Applications cyber security / Expert

ANT3001

Development of secure software

Duration of training: 5 days

sign up for a course

description
course

The course material will allow students to study the principles, approaches and methods of ensuring software security during and after the development process. The course also covers the integration of DevSecOps practices to build an end-to-end secure software development process.

course audience

Engineers who ensure cybersecurity in the development of corporate applications and services.

prerequisites

Knowledge of general cybersecurity at the level of the ANT0000 course is required.

how it works
education

online course

The online course involves group classes with an instructor via video conferencing, in addition, homework and an exam.

for corporate clients

training for corporate clients includes online and self-study courses, as well as additional services required by corporate clients: organizing training plans for client departments, assessing the effectiveness of training, etc.

teacher
course

program
course

• Threat modeling techniques.
• Methods of risk assessment and management.
• Creation of a software threat model.
• Risk assessment and management in software development.
• Universal access control model.
• Types of access control.
• Audit and traceability of the performance of functions.
• Work monitoring.
• Privacy and confidentiality.
• Multi-level security.
• Anonymization.
• Authentication.
• Integrity and authenticity.
• Choosing a programming language.
• Choosing a platform for distributed objects and interactions.
• Select OS.
• Selecting authentication technologies.
• Selection of cryptographic libraries.
• Selecting a Strategy for Implementing the Defense-in-Depth Principle.
• The principle of “Security by obscurity”.
• Benefits of open source.
• Open source incidents.
• Disadvantages of using open source code.
• Securing the weakest element.
• Defense in Depth.
• Ensuring security when handling exceptions and errors.
• Use least privilege.
• Separation of the production process into its component parts.
• Using simple functions and software components.
• Maintaining privacy when processing data.
• Hiding "secrets".
• Ensuring trust in the interaction of software functions and components.
• Leveraging the power of the developer community.
• DevSecOps practices and methods.
• Analysis of software architecture.
• Static code analysis.
• Dynamic code analysis.
• Conducting Code Review.
• Buffer overflow.
• Race.
• Errors in access control configuration.
• Problems of random number generation.
• Errors in using cryptographic libraries.
• Sources of input data for software development.
• Principles and mechanisms of input data validation.
• Syntactic and semantic data validation.
• Maintaining trust in the interaction of software components.
• Organization of security-enhanced API.
• Storing passwords and accounts.
• Adding accounts.
• Enforcing password requirements.
• One-time passwords.
• Schemes for protecting the ownership of software.
• License files and license verification.
• Anti-counterfeiting mechanisms.
• Code obfuscation.

Сourse purchase
options

individual

Cost — $1,550.00

Group online classes

Unlimited access to all the materials

Live webinars with teachers

Homework

Exam with certificate

To confirm course dates fill out the form.

SUBMIT YOUR APPLICATION

* By clicking “send”, you agree to the Terms of Service And Privacy Policy

corporate

Cost from $1,550.00

To obtain information about the final cost and clarify the date of the course, please fill out the form.

SUBMIT YOUR APPLICATION

* By clicking “send”, you agree to the Terms of Service And Privacy Policy