• Online, Instructor-Led
Course Description

The course introduces the principles of secure coding and secure software development process including designing secure applications; writing secure code that can withstand attacks; and security testing and auditing. It focuses on the security issues developers face; common security vulnerabilities and flaws; and security threats. Common weaknesses exploited by attackers are discussed; as well as mitigation strategies to prevent those weaknesses. The course explains security principles; strategies; coding techniques; and tools that can help make code more resistant to attacks. Students get an understanding of the code supply chain; open-source code management; the risks of using open-source code; and the best practices when using open-source and supply chain code.

Learning Objectives

Conduct threat modeling of applications
Apply coding and testing standards, apply security testing tools including "'fuzzing" static-analysis code scanning tools, and conduct code reviews (T0013)
Apply secure code documentation (T0014)
Capture security controls used during the requirements phase to integrate security within the process, to identify key security objectives, and to maximize software security while minimizing disruption to plans and schedules (T0022)
Develop secure code and error handling (T0077)
Perform integrated quality assurance testing for security functionality and resiliency attack (T0171)
Perform secure programming and identify potential flaws in codes to mitigate vulnerabilities (T0176)
Translate security requirements into application design elements including documenting the elements of the software attack surfaces, conducting threat modeling, and defining any specific security criteria (T0236)
Design countermeasures and mitigations against potential exploitations of programming language weaknesses and vulnerabilities in system and elements (T0267)
Identify and leverage the enterprise-wide version control system while designing and developing secure applications (T0303)
Identify and leverage the enterprise-wide security services while designing and developing secure applications (e.g., Enterprise PKI, Federated Identity server, Enterprise Antivirus solution) when appropriate (T0417)
Develop software system testing and validation procedures, programming, and documentation (T0455)
Apply cybersecurity functions (e.g., encryption, access control, and identity management) to reduce exploitation opportunities (T0553)
Determine and document software patches or the extent of releases that would leave software vulnerable (T0554)

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.