Secure Software Development: Course Outline

Introduction & Background

• Introduction to software security
• The software security problem
• Sources of software insecurity

The Need for Secure Software Systems Development

• The state of current software development methods
• Open source development
• Proprietary software development methods
• Agile development methods
• Common criteria

Properties of a Secure Software

• Core properties of a secure software
• Influential properties of a secure software

The Security Development Lifecycle Process

• Microsoft secure development lifecycle process

Requirements Engineering for Secure Software

• Misuse and abuse cases
• The SQUARE process model

• SQUARE sample outputs
• Requirements elicitation
• Requirements prioritization

Secure Software Architecture and Design

• Software security practices for architecture and design
• Common secure design principles

Risk Analysis

• The threat modeling process
• Building the threat model

• Attack trees for modeling threats
• Using threat model for code review
• Using threat model for testing

Secure Coding Policies and Practices

• Defenses added by the compiler
• Code analysis
• Coding practices
• Security testing considerations throughout the SDLC

Secure Testing Policies

• Fuzz testing
• Penetration testing
• Run-Time verification
• Reviewing and updating threat models if needed

Security Response Planning and Response Execution

• Preparing to respond
• Security response and the development team
• Following the plan

Integrating SDL with Agile Methods

• Using SDL practices with agile methods
• Augmenting agile methods with SDL practices