design and development techniques
- Understand the benefits of code review
- Understand various testing strategies
- Learn about encryption, securing and compromising passwords and meta data
- An introduction to the classification of security flaws
Module 1 – Secure Development Lifecycle (SDLC)
- An overview of the main SDLC models
- Development models
- Configuration and source code management
- Risk analysis and mitigation
Module 2 – Secure By Design
- Security design architectures
- Security models and frameworks
- Systems design tools and methodologies
Module 3 – Application Security
- Vulnerabilities and mitigations available to any development environment
- Attack vectors and security controls
- The OWASP Top 10 in detail
- Vulnerability No. 1 – Injection
- Vulnerability No. 2 – Broken Authentication and Session management
- Vulnerability No. 3 – Cross Site Scripting (XSS)
- Vulnerability No. 4 – Insecure Direct Object References
- Vulnerability No. 5 – Security Misconfiguration
- Vulnerability No. 6 – Sensitive Data Exposure
- Vulnerability No. 7 – Missing Functional-level access control
- Vulnerability No. 8 – Cross-site request forgery
- Vulnerability No. 9 – Using Known Vulnerable Components
- Vulnerability No. 10 – Unvalidated Redirects and Forwards
Module 4 – Defensive Coding
- Secure coding techniques and principles.
- Methods of testing code, and code test analysis
- Using, compromising and defending encryption, hashes and passwords
- Classification of security flaws
A general understanding of current systems development practices, methodologies and languages, and a broad understanding of current threats and system vulnerabilities.
The intended audience is system architects, designers, analysts, developers, software testers, security practitioners, project managers and anyone with an interest in building and maintaining secure, robust systems.
This course is not designed for the experienced software developer and does not cover hands-on coding.