National CAE Designated Institution
  • Online, Instructor-Led
Course Description

Prerequisites: CMIS 320 and SDEV 300. An in-depth, practical application of techniques and tools for detecting and documenting software vulnerabilities and risks. The goal is to research, select, and use software to analyze code and isolate and prioritize application code and processes that could lead to failure or compromise data integrity or privacy. Topics include the top 25 software vulnerabilities, secure coding guidelines, static code analysis, and software assurance metrics.

Learning Objectives

After completing this course, you should be able to:

  • Use fundamental application security concepts and models to write secure code and build secure applications
  • Write and analyze code in a variety of languages (Java, .net, and C/C++) and apply security best practices and concepts to minimize software vulnerabilities
  • Select and use software security tools to identify software vulnerabilities
  • Document results by providing risk security analysis and prioritizing software vulnerability mitigation recommendations
  • Research current trends in application security in order to adapt to new threats and vulnerabilities

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Software Development
  • Test and Evaluation
  • Vulnerability Assessment and Management


If you would like to provide feedback for this course, please e-mail the NICCS SO at