25,000+ Courses Nationwide
0203 908 2376

Secure by Design

With the increase in cyber-attacks on business, it's time to start building security into new systems developments right from the start. The majority of successful cyber-attacks depend on exploiting a few well-known common vulnerabilities. This course, updated for 2018, will show you how security can be designed into, managed and maintained within a development lifecycle.

Select specific date to see price, venue and full details.

Learning Objectives

Delegates will learn how to                    

  •   Understand the main SDLC Models, and their principal differences
  •   Be able to choose which SDLC model is most appropriate in a given situation.
  •   Learn how to apply secure development techniques from the initial design stage and throughout a development lifecycle
  •   Understand the latest (2013) OWASP vulnerabilities and how to counter/mitigate them
  •   Learn about useful system design tools
  •   Understand and learn how to apply secure design and coding techniques
  •   Discover resources to help introduce and use secure design and development techniques
  •   Understand the benefits of code review
  •   Understand various testing strategies
  •   Learn about encryption, securing and compromising passwords and meta data
  •   An introduction to the classification of security flaws


There are no specific pre-requisites for this course. However a general understanding of development practices and a broad understanding of current threats would be desired. There are group exercises, and instructor led ‘hands-on’ labs within each module of this course. Delegates can observe the instructor demonstrations or engage fully with each hands-on lab, subject to experience.

The intended audience for this course is primarily Project Managers, Business Analysts, Junior Developers and Designers. Plus anyone with an interest in building and maintaining secure systems lifecycle.

Note: This course is not designed for the experienced software developer and does not cover hands-on coding.

Course Content

Module 1 - Secure Development Lifecycle (SDLC)

  •   An overview of the main SDLC models
  •   Development models
  •   Configuration and source code management
  •   Risk analysis and mitigation

Module 2 - Secure By Design

  •   Security design architectures
  •   Security models and frameworks
  •   Systems design tools and methodologies

Module 3 - Application Security

  •   Vulnerabilities and mitigations available to any development environment
  •   Attack vectors and security controls
  •   The OWASP Top 10 in detail
  •   Vulnerability No. 1 - Injection
  •   Vulnerability No. 2 - Broken Authentication and Session management
  •   Vulnerability No. 3 - Cross Site Scripting (XSS)
  •   Vulnerability No. 4 - Insecure Direct Object References
  •   Vulnerability No. 5 - Security Misconfiguration
  •   Vulnerability No. 6 - Sensitive Data Exposure
  •   Vulnerability No. 7 - Missing Functional-level access control
  •   Vulnerability No. 8 - Cross-site request forgery
  •   Vulnerability No. 9 - Using Known Vulnerable Components
  •   Vulnerability No. 10 - Unvalidated Redirects and Forwards

Module 4 - Defensive Coding

  •   Secure coding techniques and principles.
  •   Methods of testing code, and code test analysis
  •   Using, compromising and defending encryption, hashes and passwords
  •   Classification of security flaws

Related Courses

Privacy Notice

In order to provide you with the service requested we will need to retain and use your contact information in accordance with our Privacy Notice. If you choose to provide us with this information you explicitly consent to us using the information as necessary to provide the requested service to you. If you do not agree please do not proceed to request the service from us.

Marketing Permissions

Would you like to receive our newsletter and other information on products and services which we think will be of interest to you by email. We will always treat your information with care and in accordance with our Privacy Notice. You are free to withdraw this permission at any time.


We work with the best