We are a family owned USA based Corporate Training Company determined to help professionals, teams, and organizations improve.

Let us help you find the training program you are looking for.

If you can't find what you are looking for, contact us, we'll help you find it. We have over 800 training programs to choose from.

banner-img
Home » Technology » Security & Cybersecurity » Security Concepts for Software Developers (What Every Programmer Needs to Know)

Course Skill Level:

Foundational

Course Duration:

3 day/s

  • Course Delivery Format:

    Live, instructor-led.

  • Course Category:

    Security & Cybersecurity

  • Course Code:

    SCSDNKK21M09

Who should attend & recommended skills:

Developers with any programming language experience

Who should attend & recommended skills

  • Software developers seeking key security concepts they need to understand Secure Coding with a focus on the concepts, techniques and mechanisms required to secure data and to create secure software that enforces and maintains data protection.
  • Programming language (any): Basic-Intermediate (1-5 years’ experience).

About this course

This course is designed to expose software developers to the key security concepts that they need to know to appreciate what Secure Coding is all about. This is a language agnostic course that focuses on the concepts, techniques and mechanisms required to secure data and to create secure software that enforces and maintains data protection. Most developers are aware of some of these concepts, but they do not fully appreciate the significance of each in relation to the other, and how these topics ultimately affect their ability to evaluate and implement secure coding practices. Any factors that affect software security should be carefully considered, and fully understood. There is a lot of decision making that goes into each coding project, and this course helps ensure that developers are adequately equipped to make properly informed choices.
This course focuses on the main concepts and leaves the implementation to later courses. It explores the foundations of security and covers what every programmer needs to know about security.

Skills acquired & topics covered

  • Learn software security design principles and how to apply them
  • Understand the importance of Defense-in-Depth
  • Learn to create manageable security policies that you can actually implement
  • Learn how to protect electronic data and software systems
  • Apply common design patterns and best practices
  • Understand how to correctly use Certificates, Authentication, Authorization and Encryption
  • Learn how Cryptography can be used to protect your data
  • Expose developers to common threats, so they can implement defenses to help avoid them
  • Appreciate the necessity of a secure infrastructure and culture

Course breakdown / modules

  • Security Goals
  • Secure Systems Design
  • Secure Design Principles
  • Evaluating the Landscape
  • Incentive

  • Defense-in-Depth
  • Diversity-in-Defense
  • Securing the Weakest Link
  • Fail-Safe Stance
  • Secure by Default
  • Simplicity
  • Usability
  • Security Features Do Not Imply Security

  • Something You Know
  • Something You Have
  • Something You Are
  • Pulling it all together

  • Access Control Lists (ACLs)
  • Access Control Models
  • The Bell-LaPadula Model

  • Confidentiality
  • Message Integrity
  • Data Integrity
  • Accountability
  • Availability
  • Non-Repudiation

  • Encryption Systems
  • Cost of encryption
  • Key Based Encryption Systems
  • Symmetric Keys
  • Public Keys
  • Encryption Algorithms
  • Analyzing popular encryption schemes
  • Symmetric vs. Asymmetric Encryption
  • Hashing Algorithms

  • History of Cryptography
  • Math and Algorithms
  • Message Authentication
  • DES for Encryption
  • DES ECB and CBC Analysis
  • 3DES
  • HMAC/MD5 and SHA for Authentication
  • Strength (e.g., complexity, secrecy, characteristics of the key)
  • Cryptovariable or key

  • Digital Certificates
  • Paper Certificates and Identity Cards
  • Authorities that Issue Physical Certificates
  • Difference Between Physical and Digital Certificates
  • Standards For Digital Certificates
  • X.509 as Authentication Standard
  • Public Key Certificate
  • Viewing digital certificates

  • Concept of Security Policy
  • Key Security Elements
  • Security Awareness Programs
  • Vital role of a security policy
  • Classification of Security policy
  • User policies
  • IT policies
  • General Policies
  • Partner Policies
  • Types of Security Policies: Issues Specific Policies
  • Contents of Security Policy
  • Security levels
  • Agency Specific AIS and Telecommunications Policies
  • Configuration of security policy
  • National Policy and Guidance
  • Implementation of security policy
  • Incident Handling and Escalation Procedures
  • Security operations and life cycle management
  • Securing Assets

  • Configuration Management
  • Defining Responses to Security Violations
  • Compliance with Law and Policy
  • Intellectual Property
  • Electronic Communications Privacy Act
  • Transborder encryption issues
  • Issue-specific Security Policy (ISSP)
  • E-mail Security Policies

  • Defacement
  • Infiltration
  • Phishing
  • Pharming
  • Insider Threats
  • Click Fraud
  • Denial of Service (DOS)
  • Data Theft and Data Loss
  • Good Enough Security

  • Worms and other Malware
  • Buffer Overflows
  • Client-State Manipulation
  • SQL Injection
  • Password Security
  • Cross-Domain Security in Web Applications

Browse our programs to take the next step toward advancing yourself, your team, and organization.

Browse Courses