Software Security In Depth

PT6291
Summary
This course teaches the students how to develop secure software in today's complex internetworked environment. Students will receive a deep and thorough understanding of the most prevalent and dangerous security development defects in today's complex and internetworked computing environments. Additionally, they will learn practical and actionable guidance on how to avoid making these common mistakes.The class starts with a description of the security problems faced by today's software developer, as well as a detailed description of the CWE/SANS 25 Most Dangerous Programming Errors (www.sans.org/top25errors). These defects are studied in instructor-lead sessions as well as in hands-on lab exercises in which each student learns how to actually exploit the defects. (The labs are performed in safe test environments.)Remediation techniques and strategies are then studied for each defect. Practical guidelines on how to integrate secure development practices into the software development process are then presented and discussed.
Duration
5 Days/Lecture & Lab
Audience
The ideal student for this tutorial is a hands-on web application developer or architect who is looking for a fundamental understanding of today's best practices in secure software development.
Topics
  • Preparation Phase Understanding the problem
  • Overview of available solutions
  • Lab setup and demo
  • Software security defects
  • Processes - Design activities
  • Processes - Security testing
  • Processes in depth - Static code analysis
  • Getting started
  • Contest - The Challenge!

Related Scheduled Courses