Home > Course Catalog > Security > Application Security

Secure Software Design

This outline is also available in these languages: ??languagelist??

Course #:

SPSE-105

Format:

Classroom

Duration:

3 days

Price*:

2,100.00 USD

Professional Development Units:

Continuing Development Units:

Course Tier: ??Tier??

Per Student Kit Price: ??KitPricePerStudent??

ibm Learning Experience Accelerated class also available Accelerated Class

MEETING BUSINESS REQUIREMENTS

We will shape this course to maximize value in your organization by meeting your implementations standards. Inquire for a complementary preliminary needs analysis by clicking the Contact Us button below.

Delivery Options:

Public Scheduled Classes - Register for classes below Search Catalog Sign Up to be notified
Self-Paced Training - Purchase below Search Catalog
Public Scheduled Webinar - Register below Sign Up to be notified
Webinar Recording - View Now

Custom Group Training - Request a proposal


See all
Format
  PDF
Self-Paced
Purchase ??country-to-buy-from?? course Add to Cart Purchase
here's the message from the cart

To view the cart, you can click "View Cart" on the right side of the heading on each page
Close
Client specified


 
Classes marked with a are Guaranteed to Run on the scheduled dates. Classes marked with a will be Guaranteed to Run with one more paid registration.
 
 

There are ??othercoursecount?? similar courses in different countries and/or formats.Click here to see them.

This course is available in these other formats: ??otherformatlist??

Need a customized class for your group? Contact Us.

No classes scheduled? Sign Up to be notified when new classes are added.


*Public Price per Student


This Secure Software Design course is designed to provide students with the skills required to recognize software vulnerabilities (actual and potential) and design defenses for those vulnerabilities. This course quickly introduces developers to the various types of threats against their software.

During this three-day course, students will be led through a series of advanced topics, where most topics consist of lecture, group discussion, comprehensive hands-on lab exercises, and lab review.

The initial portion of the course lays down the foundation in basic terminology and concepts that is built upon in subsequent lessons. The second portion of the course steps through a series of vulnerabilities illustrating in very real terms the right way to implement secure software applications. The last portion of the course examines several design patterns that can be used to facilitate better application architecture, design, implementation, and deployment.
 


Upon completion of the Secure Software Design course, students will be able to:
  • Understand the concepts and terminology behind defensive coding
  • Understand and use Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets
  • Learn the entire spectrum of threats and attacks that take place against software applications in today’s world
  • Use Threat Modeling to identify potential vulnerabilities in a real life case study
  • Understand and implement the processes and measures associated with the security development lifecycle (SDL)
  • Acquire the skills, tools, and best practices for design reviews as well as testing initiatives
  • Understand the basics of security testing and planning
  • Work through a comprehensive testing plan for recognized vulnerabilities and weaknesses

  • Software architects, designers, developers, and project stakeholders

Take Before: Students should have an understanding and a working knowledge in basic web application development. Students should have experience similar to:
  • TT4000 Understanding Internet Architectures

  1. INTRODUCTION: MISCONCEPTIONS
    • SECURITY: The complete picture
    • SEVEN deadly assumptions
    • ANTHEM, Sony, Target, Heartland, and TJX debriefs
    • CAUSES of data breaches
    • MEANING of being compliant
    • VERIZON’S 2015 data breach report
    • 2015 PCI compliance report
  2. LESSON: SECURITY CONCEPTS
    • MOTIVATIONS: costs and standards
    • OPEN web application security project
    • WEB application security consortium
    • CERT secure coding standards
    • ASSETS are the targets
    • SECURITY activities cost resources
    • THREAT modeling
    • SYSTEM/TRUST boundaries
  3. LESSON: PRINCIPLES OF INFORMATION SECURITY
    • SECURITY is a lifecycle issue
    • MINIMIZE attack surface area
    • LAYERS of defense: Tenacious D
    • COMPARTMENTALIZE
    • CONSIDER all application states
    • DO NOT trust the untrusted
  4. LESSON: VULNERABILITIES
    • UNVALIDATED input
    • BROKEM authentication
    • CROSS site scripting (XSS/CSRF)
    • INJECTION flaws
    • ERROR handling, logging, and information leakage
    • INSECURE storage
    • DIRECT object access
    • XML vulnerabilities
    • WEB services vulnerabilities
    • AJAX vulnerabilities
  5. LESSON: UNDERSTANDING WHAT’S IMPORTANT
    • COMMON vulnerabilities and exposures
    • OWASP top ten for 2013
    • CWE/SANS top 25 most dangerous SW errors
    • MOTNER mitigations
    • STRENGTH training: Project teams/developers
    • STRENGTH training: IT organizations
  6. LESSON: SECURITY DESIGN PATTERNS
    • AUTHENTICATION enforcer
    • AUTHORIZATION enforcer
    • INTERCEPTING validator
    • SECURE base action
    • SECURE logger
    • SECURE pipe
    • SECURE service proxy
    • INTERCEPTING web agent
  7. LESSON: APPLYING PROCESSES AND PRACTICES
    • AWARENESS
    • APPLICATION assessments
    • SECURITY requirements
    • SECURE development practices
    • SECURITY architecture/design review
    • SECURITY code review
    • CONFIGURATION management and deployment
    • VULNERABILITY remediation procedures
  8. LESSON: RISK ANALYSIS
    • THREAT modeling process
    • 1. IDENTIFY security objectives
    • 2. DESCRIBE the system
    • 3. LIST assets
    • 4. DEFINE system/trust boundaries
    • 5. LIST and rank threats
    • 6. LIST defenses and countermeasures
    • THREAT modeling tools
  9. LESSON: TESTING TOOLS AND PROCESSES
    • SECURITY testing principles
    • BLACK box analyzers
    • STATIC code analyzers
    • CRITERIA for selecting static analyzers
  10. LESSON: TESTING PRACTICES
    • OWASP web app penetration testing
    • AUTHENTICATION testing
    • SESSION management testing
    • DATA validation testing
    • DENIAL of service testing
    • WEB services testing
    • AJAX testing

??Testimonials??


This course is included in the following Roadmaps:
2016 IBM Choice Award

LearnQuest Learning Library

Free training resources.
Visit the library 

Guaranteed to Run

View all GTR Courses here  

Transform Your Business and Invest Effectively in Your IT

LearnQuest Enterprise Architecture Course Series  

Follow LearnQuest