NICF- Secure Software Development Lifecycle for Agile (SF)

In light of heightened information security concerns, software development lifecycle processes must be approached through implementation of ‘Secure by Design’ practices.

Without such focus on designing secure software applications, security exposures may lead to serious breaches or costly redevelopment.

Hence, software developers must be trained to understand security concerns, where they may impact on the solution, and be able to implement the application in a security-aware manner. They must also be able to conduct security risk assessments and incorporate suitable mitigation measures in their software design.

Software is increasingly being developed within an agile project framework, such as Scrum. Such frameworks encourage iterative and incremental development in multiple iterations or sprints.

The objective of this course is to instill ‘Secure by Design’ practices into the agile software development process so as to enable the team to produce applications that meet security requirements.

Key Takeaways

On completion of the course, participants will be able to:

• Understand the importance of designing secure software applications, risks and mitigations
• Identify key Bodies of Knowledge for secure software development
• Adopt secure development practices within an existing process
• Adopt secure development practices for the end-to-end processes

(ISC)² members could earn up to 13 Continuing Professional Education (CPEs Group A) credits after completion of this course. CPEs will be submitted automatically to the (ISC)² members' accounts (Member ID required) within 4-6 weeks.

What Will Be Covered

• Security aspects of software solutions
• Secure software lifecycle frameworks
• Designing secure software applications within an agile SDLC
• Formulating software security requirements
• Threat modelling and software architectural analysis
• Secure design principles
• Secure coding practices
• Security quality assurance and testing
• Bridging Security and DevOps
• Hands-on workshops with simulation of application security attacks
  • Linux virtual machine will be provided, with pre-installed security tools and multiple sample applications