Prerequisites: CMIS 320 and SDEV 300. An in-depth, practical application of techniques and tools for detecting and documenting software vulnerabilities and risks. The goal is to research, select, and use software to analyze code and isolate and prioritize application code and processes that could lead to failure or compromise data integrity or privacy. Topics include the top 25 software vulnerabilities, secure coding guidelines, static code analysis, and software assurance metrics.
Learning Objectives
After completing this course, you should be able to:
- Use fundamental application security concepts and models to write secure code and build secure applications
- Write and analyze code in a variety of languages (Java, .net, and C/C++) and apply security best practices and concepts to minimize software vulnerabilities
- Select and use software security tools to identify software vulnerabilities
- Document results by providing risk security analysis and prioritizing software vulnerability mitigation recommendations
- Research current trends in application security in order to adapt to new threats and vulnerabilities
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Software Development
- Test and Evaluation
- Vulnerability Assessment and Management
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.