Home > Course Catalog > Security > Application Security

Secure Software Design

This outline is also available in these languages: ??languagelist??

Course #:





3 days


2,100.00 USD

Professional Development Units:

Continuing Development Units:

Course Tier: ??Tier??

Per Student Kit Price: ??KitPricePerStudent??

ibm Learning Experience Accelerated class also available Accelerated Class


We will shape this course to maximize value in your organization by meeting your implementations standards. Inquire for a complementary preliminary needs analysis by clicking the Contact Us button below.

Delivery Options:

Public Scheduled Classes - Register for classes below Search Catalog Sign Up to be notified
Self-Paced Training - Purchase below Search Catalog
Public Scheduled Webinar - Register below Sign Up to be notified
Webinar Recording - View Now

Custom Group Training - Request a proposal

See all
Purchase ??country-to-buy-from?? course Add to Cart Purchase
here's the message from the cart

To view the cart, you can click "View Cart" on the right side of the heading on each page
Client specified

Classes marked with a are Guaranteed to Run on the scheduled dates. Classes marked with a will be Guaranteed to Run with one more paid registration.

There are ??othercoursecount?? similar courses in different countries and/or formats.Click here to see them.

This course is available in these other formats: ??otherformatlist??

Need a customized class for your group? Contact Us.

No classes scheduled? Sign Up to be notified when new classes are added.

*Public Price per Student

This course is designed to provide students with the knowledge and skills required to recognize software vulnerabilities (actual and potential) and design defenses for those vulnerabilities. This course quickly introduces developers to the various types of threats against their software. The concept and process of Threat Risk Modeling is introduced as a key enabler for architecting effective and appropriate security for software and information assets.

This course combines expert lecture with open discussions, high-level demonstrations and extensive hands-on labs. It is an intermediate level software design course.


Upon completion of the course, students will be able to:
  • Explain the concepts and terminology behind defensive coding
  • Identify software vulnerabilities based on realistic threats against meaningful assets using Threat Risk Modeling
  • Describe the entire spectrum of threats and attacks that take place against software applications in today’s world
  • Identify potential vulnerabilities in a real life case study using Threat Risk Modeling
  • Explain and implement the processes and measures associated with the security development lifecycle (SDL)
  • Acquire the skills, tools and best practices for design reviews as well as testing initiatives
  • List the basics of security testing and planning
  • Work through a comprehensive testing plan for recognized vulnerabilities and weaknesses

  • Software Architects
  • Software Designers
  • Software Developers
  • Project Stakeholders

  • Basic familiarity with software design and technologies
  • Basic experience in real-world programming
  • At least six months to a year of working knowledge of a programming language is recommended

  1. Defensive Coding Overview
    • Security concepts
    • Principles of defensive coding
    • Threat Risk Modeling
    • Threat Risk Modeling of case study
  2. Vulnerabilities
    • Unvalidated input
    • Broken authentication
    • Cross Site Scripting (XSS)
    • Injection flaws
    • Error handling, logging, and information leakage
    • Insecure storage
    • Direct object access
    • XML vulnerabilities
    • Web services vulnerabilities
    • Ajax vulnerabilities
  3. Defensive Coding Applied
    • Basic principles revisited
    • Defensive coding
  4. Security Design Patterns
    • Authentication enforcer
    • Authorization enforcer
    • Intercepting validator
    • Secure base action
    • Secure logger
    • Secure pipe
    • Secure service proxy
    • Intercepting Web agent
  5. Security Development Lifecycle (SDL)
    • SDL process overview
      • CLASP defined
      • CLASP applied
    • Asset identification
    • Boundary identification
    • Vulnerability identification
    • Vulnerability response
    • Design and code reviews
    • Applying processes and practices
    • Risk analysis
  6. Security Testing
    • Testing as lifecycle process
    • Testing planning and documentation
    • Testing tools
    • Static and dynamic code analysis
    • Approaches for testing
      • Information leakage
      • Business logic
      • Authentication
      • Session management
      • Input data validation
      • Denial of service
      • Web services


This course is included in the following Roadmaps:
2016 IBM Choice Award

LearnQuest Learning Library

Free training resources.
Visit the library 

Guaranteed to Run

View all GTR Courses here  

Transform Your Business and Invest Effectively in Your IT

LearnQuest Enterprise Architecture Course Series  

Follow LearnQuest