Build more secure software by leveraging architectural analysis for security, security frameworks, code analysis and risk analysis tools, and security patterns.
Software developers are constantly told to use secure coding practices. Luckily, with today's tools, secure code doesn't take a lot of time or effort. There are security frameworks (authentication, authorization, etc.) developers can use as their own. There are also static and dynamic code analysis tools to test code. Plus, with security patterns that can be implemented at the design levelâbefore coding ever beginsâyou can make sure you're not reinventing the wheel.
Jungwoo Ryoo is a faculty member teaching cybersecurity and information technology at Penn State. In this course, he introduces secure software development tools and frameworks and teaches secure coding practices such as input validation, separation of concerns, and single access point. He also shows how to recognize different kinds of security threats and fortify your code. Plus, he helps you put a system in place to test your software for any overlooked vulnerabilities.
Building security into software development
What you should know
1. Understanding Software Security
What is software security?
Significance of software security
Software security vocabulary
Software security risk management
Software security resources
2. Software Security Threats
Threats to software security
Detailed design-level threats
Threat modeling and tools
3. Secure Software Design
Introduction to secure design
Architectural analysis for security
Case study: Setting the Stage
Case study: Tactic-Oriented Architectural Analysis
Case study: Pattern-Oriented Architectural Analysis
Case study: Vulnerability-Oriented Architectural Analysis
Software security anti-patterns
4. Secure Coding
Setting the stage
Buffer overflow attacks
Buffer overflow countermeasures
Broken authentication and session management
Broken authentication and session management countermeasures