Skip to Main Content
It looks like you're using Internet Explorer 11 or older. This website works best with modern browsers such as the latest versions of Chrome, Firefox, Safari, and Edge. If you continue with this browser, you may see unexpected results.

Secure Software Development: Course Outline

This course presents a proactive approach to produce secure software systems. Secure software development focuses on the development of software that function correctly even when attacked.


Introduction & Background

  • Introduction to software security
  • The software security problem
  • Sources of software insecurity

The Need for Secure Software Systems Development

  • The state of current software development methods
  • Open source development
  • Proprietary software development methods
  • Agile development methods
  • Common criteria

Properties of a Secure Software

  • Core properties of a secure software
  • Influential properties of a secure software

The Security Development Lifecycle Process

  • Microsoft secure development lifecycle process

Requirements Engineering for Secure Software

  • Misuse and abuse cases
  • The SQUARE process model
  • SQUARE sample outputs
  • Requirements elicitation
  • Requirements prioritization

Secure Software Architecture and Design

  • Software security practices for architecture and design
  • Common secure design principles

Risk Analysis

  • The threat modeling process
  • Building the threat model

Continue (Topics)

  • Attack trees for modeling threats
  • Using threat model for code review
  • Using threat model for testing

Secure Coding Policies and Practices

  • Defenses added by the compiler
  • Code analysis
  • Coding practices
  • Security testing considerations throughout the SDLC

Secure Testing Policies

  • Fuzz testing
  • Penetration testing
  • Run-Time verification
  • Reviewing and updating threat models if needed

Security Response Planning and Response Execution

  • Preparing to respond
  • Security response and the development team
  • Following the plan

Integrating SDL with Agile Methods

  • Using SDL practices with agile methods
  • Augmenting agile methods with SDL practices

SDL Minimum Cryptographic Standards

  • High-Level cryptographic requirements
  • Cryptographic algorithm usage

Web Application Services

  • Top Ten Owasp Vulnerabilities in Detail [ SQL injection, cross-site scripting and buffer overflows, Unvalidated Redirects and Forwards, Security Misconfiguration]

Other Books (Full Text)