Course Description

This course will provide an in-depth study of the principals and tenets of the design and development process of secure software used to provide enhanced cyber security. It will review the traditional models of software development, with the idea that a developer or project manager must strategize for security before starting development. Attendees will understand how to gather and plan for security requirements in development. The course will explore how vulnerabilities can be mapped and planned for. Attendees will understand how to run an effective development process, culminating with implementa-tion, and how to review and test software. Finally, the course will introduce the concept of software assurance and its role in the cyber security paradigm.

Course Objectives

At the end of the training, attendees are expected to:

  1. Discuss the implications of relying on open design or the secrecy of design for security
  • Describe why each of the three principle of security is important to the overall software security
  • Identify the needed software design principle
  • Identify common attack vectors; including buffer over ow, XSS, SQLi, RCE, …
  • Describe the importance of writing secure and robust programs
  • Describe the concept of privacy including personally identi able information
  • Differentiate between secure coding and patching and explain the advantage of using secure coding techniques
  • Discuss the ethical issues in disclosing vulnerabilities