0345 4506120

Secure by Design

With the increase in cyber-attacks on business, it's time to start building security into new systems developments right from the start. The majority of successful cyber-attacks depend on exploiting a few well-known common vulnerabilities. This course will show how to design security in, and maintain that security throughout a systems life-cycle from initial requirements through to de-commissioning and disposal of assets.

Learning Objectives

Delegates will learn how to                    

  •   Understand the main SDLC Models, and their principal differences
  •   Be able to choose which SDLC model is most appropriate in a given situation.
  •   Learn how to apply secure development techniques from the initial design stage and throughout a development lifecycle
  •   Understand the latest (2013) OWASP vulnerabilities and how to counter/mitigate them
  •   Learn about useful system design tools
  •   Understand and learn how to apply secure design and coding techniques
  •   Discover resources to help introduce and use secure design and development techniques
  •   Understand the benefits of code review
  •   Understand various testing strategies
  •   Learn about encryption, securing and compromising passwords and meta data
  •   An introduction to the classification of security flaws

Pre-Requisites

A general understanding of current systems development practices, methodologies and languages, and a broad understanding of current threats and system vulnerabilities.

The intended audience is system architects, designers, analysts, developers, software testers, security practitioners, project managers and anyone with an interest in building and maintaining secure, robust systems.

This course is not designed for the experienced software developer and does not cover hands-on coding.

Course Content

Module 1 - Secure Development Lifecycle (SDLC)

  •   An overview of the main SDLC models
  •   Development models
  •   Configuration and source code management
  •   Risk analysis and mitigation

Module 2 - Secure By Design

  •   Security design architectures
  •   Security models and frameworks
  •   Systems design tools and methodologies

Module 3 - Application Security

  •   Vulnerabilities and mitigations available to any development environment
  •   Attack vectors and security controls
  •   The OWASP Top 10 in detail
  •   Vulnerability No. 1 - Injection
  •   Vulnerability No. 2 - Broken Authentication and Session management
  •   Vulnerability No. 3 - Cross Site Scripting (XSS)
  •   Vulnerability No. 4 - Insecure Direct Object References
  •   Vulnerability No. 5 - Security Misconfiguration
  •   Vulnerability No. 6 - Sensitive Data Exposure
  •   Vulnerability No. 7 - Missing Functional-level access control
  •   Vulnerability No. 8 - Cross-site request forgery
  •   Vulnerability No. 9 - Using Known Vulnerable Components
  •   Vulnerability No. 10 - Unvalidated Redirects and Forwards

Module 4 - Defensive Coding

  •   Secure coding techniques and principles.
  •   Methods of testing code, and code test analysis
  •   Using, compromising and defending encryption, hashes and passwords
  •   Classification of security flaws

Privacy Notice

In order to provide you with the service requested we will need to retain and use your contact information in accordance with our Privacy Notice. If you choose to provide us with this information you explicitly consent to us using the information as necessary to provide the request service to you. If you do not agree please do not proceed to request the service from us.

Marketing Permissions

Would you like to receive our newsletter and other information on products and services which we think will be of interest to you by email. We will always treat your information with care and in accordance with our Privacy Notice. You are free to withdraw this permission at any time.

 

Virtual Classroom

Virtual classrooms provide all the benefits of attending a classroom course without the need to arrange travel and accomodation. Please note that virtual courses are attended in real-time, commencing on a specified date.

Virtual Course Dates

Our Customers Include