Let’s make it work for you
- Categories:
- Cyber Security
- Level:
- Fundamentals
- Code:
- QASECDEV
- Exam:
- Not Applicable
Overview
This course teaches how to design, build, test, and operate secure software in modern development environments. It replaces bolt-on security approaches with secure-by-design practices embedded across the full system lifecycle, from architecture and development through deployment and operations. Learners explore how security integrates with DevOps and CI/CD pipelines, then apply secure design and threat modelling techniques to identify and manage risk early. The course develops practical understanding of security testing, vulnerability management, identity and access control, data security, and cryptography, forming a strong foundation for secure application development.
Real-world weaknesses are examined using the latest OWASP Top 10, showing how vulnerabilities emerge and how they can be prevented through better design, coding, and configuration. Software supply chain risks, including third-party components and cloud-native dependencies, are also covered. The course extends into AI security, introducing the AI lifecycle, AI-specific threats, and the ETSI EN 304 233 global standard for securing large language models, agentic systems, data, and prompts. By the end of the course, learners can apply secure engineering practices to build resilient, trustworthy software and AI-enabled systems.
Prerequisites
There are no prerequisites for this course.
This course does not include hands-on coding. Learners looking for implementation-focused skills can continue through QA’s Secure Engineering learning pathway.
Target audience
This course is designed for:
- Software developers, DevOps engineers, and architects integrating security into the system development lifecycle
- Security engineers and IT professionals responsible for secure design, testing, and operations
- Technical leaders and managers seeking to reduce software and AI system risk
- Professionals new to secure development who need a structured foundation
What's included
Select your preferred way to learn:
What is Virtual?
Live, instructor-led training delivered online
Interactive online sessions led by subject matter experts. Learners join live classes, take part in discussions, and complete practical exercises from any location, making it easy to fit collaborative learning into busy schedules.
If you prefer to connect to a course that is taking place in a physical classroom, you can choose our Remote Access option. .
Best for: Teams and individuals who want expert guidance, real-time collaboration, and flexible access.
What's included?
2 Days instructor led course
6 month free access to QA learning platform
Free 6-Month Access: Learning Platform Discovery plan
Included FREE with every instructor‑led course
Get free guided access to the QA Learning Platform. Assess your skills, explore in-demand topics, and understand which areas to focus on.
Learn AI, Cloud, Data, and Leadership skills at your own pace.
Put skills into practice with hands-on Labs and Simulabs.
Validate knowledge and highlight gaps with skills assessments.
What is bespoke training?
Custom instructor-led training designed by QA to fit your needs
Tailored programmes built around your organisation’s goals, challenges, and skill levels. Delivered in the format that suits you to maximise relevance and impact.
Best for: Organisations and teams looking to target specific business priorities and capabilities with QA subject matter expertise.
Find out more about the course:
Learning outcomes
By the end of this course, learners will be able to:
- Integrate security throughout the entire system lifecycle rather than treating it as a final testing step
- Apply secure-by-design principles when planning, architecting, and building software systems
- Identify, assess, and prioritise cyber threats using structured threat modelling and risk assessment methods
- Embed automated security testing and vulnerability management into modern DevOps and CI/CD practices
- Design and implement strong identity, access control, and Zero Trust principles in applications and APIs
- Protect sensitive information using data security controls and applied cryptography
- Recognise and mitigate critical application security risks, including those in the OWASP Top 10
- Understand and manage software supply chain risks, including third-party dependencies
- Apply security principles to cloud-native and distributed architectures
- Explain how AI systems introduce new attack surfaces and risk categories
- Identify and mitigate vulnerabilities in LLMs, agentic systems, and AI-generated code
- Use emerging frameworks and standards to secure AI models, data, prompts, and infrastructure
- Adapt traditional security practices for AI-driven and autonomous systems
- Contribute to a culture of continuous security monitoring and improvement
Course outline
Secure development lifecycle
- Overview of common SDLC models and their security implications
- Extending the SDLC to include operations and system retirement
- DevOps and DevSecOps development models
- Risks of treating security as an afterthought
- Embedding security controls into CI/CD pipelines
- Continuous security integration and feedback loops
Secure-by-design and threat modelling
- Software Security Code of Practice principles
- Secure-by-design concepts and risk-driven decision making
- Threat actors, motivations, and common targets
- Assets, threats, and risk categories
- Threat modelling purpose and benefits
- Threat modelling methodologies including STRIDE and PASTA
- Threat rating using DREAD
- Practical threat modelling process from asset identification to risk prioritisation
Security testing and vulnerability management
- Common vulnerabilities across modern development environments
- Vulnerability identification and management lifecycle
- Automated security testing in CI/CD pipelines
- Static, dynamic, and software composition analysis tools
- Pre-deployment scanning and quality gates
- Penetration testing purpose, value, and limitations
- Risk-based vulnerability prioritisation and remediation
Identity and access management
- Identity and access management concepts and attributes
- Identification, authentication, authorisation, and accountability
- Multi-factor authentication and federated identity
- Authorisation versus access control
- Least privilege and privileged access management
- API security considerations
- Applying Zero Trust principles in modern applications
Data security
- Core data security principles
- Protecting data in use, in transit, and at rest
- Data masking, tokenisation, and pseudonymisation
- Secure handling of sensitive data in applications and APIs
Cryptography fundamentals
- Cryptography and the confidentiality, integrity, and availability model
- Symmetric and asymmetric encryption
- Hybrid encryption approaches
- Certificates, public key infrastructure, and trust models
- Hardware security modules and key protection
- Introduction to post-quantum cryptography
Application security and OWASP Top 10
- Purpose and structure of the OWASP Top 10
- Overview of recent changes and emerging risk trends
- Coverage of the entire top ten, with case studies and modern mitigation
- Broken access control and authentication failures
- Security misconfiguration and insecure design
- Injection vulnerabilities and cryptographic failures
- Software and data integrity failures
- Logging, monitoring, and alerting weaknesses
- Software supply chain vulnerabilities and SBOM concepts
- Secure coding, configuration, and cloud audit readiness
- Learning from real-world vulnerability case studies
AI security foundations
- The AI system lifecycle and security considerations
- ETSI EN 304 233 principles for securing AI systems
- Identifying and protecting AI assets including models, data, and prompts
- Risks from AI-generated code and autonomous workflows
- LLM-specific threats such as prompt injection, overreliance, and model theft
- Agentic AI risks including excessive agency and cascading failures
- AI security frameworks including MITRE ATLAS and NIST AI risk models
- AI-focused threat modelling using STRIDE-AI and DREAD
- Security challenges in autonomous and NoOps environments
Exams and assessments
There are no formal exams or certifications associated with this course. Learners complete structured knowledge checks and scenario-based exercises throughout the course to reinforce key concepts and validate understanding.
Hands-on learning
The course includes practical threat modelling activities, secure design exercises, and guided case studies. Learners apply security concepts to realistic software and AI-enabled scenarios, focusing on risk identification, mitigation strategies, and decision making rather than hands-on coding.
Good to know
Why choose QA
- Award-winning training, top NPS scores
- Nearly 300,000 learners in 2020
- Our training experts are industry leaders
- Read more about QA
Cyber Security learning paths
Want to boost your career in cyber security? Click on the roles below to see QA's learning pathways, specially designed to give you the skills to succeed.
Software learning paths
Want to boost your career in software engineering? Click on the roles below to see QA's learning pathways, specially designed to give you the skills to succeed.
Secure Engineering learning paths
Want to boost your career in Secure Engineering? View QA's learning pathway below, specially designed to give you the skills to succeed.
Related courses
Get in touch for team bookings and exclusive discounts
Ready to book? Complete the form and a member of our team will be in touch shortly to discuss your options.
Let’s make it work for you. Speak to one of our learning experts today.
What our customers are saying
“I would say the secure software engineering programme QA built, is beyond training. It is more around making transformation in the mindset of people, and this was exactly what we are looking for.”
Emil Minev
Senior Consultant & Programme Manager, Paysafe Group
“I really enjoyed the practical experience given by the labs, and also being able to make use of the expertise of the trainers and learn tips and tricks from them. Overall, it was an excellent overview of the cyber security profession as a whole. The learning experience was fun and exciting!”
QA learner
“I loved learning about Open Source Intelligence - the things you can do just with Google are amazing! Also, being able to meet, work with, and chat to other people interested in cyber was fantastic.”
QA learner
Portfolio Director
Richard Beck
Portfolio Director – Cyber
Frequently asked questions
How can I create an account on myQA.com?
There are a number of ways to create an account. If you are a self-funder, simply select the "Create account" option on the login page.
If you have been booked onto a course by your company, you will receive a confirmation email. From this email, select "Sign into myQA" and you will be taken to the "Create account" page. Complete all of the details and select "Create account".
If you have the booking number you can also go here and select the "I have a booking number" option. Enter the booking reference and your surname. If the details match, you will be taken to the "Create account" page from where you can enter your details and confirm your account.
Find more answers to frequently asked questions in our FAQs: Bookings & Cancellations page.
How do QA’s virtual classroom courses work?
Our virtual classroom courses allow you to access award-winning classroom training, without leaving your home or office. Our learning professionals are specially trained on how to interact with remote attendees and our remote labs ensure all participants can take part in hands-on exercises wherever they are.
We use the WebEx video conferencing platform by Cisco. Before you book, check that you meet the WebEx system requirements and run a test meeting to ensure the software is compatible with your firewall settings. If it doesn’t work, try adjusting your settings or contact your IT department about permitting the website.
How do QA’s online courses work?
QA online courses, also commonly known as distance learning courses or elearning courses, take the form of interactive software designed for individual learning, but you will also have access to full support from our subject-matter experts for the duration of your course. When you book a QA online learning course you will receive immediate access to it through our e-learning platform and you can start to learn straight away, from any compatible device. Access to the online learning platform is valid for one year from the booking date.
All courses are built around case studies and presented in an engaging format, which includes storytelling elements, video, audio and humour. Every case study is supported by sample documents and a collection of Knowledge Nuggets that provide more in-depth detail on the wider processes.
When will I receive my joining instructions?
Joining instructions for QA courses are sent two weeks prior to the course start date, or immediately if the booking is confirmed within this timeframe. For course bookings made via QA but delivered by a third-party supplier, joining instructions are sent to attendees prior to the training course, but timescales vary depending on each supplier’s terms. Read more FAQs.
When will I receive my certificate?
Certificates of Achievement are issued at the end the course, either as a hard copy or via email. Read more here.
