0345 4506120

Secure by Design Video Learning

Overview

With the increase in cyber-attacks on business, it's time to start building security into new systems developments right from the start. The majority of successful cyber-attacks depend on exploiting a few well-known common vulnerabilities. This course will show how to design security in, and maintain that security throughout a systems life-cycle from initial requirements through to de-commissioning and disposal of assets.

What's Included

2 hours of Video Learning

Tutor Support for the duration of the course

12 months access to the course

More Information

Prerequisites                    

  •   A general understanding of current systems development practices, methodologies and languages, and a broad understanding of current threats and system vulnerabilities
  •   The intended audience is system architects, designers, analysts, developers, software testers, security practitioners, project managers and anyone with an interest in building and maintaining secure, robust systems
  •   This course is not designed for the experienced software developer and does not cover hands-on coding

Delegates will learn how to                    

  •   Understand the main SDLC Models, and their principal differences
  •   Be able to choose which SDLC model is most appropriate in a given situation.
  •   Learn how to apply secure development techniques from the initial design stage and throughout a development lifecycle
  •   Understand the latest (2013) OWASP vulnerabilities and how to counter/mitigate them
  •   Learn about useful system design tools
  •   Understand and learn how to apply secure design and coding techniques
  •   Discover resources to help introduce and use secure design and development techniques
  •   Understand the benefits of code review
  •   Understand various testing strategies
  •   Learn about encryption, securing and compromising passwords and meta data
  •   An introduction to the classification of security flaws

Outline                    

Module 1 - Secure Development Lifecycle (SDLC)

  •   An overview of the main SDLC models
  •   Development models
  •   Configuration and source code management
  •   Risk analysis and mitigation

Module 2 - Secure By Design

  •   Security design architectures
  •   Security models and frameworks
  •   Systems design tools and methodologies

Module 3 - Application Security

  •   Vulnerabilities and mitigations available to any development environment
  •   Attack vectors and security controls
  •   The OWASP Top 10 in detail
  •   Vulnerability No. 1 - Injection
  •   Vulnerability No. 2 - Broken Authentication and Session management
  •   Vulnerability No. 3 - Cross Site Scripting (XSS)
  •   Vulnerability No. 4 - Insecure Direct Object References
  •   Vulnerability No. 5 - Security Misconfiguration
  •   Vulnerability No. 6 - Sensitive Data Exposure
  •   Vulnerability No. 7 - Missing Functional-level access control
  •   Vulnerability No. 8 - Cross-site request forgery
  •   Vulnerability No. 9 - Using Known Vulnerable Components
  •   Vulnerability No. 10 - Unvalidated Redirects and Forwards

Module 4 - Defensive Coding

  •   Secure coding techniques and principles.
  •   Methods of testing code, and code test analysis
  •   Using, compromising and defending encryption, hashes and passwords
  •   Classification of security flaws

Related Courses

Our Customers Include