{"product_id":"fundamentals-of-secure-software-development-training","title":"Fundamentals of Secure Software Development Training","description":"\u003cdiv\u003e\n\u003cp\u003eFrom proactive requirements to coding and testing, this secure software development training course covers the best practices any software developer needs to avoid opening up their users, customers and organization to attack at the application layer. We teach only constantly updated best practices, and our experts answer your questions live in class.\u003c\/p\u003e\n\u003cp\u003eEven with good information security policy and staff, the reality is that software developers are often underserved when it comes to security strategy. If their applications get built without attention to good software security practices, risk gets passed downstream and by the time an incident occurs it’s too late to be proactive. To mitigate these risks, attend this secure programming training course and return to work ready to build higher quality, more robustly protected applications.\u003c\/p\u003e\n\u003cp\u003e\u003c\/p\u003e\n\u003cp\u003eThere are no formal prerequisites for this course.\u003c\/p\u003e\n\u003c\/div\u003e\u003cdiv\u003e\n\u003ch3\u003eFundamentals of Secure Software Development Training Benefits\u003c\/h3\u003e\n\u003cul\u003e\u003cli\u003eBest practices any software developer needs to avoid opening up their users, customers and organization to attack at the application layer.\u003c\/li\u003e\u003c\/ul\u003e\n\u003c\/div\u003e\u003cdiv\u003e\u003ch3\u003eSecure Software Development Course Outline\u003c\/h3\u003e\u003c\/div\u003e\u003cdiv\u003e\n\u003ch4\u003eSecure Software Development\u003c\/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAssets, Threats \u0026amp; Vulnerabilities\u003c\/li\u003e\n\u003cli\u003eSecurity Risk Analysis (Bus \u0026amp; Tech)\u003c\/li\u003e\n\u003cli\u003eSecure Dev Processes (MS, BSI…)\u003c\/li\u003e\n\u003cli\u003eDefense in Depth\u003c\/li\u003e\n\u003cli\u003eApproach for this course\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/div\u003e\u003cdiv\u003e\n\u003ch4\u003eThe Context for Secure Development\u003c\/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAssets to be protected\u003c\/li\u003e\n\u003cli\u003eThreats Expected\u003c\/li\u003e\n\u003cli\u003eSecurity Imperatives (int\u0026amp;external)\u003c\/li\u003e\n\u003cli\u003eOrganization's Risk Appetite\u003c\/li\u003e\n\u003cli\u003eSecurity Terminology\u003c\/li\u003e\n\u003cli\u003eOrganizational Security Policy\u003c\/li\u003e\n\u003cli\u003eSecurity Roles and Responsibilities\u003c\/li\u003e\n\u003cli\u003eSecurity Training for Roles\u003c\/li\u003e\n\u003cli\u003eGeneric Security Goals \u0026amp; Requirements\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp\u003e\u003cstrong\u003eExercise: \u003c\/strong\u003e Our Own Security Context\u003c\/p\u003e\n\u003c\/div\u003e\u003cdiv\u003e\n\u003ch4\u003eSecurity Requirements\u003c\/h4\u003e\n\u003cul\u003e\n\u003cli\u003eProject-Specific Security Terms\u003c\/li\u003e\n\u003cli\u003eProject-Related Assets \u0026amp; Security Goals\u003c\/li\u003e\n\u003cli\u003eProduct Architecture Analysis\u003c\/li\u003e\n\u003cli\u003eUse Cases \u0026amp; MisUse\/Abuse Cases\u003c\/li\u003e\n\u003cli\u003eDataflows with Trust Boundaries\u003c\/li\u003e\n\u003cli\u003eProduct Security Risk Analysis\u003c\/li\u003e\n\u003cli\u003eElicit, Categorize, Prioritize SecRqts\u003c\/li\u003e\n\u003cli\u003eValidate Security Requirements\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp\u003e\u003cstrong\u003eExercise: \u003c\/strong\u003eManaging Security Requirements\u003c\/p\u003e\n\u003c\/div\u003e\u003cdiv\u003e\n\u003ch4\u003eDesigning Secure Software\u003c\/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHigh-Level Design\u003cul\u003e\n\u003cli\u003eArchitectural Risk Analysis\u003c\/li\u003e\n\u003cli\u003eDesign Requirements\u003c\/li\u003e\n\u003cli\u003eAnalyze Attack Surface\u003c\/li\u003e\n\u003cli\u003eThreat Modeling\u003c\/li\u003e\n\u003cli\u003eTrust Boundaries\u003c\/li\u003e\n\u003cli\u003eEliminate Race Objects\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e\n\u003cli\u003eDetail-Level Design\u003cul\u003e\n\u003cli\u003eSecure Design Principles\u003c\/li\u003e\n\u003cli\u003eUse of Security Wrappers\u003c\/li\u003e\n\u003cli\u003eInput Validation\u003c\/li\u003e\n\u003cli\u003eDesign Pitfalls\u003c\/li\u003e\n\u003cli\u003eValidating Design Security\u003c\/li\u003e\n\u003cli\u003ePairing Mem Mgmt Functinos\u003c\/li\u003e\n\u003cli\u003eExclude User Input from format strings\u003c\/li\u003e\n\u003cli\u003eCanonicalization\u003c\/li\u003e\n\u003cli\u003eTOCTOU\u003c\/li\u003e\n\u003cli\u003eClose Race Windows\u003c\/li\u003e\n\u003cli\u003eTaint Analysis\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp\u003e\u003cstrong\u003eExercise:\u003c\/strong\u003e A Secure Software Design, Instructor Q \u0026amp; A\u003c\/p\u003e\n\u003c\/div\u003e\u003cdiv\u003e\n\u003ch4\u003eWriting Secure Code\u003c\/h4\u003e\n\u003cul\u003e\u003cli\u003eCoding\u003cul\u003e\n\u003cli\u003eDeveloper guidelines \u0026amp; checklists\u003c\/li\u003e\n\u003cli\u003eCompiler Security Settings (per)\u003c\/li\u003e\n\u003cli\u003eTools to use\u003c\/li\u003e\n\u003cli\u003eCoding Standards (per language)\u003c\/li\u003e\n\u003cli\u003eCommon pitfalls (per language)\u003c\/li\u003e\n\u003cli\u003eSecure\/Safe functions\/methods\u003cul\u003e\n\u003cli\u003eStack Canaries\u003c\/li\u003e\n\u003cli\u003eEncrypted Pointers\u003c\/li\u003e\n\u003cli\u003eMemory Initialization\u003c\/li\u003e\n\u003cli\u003eFunction Retrun Checking (e.e. malloc)\u003c\/li\u003e\n\u003cli\u003eDereferencing Pointers\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e\n\u003cli\u003eInteger type selection\u003cul\u003e\n\u003cli\u003eRange Checking\u003c\/li\u003e\n\u003cli\u003ePre\/post checking\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e\n\u003cli\u003eSynchronization Primatives\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cul\u003e\n\u003cli\u003eEarly Verification\u003c\/li\u003e\n\u003cli\u003eStatic Analysis (Code Review w\/tools)\u003c\/li\u003e\n\u003cli\u003eUnit \u0026amp; Dev Team Testing\u003c\/li\u003e\n\u003cli\u003eRisk-Based Security Testing\u003c\/li\u003e\n\u003cli\u003eTaint Analysis\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e\u003c\/ul\u003e\n\u003cp\u003e\u003cstrong\u003eExercise:\u003c\/strong\u003e Securing Coding Q \u0026amp; A\u003c\/p\u003e\n\u003c\/div\u003e\u003cdiv\u003e\n\u003ch4\u003eTesting for Software Security\u003c\/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAssets to be protected\u003c\/li\u003e\n\u003cli\u003eThreats Expected\u003c\/li\u003e\n\u003cli\u003eSecurity Imperatives (int\u0026amp;external)\u003c\/li\u003e\n\u003cli\u003eOrganization's Risk Appetite\u003c\/li\u003e\n\u003cli\u003eStatic Analysis\u003c\/li\u003e\n\u003cli\u003eDynamic Analysis\u003c\/li\u003e\n\u003cli\u003eRisk-Based Security testing\u003c\/li\u003e\n\u003cli\u003eFuzz Testing (Whitebox vs Blackbox)\u003c\/li\u003e\n\u003cli\u003ePenetration Testing (Whitebox vs Blackbox)\u003c\/li\u003e\n\u003cli\u003eAttack Surface Review\u003c\/li\u003e\n\u003cli\u003eCode audits\u003c\/li\u003e\n\u003cli\u003eIndependent Security Review\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp\u003e\u003cstrong\u003eExercise: \u003c\/strong\u003eTesting Software for Security\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eReleasing \u0026amp; Operating Secure Software\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eExercise: \u003c\/strong\u003eA Secure Software Release\u003c\/p\u003e\n\u003c\/div\u003e\u003cdiv\u003e\n\u003ch4\u003eMaking Software Development More Secure\u003c\/h4\u003e\n\u003cul\u003e\n\u003cli\u003eIncident Response Planning\u003c\/li\u003e\n\u003cli\u003eFinal Security Review\u003c\/li\u003e\n\u003cli\u003eRelease Archive\u003c\/li\u003e\n\u003cli\u003eOS Protections:\u003cul\u003e\n\u003cli\u003eAddress Space Layout Randomization\u003c\/li\u003e\n\u003cli\u003eNon-Executable Stacks\u003c\/li\u003e\n\u003cli\u003eW^X\u003c\/li\u003e\n\u003cli\u003eData Execution Prevention\u003c\/li\u003e\n\u003cli\u003e\/ul\u0026gt;\u003c\/li\u003e\n\u003cli\u003eMonitoring\u003c\/li\u003e\n\u003cli\u003eIncident Response\u003c\/li\u003e\n\u003cli\u003ePenetration Testing\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e\n\u003cli\u003eProcess Review\u003c\/li\u003e\n\u003cli\u003eGetting Started\u003c\/li\u003e\n\u003cli\u003ePriorities\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp\u003e\u003cstrong\u003eExercise: \u003c\/strong\u003eYour Secure Software Plan\u003c\/p\u003e\n\u003c\/div\u003e","brand":"ASPE","offers":[{"title":"268C56US \/ 2026-08-06T09:00:00 \/ Online","offer_id":47989466955995,"sku":"US-1825-IL","price":1036.0,"currency_code":"USD","in_stock":true},{"title":"26AA21US \/ 2026-10-01T09:00:00 \/ Online","offer_id":47989466988763,"sku":"US-1825-IL","price":1036.0,"currency_code":"USD","in_stock":true}],"url":"https:\/\/learningtreeinternational-dirinfosec-hhs.myshopify.com\/products\/fundamentals-of-secure-software-development-training","provider":"Learning Tree International","version":"1.0","type":"link"}