Secure Software Development: Course Outline
This course presents a proactive approach to produce secure software systems. Secure software development focuses on the development of software that function correctly even when attacked.
Topics
Introduction & Background
- Introduction to software security
- The software security problem
- Sources of software insecurity
The Need for Secure Software Systems Development
- The state of current software development methods
- Open source development
- Proprietary software development methods
- Agile development methods
- Common criteria
Properties of a Secure Software
- Core properties of a secure software
- Influential properties of a secure software
The Security Development Lifecycle Process
- Microsoft secure development lifecycle process
Requirements Engineering for Secure Software
- Misuse and abuse cases
- The SQUARE process model
- SQUARE sample outputs
- Requirements elicitation
- Requirements prioritization
Secure Software Architecture and Design
- Software security practices for architecture and design
- Common secure design principles
Risk Analysis
- The threat modeling process
- Building the threat model
Continue (Topics)
- Attack trees for modeling threats
- Using threat model for code review
- Using threat model for testing
Secure Coding Policies and Practices
- Defenses added by the compiler
- Code analysis
- Coding practices
- Security testing considerations throughout the SDLC
Secure Testing Policies
- Fuzz testing
- Penetration testing
- Run-Time verification
- Reviewing and updating threat models if needed
Security Response Planning and Response Execution
- Preparing to respond
- Security response and the development team
- Following the plan
Integrating SDL with Agile Methods
- Using SDL practices with agile methods
- Augmenting agile methods with SDL practices
SDL Minimum Cryptographic Standards
- High-Level cryptographic requirements
- Cryptographic algorithm usage
Web Application Services
- Top Ten Owasp Vulnerabilities in Detail [ SQL injection, cross-site scripting and buffer overflows, Unvalidated Redirects and Forwards, Security Misconfiguration]
Other Books (Full Text)
-
by Slade, Rob
Date Published: 2006
Pages: 256 -
by Lau, Kung-Kiu
Date Published: 2004
Pages 312 -
by Kelly, Allan
Date Published: 2008
Pages: 260 -
by Safonov, Vladimir O.
Date Published: 2008
Pages: 352 -
by Charatan, Quentin Kans, Aaron
Date Published: 2003
Pages: 252 -
by Dargan, P.A.
Date Published: 2005
Pages: 299