Who should attend
- System Analysts
- Software Architects
- Software Engineers
- DevOps Engineers
- Project Managers
About the course
In light of heightened information security concerns, software development lifecycle processes must be approached through implementation of ‘Secure by Design’ practices.
Without such focus on designing secure software applications, security exposures may lead to serious breaches or costly redevelopment.
Hence, software developers must be trained to understand security concerns, where they may impact on the solution, and be able to implement the application in a security-aware manner. They must also be able to conduct security risk assessments and incorporate suitable mitigation measures in their software design.
Software is increasingly being developed within an agile project framework, such as Scrum. Such frameworks encourage iterative and incremental development in multiple iterations or sprints.
The objective of this course is to instill ‘Secure by Design’ practices into the agile software development process so as to enable the team to produce applications that meet security requirements.
On completion of the course, participants will be able to:
- Understand the importance of designing secure software applications, risks and mitigations
- Identify key Bodies of Knowledge for secure software development
- Adopt secure development practices within an existing process
- Adopt secure development practices for the end-to-end processes
(ISC)² members could earn up to 13 Continuing Professional Education (CPEs Group A) credits after completion of this course. CPEs will be submitted automatically to the (ISC)² members' accounts (Member ID required) within 4-6 weeks.
What Will Be Covered
- Security aspects of software solutions
- Secure software lifecycle frameworks
- Designing secure software applications within an agile SDLC
- Formulating software security requirements
- Threat modelling and software architectural analysis
- Secure design principles
- Secure coding practices
- Security quality assurance and testing
- Bridging Security and DevOps
- Hands-on workshops with simulation of application security attacks
- Linux virtual machine will be provided, with pre-installed security tools and multiple sample applications
Yuen Kwan teaches courses in the areas of object-oriented technology and application development methodology. Prior to joining ISS, he was involved in application development projects in the government and transportation industries. He also led various large scale developments in business critica...
Because of COVID-19, many providers are cancelling or postponing in-person programs or providing online participation options.
We are happy to help you find a suitable online alternative.