Skip to main content

Secure Software Development: Course Outline

This course presents a proactive approach to produce secure software systems. Secure software development focuses on the development of software that function correctly even when attacked.

Topics

Introduction & Background

  • Introduction to software security
  • The software security problem
  • Sources of software insecurity

The Need for Secure Software Systems Development

  • The state of current software development methods
  • Open source development
  • Proprietary software development methods
  • Agile development methods
  • Common criteria

Properties of a Secure Software

  • Core properties of a secure software
  • Influential properties of a secure software

The Security Development Lifecycle Process

  • Microsoft secure development lifecycle process

Requirements Engineering for Secure Software

  • Misuse and abuse cases
  • The SQUARE process model
  • SQUARE sample outputs
  • Requirements elicitation
  • Requirements prioritization

Secure Software Architecture and Design

  • Software security practices for architecture and design
  • Common secure design principles

Risk Analysis

  • The threat modeling process
  • Building the threat model

Continue (Topics)

  • Attack trees for modeling threats
  • Using threat model for code review
  • Using threat model for testing

Secure Coding Policies and Practices

  • Defenses added by the compiler
  • Code analysis
  • Coding practices
  • Security testing considerations throughout the SDLC

Secure Testing Policies

  • Fuzz testing
  • Penetration testing
  • Run-Time verification
  • Reviewing and updating threat models if needed

Security Response Planning and Response Execution

  • Preparing to respond
  • Security response and the development team
  • Following the plan

Integrating SDL with Agile Methods

  • Using SDL practices with agile methods
  • Augmenting agile methods with SDL practices

SDL Minimum Cryptographic Standards

  • High-Level cryptographic requirements
  • Cryptographic algorithm usage

Web Application Services

  • Top Ten Owasp Vulnerabilities in Detail [ SQL injection, cross-site scripting and buffer overflows, Unvalidated Redirects and Forwards, Security Misconfiguration]

Other Books (Full Text)