Developing Secure Software (2015)
1h 26mIntermediate2020-08-07
Authors

Jungwoo Ryoo
Teaches IT, cybersecurity, and risk analysis at Penn State
Course details
Software developers are constantly told to use secure coding practices. Luckily, with today's tools, secure code doesn't take a lot of time or effort. There are security frameworks (authentication, authorization, etc.) developers can use as their own. There are also static and dynamic code analysis tools to test code. Plus, with security patterns that can be implemented at the design level—before coding ever begins—you can make sure you're not reinventing the wheel.
Jungwoo Ryoo is a faculty member teaching cybersecurity and information technology at Penn State. In this course, he introduces secure software development tools and frameworks and teaches secure coding practices such as input validation, separation of concerns, and single access point. He also shows how to recognize different kinds of security threats and fortify your code. Plus, he helps you put a system in place to test your software for any overlooked vulnerabilities.
Learning objectives
What is software security?
Analyzing different kinds of security threats
Designing secure software by adopting patterns and addressing vulnerabilities
Avoiding buffer overflows
Countering insecure direct object references
Securing sensitive data
Testing software security
Jungwoo Ryoo is a faculty member teaching cybersecurity and information technology at Penn State. In this course, he introduces secure software development tools and frameworks and teaches secure coding practices such as input validation, separation of concerns, and single access point. He also shows how to recognize different kinds of security threats and fortify your code. Plus, he helps you put a system in place to test your software for any overlooked vulnerabilities.
Learning objectives
What is software security?
Analyzing different kinds of security threats
Designing secure software by adopting patterns and addressing vulnerabilities
Avoiding buffer overflows
Countering insecure direct object references
Securing sensitive data
Testing software security
Skills covered
Software Development SecurityProjectCybersecurity
Concepts
0. Introduction
- 01 - Building security into software development
- 02 - What you should know
1. Understanding Software Security
- 03 - What is software security
- 04 - Significance of software security
- 05 - Software security vocabulary
- 06 - Software security risk management
- 07 - Software security resources
2. Software Security Threats
- 08 - Threats to software security
- 09 - Hardware-level threats
- 10 - Code-level threats
- 11 - Detailed design-level threats
- 12 - Architectural-level threats
- 13 - Requirements-level threats
- 14 - Threat modeling and tools
3. Secure Software Design
- 15 - Introduction to secure design
- 16 - Security tactics
- 17 - Security patterns
- 18 - Security vulnerabilities
- 19 - Architectural analysis for security
- 20 - Case study - Setting the Stage
- 21 - Case study - Tactic-Oriented Architectural Analysis
- 22 - Case study - Pattern-Oriented Architectural Analysis
- 23 - Case study - Vulnerability-Oriented Architectural Analysis
- 24 - Software security anti-patterns
4. Secure Coding
- 25 - Setting the stage
- 26 - Buffer overflow attacks
- 27 - Buffer overflow countermeasures
- 28 - Broken authentication and session management
- 29 - Broken authentication and session management countermeasures
- 30 - Insecure direct object references
- 31 - Insecure direct object references countermeasures
- 32 - Sensitive information exposure
- 33 - Sensitive data exposure countermeasures
- 34 - Other secure coding best practices
5. Testing for Security
- 35 - Testing for security
- 36 - Static analysis
- 37 - Exploring tools for static analysis
- 38 - Dynamic analysis
- 39 - Dynamic analysis tools
- 40 - Penetration testing
- 41 - Penetration testing tools
- 42 - Vulnerability management
- 43 - Vulnerability management tools
6. Recent Developments and Future Directions
- 44 - DevOps and software security
- 45 - Cloud security
- 46 - Developer-friendly software security
- 47 - IoT and software security
- 48 - Rules and regulations
- 49 - Software security certifications
Conclusion
- 50 - Next steps and additional resources
Related courses
- Developing Secure Software
- CSSLP Cert Prep: 6 Secure Lifecycle Management
- Google Cloud Platform (GCP) Essential Training for Developers
- Writing Secure Code for Android by Infosec
- PHP: Creating Secure Websites
- Programming Foundations: Web Security (2019)
- Programming Foundations: Web Security
- Azure Functions for Developers (2020)
Related learn paths
- Develop Your Skills in Agile Software Development
- The Top Skills IT Professionals Have Right Now
- Prepare for the AWS Certified Cloud Practitioner (CLF-C01) Certification Exam
- Prepare for the ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Certification
- Master Bitbucket
- Developing and Delivering Software with Docker
- Getting Started In Spring Development
- Become a Spring Developer