Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Secure Software Development
Software applications are often characterized as the cement of our times due to the high prevalence of computer systems in all aspects of our lives: banking, health, transportation, retail, even smart home systems. As a result, managing application security risks is a quite critical aspect of information security. This course aims to justify the importance of application security, firstly by analyzing how security can be integrated in the software development lifecycle. We demonstrate methods to identify vulnerabilities and discuss techniques that can be used to mitigate them and improve the overall security of software applications.
Course Overview
Learning Objectives
Increasingly software applications have become the primary threat vector for malicious actors. Application development is a complex process often involving multiple groups and many interacting parts. Without careful planning vulnerabilities can be unknowingly introduced into an application creating an insecure environment. This environment can be exploited by malicious actors with serious repercussions for the organization. This course addresses the processes necessary to secure the system development lifecycle improving an organizations security posture.
By the end of this course, the student will be able to:
- Develop assessments of risks inherent in the software development process as evidenced by completion of weekly project assignments
- Investigate opportunities to secure the system develop lifecycle by completion of weekly project assignments and case studies
- Explore alternative software development methodologies (Agile Development and DevOps) as evidenced by completion of weekly reading assignments and discussion posts
- Analyze and critique implementations of current regulatory environments including PCI-DSS, 23 NYCRR 500, and Sarbanes Oxley as evidence by completion of weekly lab assignments
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Competency Areas
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.