5-Days Instructor Led

This course is an introduction to the basic concepts of software engineering including the software lifecycle. Emphasis is placed on the requirements – design – implementation phases of the lifecycle.  Students will use various software development tools and exposed to software development methodologies including waterfall and agile. Best practices in software design and implementation with a view toward recognizing and avoiding weakness and vulnerabilities in software is a key part of this course.

Learning Objectives

Skills Learned:

• Potential sources for untrusted data
• Consequences for not properly handling untrusted data such as denial of service, cross-site scripting, and injections
• Test web applications with various attack techniques to determine the existence of and effectiveness of layered defenses
• Prevent and defend the many potential vulnerabilities associated with untrusted data
• Vulnerabilities of associated with authentication and authorization
• Detect, attack, and implement defenses for authentication and authorization functionality and services
• Dangers and mechanisms behind Cross-Site Scripting (XSS) and Injection attacks
• Detect, attack, and implement defenses against XSS and Injection attacks
• Concepts and terminology behind defensive, secure, coding
• Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against assets
• Perform both static code reviews and dynamic application testing to uncover vulnerabilities in Java-based web applications
• Fundamentals of XML Digital Signature and XML Encryption as well as how they are used within the web services arena
• Detect, attack, and implement defenses for XML-based services and functionality
• Techniques and measures that can used to harden web and application servers as well as other components in your infrastructure

Audience

Developers looking to gain a better understanding of how to write secure code.

Prerequisites

Students should have significant training or experience in a high level language such as C / C++ or Java.

Course Outline

1. The Software Engineering Process
2. Requirements Specification
3. Design and Implementation
4. Validation
5. Waterfall Model
6. Agile Software Development
7. Extreme Programming
8. Software Design and Implementation
9. Source code control
10. Libraries and Code reuse
11. Software Testing
12. Tools for automated testing
13. Secure Programming & Information Security Concepts
14. Risks & Threats
15. Information Assurance Pillars
16. Risk Management
17. Security Controls & Vulnerability Mitigation
18. Designing Secure Architecture
19. Security Vulnerabilities
20. Access Control
21. Cryptography
22. Programming Best Practices
23. Safe Library Functions