Developing Secure Software
1h 30mIntermediate2024-03-26
Authors

Jungwoo Ryoo
Teaches IT, cybersecurity, and risk analysis at Penn State
Course details
Software developers know how essential secure coding practices are. Luckily, with today's tools, secure code doesn't take a lot of time or effort. There are security frameworks for developers to use. Static and dynamic code analysis tools to test code are available, as well as security patterns that can be implemented at the design level.
In this course, Jungwoo Ryoo, who teaches IT, cyber security, and risk analysis at Penn State, introduces secure software development tools and frameworks and teaches secure coding practices like input validation, separation of concerns, and single access point. Learn how to recognize different kinds of security threats and fortify your code. Find out how to put a system in place to test your software for vulnerabilities. Plus, explore new trends in software security and reinforce what you’ve learned with demos and case studies.
Learning objectives
Explain what software security is
Analyze different kinds of security threats
Design secure software by adopting patterns and addressing vulnerabilities
Avoid buffer overflows
Counter insecure direct object references
Secure sensitive data
Test software security
In this course, Jungwoo Ryoo, who teaches IT, cyber security, and risk analysis at Penn State, introduces secure software development tools and frameworks and teaches secure coding practices like input validation, separation of concerns, and single access point. Learn how to recognize different kinds of security threats and fortify your code. Find out how to put a system in place to test your software for vulnerabilities. Plus, explore new trends in software security and reinforce what you’ve learned with demos and case studies.
Learning objectives
Explain what software security is
Analyze different kinds of security threats
Design secure software by adopting patterns and addressing vulnerabilities
Avoid buffer overflows
Counter insecure direct object references
Secure sensitive data
Test software security
Skills covered
Software Development SecurityCybersecurityOne-Off
Concepts
0. Introduction
- 01 - Building security into software development
- 02 - What You Should Know
1. Understanding Software Security
- 03 - What is software security
- 04 - Significance of software security
- 05 - Software security vocabulary
- 06 - Software security risk management
- 07 - Software Security Resources
2. Software Security Threats
- 08 - Threats to software security
- 09 - Hardware level threats
- 10 - Code level threats
- 11 - Detailed design level threats
- 12 - Architectural level threats
- 13 - Requirements level threats
- 14 - Threat modeling and tools
3. Secure Software Design
- 15 - Introduction to secure design
- 16 - Security tactics
- 17 - Security patterns
- 18 - Security vulnerabilities
- 19 - Architectural analysis for security
- 20 - Software security anti-patterns
- 21 - Case Study - Setting the Stage
- 22 - Case Study - Tactic-Oriented Architectural Analysis
- 23 - Case Study - Pattern-Oriented Architectural Analysis
- 24 - Case Study - Vulnerability-Oriented Architectural Analysis
4. Introduction to Secure Coding
- 25 - Introduction to secure coding
- 26 - Buffer overflow attacks
- 27 - Buffer overflow countermeasures
- 28 - Broken authentication and session management
- 29 - Broken authentication and session management countermeasures
- 30 - Insecure direct object references
- 31 - Insecure direct object references countermeasures
- 32 - Sensitive information exposure
- 33 - Sensitive information exposure countermeasures
- 34 - Other secure coding leading practices
5. Testing for Security
- 35 - Testing for security
- 36 - Static analysis
- 37 - Static analysis tools
- 38 - Dynamic analysis
- 39 - Dynamic analysis tools
- 40 - Penetration testing
- 41 - Penetration testing tools
- 42 - Vulnerability management
- 43 - Vulnerabilty management tools
6. Recent Developments and Future Directions
- 44 - DevOps and Software Security
- 45 - Cloud Security
- 46 - Developer-Friendly Software Security
- 47 - IoT and Software Security
- 48 - Rules and regulations
- 49 - Software security certifications
7. Conclusion
- 50 - Next Steps for developing secure software
Related courses
- Developing Secure Software (2015)
- CSSLP Cert Prep: 6 Secure Lifecycle Management
- Google Cloud Platform (GCP) Essential Training for Developers
- Writing Secure Code for Android by Infosec
- PHP: Creating Secure Websites
- Programming Foundations: Web Security (2019)
- Programming Foundations: Web Security
- Azure Functions for Developers (2020)
Related learn paths
- Prepare for the AWS Certified Cloud Practitioner (CLF-C01) Certification Exam
- Prepare for the ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Certification
- Master Bitbucket
- Developing and Delivering Software with Docker
- Getting Started In Spring Development
- Become a Spring Developer
- Prepare for the Azure Developer Associate (AZ-204) Certification
- Advancing Your Azure Developer Skills: Exploring Complex Application Development