This course covers a set of key security principles that students can use to improve the security of application architecture and design. Principles of this course include applying defense to harden applications and make them more difficult for intruders to breach, reducing the amount of damage an attacker can accomplish, compartmentalizing to reduce the impact of exploits, using centralized input and data validation to protect applications from malicious input, and reducing the risk in error code paths.
Learning Objectives
On successful completion of this course, learners should have the knowledge and skills to apply security principles for creating secure application architecture including:
- Simplicity
- Encapsulation
- Abstraction
- Modularization
- Layering
- Defense in Depth
- Principle of Least Privilege
- Compartmentalization
- Secure by Default
- Fail Secure
- Psychological Acceptability
- Economy of Mechanism
- Protect the Weakest Link
- Input Validation
- Auditing and Logging
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Software Development
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.