Knowledge Transfer Microsoft Certified Training Partner CTEC
Knowledge Transfer is a Microsoft Certified Gold Partner
Microsoft Certified Gold Training Partner
Search for a Course Topic:
Public Courses
Corporate Services & Training
 

 

 



 Course Search
Keyword
Course #
State

 Training Delivery
 
Training Delivery
Custom Curriculum
Course List
 
 Main Menu
 
Home
View Courses
Site Index
 
 


Fundamentals of Secure Application Development Overview


Introduction



1. Secure Software Development


  • Assets, Threats & Vulnerabilities

  • Security Risk Analysis (Bus & Tech)

  • Secure Dev Processes (MS, BSI…)

  • Defense in Depth

  • Approach for this course

  • Introductory Case Study



2. The Context for Secure Development


  • Assets to be protected

  • Threats Expected

  • Security Imperatives (int&external)

  • Organization’s Risk Appetite

  • Security Terminology

  • Organizational Security Policy

  • Security Roles and Responsibilities

  • Security Training for Roles

  • Generic Security Goals & Requirements

  • Exercise: Our Own Security Context



3. Security Requirements


  • Project-Specific Security Terms

  • Project-Related Assets & Security Goals

  • Product Architecture Analysis

  • Use Cases & MisUse/Abuse Cases

  • Dataflows with Trust Boundaries

  • Product Security Risk Analysis

  • Elicit, Categorize, Prioritize SecRqts

  • Validate Security Requirements

  • Exercise: Managing Security Requirements



4. Designing Secure Software

  • High-Level Design

    • Architectural Risk Analysis

    • Design Requirements

    • Analyze Attack Surface

    • Threat Modeling

    • Trust Boundaries

    • Eliminate Race Objects



  • Detail-Level Design

    • Secure Design Principles

    • Use of Security Wrappers

    • Input Validation

    • Design Pitfalls

    • Validating Design Security

    • Pairing Mem Mgmt Functinos

    • Exclude User Input from format strings

    • Canonicalization

    • TOCTOU

    • Close Race Windows

    • Taint Analysis





    • Exercise: A Secure Software Design, Instructor Q and A



    5. Writing Secure Code

  • Coding

    • Developer guidelines & checklists

    • Compiler Security Settings (per)

    • Tools to use

    • Coding Standards (per language)

    • Common pitfalls (per language)

    • Secure/Safe functions/methods

      • Stack Canaries

      • Encrypted Pointers

      • Memory Initialization

      • Function Retrun Checking (e.e. malloc)

      • Dereferencing Pointers



    • Integer type selection

      • Range Checking

      • Pre/post checking



    • Synchronization Primatives



  • Early Verification

    • Static Analysis (Code Review w/tools)

    • Unit & Dev Team Testing

    • Risk-Based Security Testing

    • Taint Analysis





    • Exercise: Secure Coding Q and A



    6. Testing for Software Security


    • Assets to be protected

    • Threats Expected

    • Security Imperatives (int&external)

    • Organization’s Risk Appetite

    • Static Analysis

    • Dynamic Analysis

    • Risk-Based Security testing

    • Fuzz Testing (Whitebox vs Blackbox)

    • Penetration Testing (Whitebox vs Blackbox)

    • Attack Surface Review

    • Code audits

    • Independent Security Review

    • Exercise: Testing Software for Security



    7. Releasing & Operating Secure Software


    • Incident Response Planning

    • Final Security Review

    • Release Archive

    • OS Protections:

      • Address Space Layout Randomization

      • Non-Executable Stacks

      • W'X

      • Data Execution Prevention



    • Monitoring

    • Incident Response

    • Penetration Testing

    • Exercise: A Secure Software Release



    8. Making Software Development More Secure


    • Process Review

    • Getting Started

    • Priorities

    • Exercise: Your Secure Software Plan


     

    View Printer Friendly Page

    Course Schedule
      Start Date  City  Price  
     7/24/2017
     $1395
    Enroll
     7/24/2017
     $1395
    Enroll
     9/25/2017
     $1395
    Enroll

    To Inquire About Future Classes

    Request a class date

    if one is not scheduled.