Build more secure software by leveraging architectural analysis for security, security frameworks, code analysis and risk analysis tools, and security patterns.
Overview
Syllabus
Introduction
- Building security into software development
- What you should know
- What is software security?
- Significance of software security
- Software security vocabulary
- Software security risk management
- Software security resources
- Threats to software security
- Hardware-level threats
- Code-level threats
- Detailed design-level threats
- Architectural-level threats
- Requirements-level threats
- Threat modeling and tools
- Introduction to secure design
- Security tactics
- Security patterns
- Security vulnerabilities
- Architectural analysis for security
- Case study: Setting the Stage
- Case study: Tactic-Oriented Architectural Analysis
- Case study: Pattern-Oriented Architectural Analysis
- Case study: Vulnerability-Oriented Architectural Analysis
- Software security anti-patterns
- Setting the stage
- Buffer overflow attacks
- Buffer overflow countermeasures
- Broken authentication and session management
- Broken authentication and session management countermeasures
- Insecure direct object references
- Insecure direct object references countermeasures
- Sensitive information exposure
- Sensitive data exposure countermeasures
- Other secure coding best practices
- Testing for security
- Static analysis
- Exploring tools for static analysis
- Dynamic analysis
- Dynamic analysis tools
- Penetration testing
- Penetration testing tools
- Vulnerability management
- Vulnerability management tools
- DevOps and software security
- Cloud security
- Developer-friendly software security
- IoT and software security
- Rules and regulations
- Software security certifications
- Next steps and additional resources
Taught by
Jungwoo Ryoo
