About this product

Course code QASECDEVVBL

With the increase in cyber-attacks on business, it's time to start building security into new systems developments right from the start. The majority of successful cyber-attacks depend on exploiting a few well-known common vulnerabilities. This course will show how to design security in, and maintain that security throughout a systems life-cycle from initial requirements through to de-commissioning and disposal of assets.

Prerequisites

  • A general understanding of current systems development practices, methodologies and languages, and a broad understanding of current threats and system vulnerabilities.
  • The intended audience is system architects, designers, analysts, developers, software testers, security practitioners, project managers and anyone with an interest in building and maintaining secure, robust systems.
  • This course is not designed for the experienced software developer and does not cover hands-on coding.

Delegates will learn how to

  • Understand the main SDLC Models, and their principal differences
  • Be able to choose which SDLC model is most appropriate in a given situation.
  • Learn how to apply secure development techniques from the initial design stage and throughout a development lifecycle
  • Understand the latest (2013) OWASP vulnerabilities and how to counter/mitigate them
  • Learn about useful system design tools
  • Understand and learn how to apply secure design and coding techniques
  • Discover resources to help introduce and use secure design and development techniques
  • Understand the benefits of code review
  • Understand various testing strategies
  • Learn about encryption, securing and compromising passwords and meta data
  • An introduction to the classification of security flaws

Outline

Module 1 - Secure Development Lifecycle (SDLC)

  • An overview of the main SDLC models
  • Development models
  • Configuration and source code management
  • Risk analysis and mitigation

Module 2 - Secure By Design

  • Security design architectures
  • Security models and frameworks
  • Systems design tools and methodologies

Module 3 - Application Security

  • Vulnerabilities and mitigations available to any development environment
  • Attack vectors and security controls
  • The OWASP Top 10 in detail
  • Vulnerability No. 1 - Injection
  • Vulnerability No. 2 - Broken Authentication and Session management
  • Vulnerability No. 3 - Cross Site Scripting (XSS)
  • Vulnerability No. 4 - Insecure Direct Object References
  • Vulnerability No. 5 - Security Misconfiguration
  • Vulnerability No. 6 - Sensitive Data Exposure
  • Vulnerability No. 7 - Missing Functional-level access control
  • Vulnerability No. 8 - Cross-site request forgery
  • Vulnerability No. 9 - Using Known Vulnerable Components
  • Vulnerability No. 10 - Unvalidated Redirects and Forwards

Module 4 - Defensive Coding

  • Secure coding techniques and principles.
  • Methods of testing code, and code test analysis
  • Using, compromising and defending encryption, hashes and passwords
  • Classification of security flaws
Delivery Method

Delivery method

Video learning

Modular video that can be streamed directly to your computer or mobile device so you can learn wherever you are.

Total price: £745

Secure by Design - Video Based Learning
Code: QASECDEVVBL

Buy now

Trusted, awarded and accredited

Fully accredited to ensure we provide the highest possible standards in learning

All third party trademark rights acknowledged.