Let us help you find the training program you are looking for.

If you can't find what you are looking for, contact us, we'll help you find it. We have over 800 training programs to choose from.

Security Concepts for Software Developers (What Every Programmer Needs to Know)

  • Course Code: Programming & Development - Security Concepts for Software Developers (What Every Programmer Needs to Know)
  • Course Dates: Contact us to schedule.
  • Course Category: Security & Cybersecurity

The second course of this curriculum is designed to expose software developers to the key security concepts that they need to know to appreciate what Secure Coding is all about.  This is a language agnostic course that focuses on the concepts, techniques and mechanisms required to secure data and to create secure software that enforces and maintains data protection.  Most developers are aware of some of these concepts, but they do not fully appreciate the significance of each in relation to the other, and how these topics ultimately affect their ability to evaluate and implement secure coding practices.  Any factors that affect software security should be carefully considered, and fully understood.  There is a lot of decision making that goes into each coding project, and this course helps ensure that developers are adequately equipped to make properly informed choices. 

This course focuses on the main concepts, and leaves the implementation to later courses.  It explores the foundations of security, and covers what every programmer needs to know about security. 

Prerequisites: 

  • Experience with at least one programming language 

Course Objectives: 

  • Learn software security design principles and how to apply them 
  • Understand the importance of Defense-in-Depth 
  • Learn to create manageable security policies that you can actually implement 
  • Learn how to protect electronic data and software systems 
  • Apply common design patterns and best practices 
  • Understand how to correctly use Certificates, Authentication, Authorization and Encryption 
  • Learn how Cryptography can be used to protect your data 
  • Expose developers to common threats, so they can implement defenses to help avoid them 
  • Appreciate the necessity of a secure infrastructure and culture 

Course Topics: 

  1. Security Design Principles 
  • Security Goals 
  • Secure Systems Design 
  • Secure Design Principles 
  • Evaluating the Landscape 
  • Incentive 
  1. Security Principles 
  • Defense-in-Depth 
  • Diversity-in-Defense 
  • Securing the Weakest Link 
  • Fail-Safe Stance 
  • Secure by Default 
  • Simplicity 
  • Usability 
  • Security Features Do Not Imply Security 
  1. Authentication 
  • Something You Know 
  • Something You Have 
  • Something You Are 
  • Pulling it all together 
  1. Authorization 
  • Access Control Lists (ACLs) 
  • Access Control Models 
  • The Bell-LaPadula Model 
  1. Protecting Data 
  • Confidentiality 
  • Message Integrity 
  • Data Integrity 
  • Accountability 
  • Availability 
  • Non-Repudiation 
  1. Encryption 
  • Encryption Systems 
  • Cost of encryption 
  • Key Based Encryption Systems 
  • Symmetric Keys 
  • Public Keys 
  • Encryption Algorithms 
  • Analyzing popular encryption schemes 
  • Symmetric vs. Asymmetric Encryption 
  • Hashing Algorithms 
  1. Cryptography 
  • History of Cryptography 
  • Math and Algorithms 
  • Message Authentication 
  • DES for Encryption 
  • DES ECB and CBC Analysis 
  • 3DES 
  • HMAC/MD5 and SHA for Authentication 
  • Strength (e.g., complexity, secrecy, characteristics of the key) 
  • Cryptovariable or key 
  1. Certificates 
  • Digital Certificates 
  • Paper Certificates and Identity Cards 
  • Authorities that Issue Physical Certificates 
  • Difference Between Physical and Digital Certificates 
  • Standards For Digital Certificates 
  • X.509 as Authentication Standard 
  • Public Key Certificate 
  • Viewing digital certificates 
  1. Security Policies 
  • Concept of Security Policy 
  • Key Security Elements 
  • Security Awareness Programs 
  • Vital role of a security policy 
  • Classification of Security policy 
  • User policies 
  • IT policies 
  • General Policies 
  • Partner Policies 
  • Types of Security Policies: Issues Specific Policies 
  • Contents of Security Policy  
  • Security levels 
  • Agency Specific AIS and Telecommunications Policies 
  • Configuration of security policy 
  • National Policy and Guidance 
  • Implementation of security policy 
  • Incident Handling and Escalation Procedures 
  • Security operations and life cycle management 
  • Securing Assets 
  1. Operational Security 
  • Configuration Management 
  • Defining Responses to Security Violations 
  • Compliance with Law and Policy 
  • Intellectual Property 
  • Electronic Communications Privacy Act 
  • Transborder encryption issues 
  • Issue-specific Security Policy (ISSP) 
  • E-mail Security Policies 
  1. Understanding Threats 
  • Defacement 
  • Infiltration 
  • Phishing 
  • Pharming 
  • Insider Threats 
  • Click Fraud 
  • Denial of Service (DOS) 
  • Data Theft and Data Loss 
  • “Good Enough” Security 
  1. Common Attack Vectors 
  • Worms and other Malware 
  • Buffer Overflows 
  • Client-State Manipulation 
  • SQL Injection 
  • Password Security 
  • Cross-Domain Security in Web Applications 
View All Courses

    Course Inquiry

    Fill in the details below and we will get back to you as quickly as we can.

    Interested in any of these related courses?