Knowledge Transfer Microsoft Certified Training Partner CTEC
Knowledge Transfer is a Microsoft Certified Gold Partner
Microsoft Certified Gold Training Partner
Search for a Course Topic:
Public Courses
Corporate Services & Training
 

 

 



 Course Search
Keyword
Course #
State

 Training Delivery
 
Training Delivery
Custom Curriculum
Course List
 
 Main Menu
 
Home
View Courses
Site Index
 
 


Fundamentals of Secure Application Development Overview



  • Introduction

    • 1. Secure Software Development

      • Assets, Threats & Vulnerabilities

      • Security Risk Analysis (Bus & Tech)

      • Secure Dev Processes (MS, BSI…)

      • Defense in Depth

      • Approach for this course





  • Introductory Case Study

    • 2. The Context for Secure Development

      • Assets to be protected

      • Threats Expected

      • Security Imperatives (int&external)

      • Organization's Risk Appetite

      • Security Terminology

      • Organizational Security Policy

      • Security Roles and Responsibilities

      • Security Training for Roles

      • Generic Security Goals & Requirements



    • Exercise: Our Own Security Context

    • 3. Security Requirements

      • Project-Specific Security Terms

      • Project-Related Assets & Security Goals

      • Product Architecture Analysis

      • Use Cases & MisUse/Abuse Cases

      • Dataflows with Trust Boundaries

      • Product Security Risk Analysis

      • Elicit, Categorize, Prioritize SecRqts

      • Validate Security Requirements



    • Exercise: Managing Security Requirements

    • 4. Designing Secure Software

      • High-Level Design

      • Architectural Risk Analysis

      • Design Requirements

      • Analyze Attack Surface

      • Threat Modeling

      • Trust Boundaries

      • Eliminate Race Objects

      • Detail-Level Design

      • Secure Design Principles

      • Use of Security Wrappers

      • Input Validation

      • Design Pitfalls

      • Validating Design Security

      • Pairing Mem Mgmt Functinos

      • Exclude User Input from format strings

      • Canonicalization

      • TOCTOU

      • Close Race Windows

      • Taint Analysis



    • ​Exercise: A Secure Software Design, Instructor Q and A

    • 5. Writing Secure Code

      • Coding

      • Developer guidelines & checklists

      • Compiler Security Settings (per)

      • Tools to use

      • Coding Standards (per language)

      • Common pitfalls (per language)

      • Secure/Safe functions/methods

      • Stack Canaries

      • Encrypted Pointers

      • Memory Initialization

      • Function Retrun Checking (e.e. malloc)

      • Dereferencing Pointers

      • Integer type selection

      • Range Checking

      • Pre/post checking

      • Synchronization Primatives

      • Early Verification

      • Static Analysis (Code Review w/tools)

      • Unit & Dev Team Testing

      • Risk-Based Security Testing

      • Taint Analysis



    • Exercise: Secure Coding Q and A

    • 6. Testing for Software Security

      • Assets to be protected

      • Threats Expected

      • Security Imperatives (int&external)

      • Organization's Risk Appetite

      • Static Analysis

      • Dynamic Analysis

      • Risk-Based Security testing

      • Fuzz Testing (Whitebox vs Blackbox)

      • Penetration Testing (Whitebox vs Blackbox)

      • Attack Surface Review

      • Code audits

      • Independent Security Review



    • Exercise: Testing Software for Security

    • 7. Releasing & Operating Secure Software

      • Incident Response Planning

      • Final Security Review

      • Release Archive

      • OS Protections:

      • Address Space Layout Randomization

      • Non-Executable Stacks

      • W'X

      • Data Execution Prevention

      • Monitoring

      • Incident Response

      • Penetration Testing



    • Exercise: A Secure Software Release

    • 8. Making Software Development More Secure

      • Process Review

      • Getting Started

      • Priorities



    • Exercise: Your Secure Software Plan




 

View Printer Friendly Page

Course Schedule
  Start Date  City  Price  
 9/25/2017
 $1395
Enroll
 9/25/2017
 $1395
Enroll
 11/27/2017
 $1395
Enroll
 11/27/2017
 $1395
Enroll

To Inquire About Future Classes

Request a class date

if one is not scheduled.