|
| |
Clearly defines the software security problem |
| |
Introduces and describes a set of software security best practices called touchpoints that can be integrated into any existing software development lifecycle |
| |
Describes how and why software is exploited |
| |
Delves deeply into architectural risk analysis, security testing, and the use of advanced tools for code review |
| |
Shows why software security is everyone's job |
| |
Provides a clear roadmap for an enterprise software security program |
Software vulnerability and software exploit are the root cause of a majority of computer security problems. In fact, software is the target of choice for real hackers. The key to proactive computer security thus involves getting a risk management handle on the software security problem. This comprehensive two-day course—designed by the experts who literally wrote the book on software security— provides detail and depth to the 1-day Foundations course with expanded coverage and more exercises aimed at a technically savvy audience. The course describes the problems in software security and explains an approach to infusing software security into the development process through risk management, software security touchpoints, and historical knowledge of software security vulnerabilities.
After successfully completing this course, you will: |
| |
Understand in detail why software developers, architects, and managers need to make software security an integral part of their jobs |
| |
Understand the state of the art in software security best practices and how they apply to your organization |
| |
Know why risk management requires a clear understanding of business context and how to use business-case justification of security design to strike the proper balance between security and business |
| |
Understand security bugs at the implementation level as well as security flaws at the design level and how to identify and eradicate them throughout the software development lifecycle |
| |
Gain a clear understanding of how software can be tested for security to improve your organization’s capability to build solid secure code |
| |
Understand why “building security in” is the right approach for the business |
| |
Have a high-level understanding of the fundamental approaches for building secure software |
| |
Be prepared for additional courses that drill down into details of each of the key areas |
This course is intended for technical staff involved in software development and testing, including engineering managers, development leads, software engineers, application and security architects, and quality assurance and test personnel. The content is technical and includes code examples, use of tools, and interactive exercises.
Attendees should simply have a technical understanding of the software development lifecycle, whether in general or with a specific methodology (e.g., Spiral, Extreme, Waterfall, Agile, etc.). Familiarity with C, C++, or Java is a plus. Background knowledge of security is not required.
This course is usually delivered by John Steven, Pravir Chandra Gary McGraw and Paco Hope.
|