SI Secure
SI Secure
IndustriesServicesProductsCompanyLibrary
Products | TeamProfessor


Application Security Fundamentals

Try Course Download
Course Curriculum or Data Sheet		 Contact
+1.978.694.1008 x1 or Web form

This two-part course is ideal for security and development practitioners that want to understand software security risk and seek specific implementation guidance on how to build and deploy more secure software applications.  It starts off describing why software security is critical and the risk that software vulnerabilities represent, and proceeds to lay the foundation for secure software development by presenting specific security controls and principles that development teams can implement immediately to reduce software risk. Objectives include:

  • Recognize the need for managing application security risk

  • Understand and leverage the OWASP top 10 list

  • Learn how to implement specific software security controls and principles to reduce software risk

 MODULES

Introduction to Software Security
This module presents trends in the attack landscape, the attacker mindset, the concept of software security risk and the need to manage this risk as an organization

Challenging Security Misconceptions
This module presents common and dangerous misconceptions that lead to a false sense of security, including:
 

  • Client-side security does not exist

  • QA is not security testing

  • The application is not the network

  • Tools are not solutions

  • Patches do not guarantee security

  • All software applications have bugs

Security Principles
This module describes specific principles that help guide design, coding and implementation decisions
 

  • Layered security/defense in depth

  • Segmentation

  • Structural security

  • Principle of least privilege

  • Default to deny all

  • Handling input and output
The OWASP Top Ten List
This module explains the OWASP Top Ten Threats, how each threat works, its impact and the best way to mitigate.

 
Security Goals and Controls
This module presents the goal of secure software design and security controls that will help mitigate software risk
 

  • Confidentiality, Integrity, Availability

  • Error/exception handling

  • Authentication, Authorization/access control

  • Cryptography and encryption

Security in the Software Development Lifecycle (SDLC)
This module prescribes specific activities for each phase of the SDLC: Requirements, Design, Development, Testing, Production, Maintenance
 
Assessment
This module concludes with an assessment that contains 15 questions aimed at measuring the effectiveness of the training.
   
Visit our online Training Center to sample this course for free

 

For more information,  please contact us at +1.978.694.1008 x1 or by web form

 

back to the top of the page