Software applications are often characterized as the cement of our times due to the high prevalence of computer systems in all aspects of our lives: banking, health, transportation, retail, even smart home systems. As a result, managing application security risks is a quite critical aspect of information security. This course aims to justify the importance of application security, firstly by analyzing how security can be integrated in the software development lifecycle. We demonstrate methods to identify vulnerabilities and discuss techniques that can be used to mitigate them and improve the overall security of software applications.
Increasingly software applications have become the primary threat vector for malicious actors. Application development is a complex process often involving multiple groups and many interacting parts. Without careful planning vulnerabilities can be unknowingly introduced into an application creating an insecure environment. This environment can be exploited by malicious actors with serious repercussions for the organization. This course addresses the processes necessary to secure the system development lifecycle improving an organizations security posture.
By the end of this course, the student will be able to:
- Develop assessments of risks inherent in the software development process as evidenced by completion of weekly project assignments
- Investigate opportunities to secure the system develop lifecycle by completion of weekly project assignments and case studies
- Explore alternative software development methodologies (Agile Development and DevOps) as evidenced by completion of weekly reading assignments and discussion posts
- Analyze and critique implementations of current regulatory environments including PCI-DSS, 23 NYCRR 500, and Sarbanes Oxley as evidence by completion of weekly lab assignments