Software Security Development 2 Days

The software development security domain focuses on the systems development life cycle (SDLC) from system conception through its design, development, deployment, operation, and eventual retirement from service. Information security and privacy professionals must be involved in all phases of SDLC to ensure the overall effectiveness of security controls and that privacy concerns are addressed.

The course is important as it covers the complex world of secure software development and the bad things that can happen when security is not interwoven into products properly.

Software controls come in various flavours with many different goals. They can control input, encryption, logic processing, number-crunching methods, inter-process communication, access, output, and interfacing with other software. They should be developed with potential risks in mind, and many types of threat models and risk analyses should be invoked at different stages of development. The goals are to reduce vulnerabilities and the possibility of system compromise.

The proliferation of personally-owned mobile devices (e.g, smartphones, tablets, and laptops) as well as the wide variety of vulnerable mobile apps creates a higher risk of exposing confidential and business-related information in the workplace. This can occur when such information is stored on personally-owned devices. Cyber-attacks often exploit the vulnerabilities inherent in applications and operating systems. That is why frequent updates and patches to software are necessary.

Course Content

Where Do We Place Security?

System Development Life Cycle

Software Development Life Cycle

Secure Software Development Best Practices

Software Development Models

Capability Maturity Model Integration

Change Control

Programming Languages and Concepts

Distributed Computing

Mobile Code

Web Security

Database Management

Expert Systems/Knowledge-Based Systems

Malicious Software (Malware)

and more...

1. Anyone who is required to develop a broad and deep knowledge and understanding of software development security

2. IT consultants, software developers, security policy writers, privacy officers, information security officers, network administrators, security device administrators, security engineers

3. Security professionals whose positions require CISSP certification.

1. The course objective is developing and deploying controls that needs to be considered within software development.

2. The course will provide security considerations in Systems Development Life Cycle (SDLC).

3. Security Controls to be deployed around software development environment.

4. Mechanisms to measure Effectiveness of software security.

5. Reinforcing key areas of the (ISC)2® CBK® through practice questions and review sessions.