Software Attacks and Defense Course

Course Description

Building security in is about building software right the first time, and this course teaches students to do just that. Organized around a few major themes (e.g., data at rest, data in motion, input validation, output encoding), this course teaches some common use cases we want to support, and how to design and implement them securely. This course is not tied to any particular language or domain. Different use cases come from different contexts (e.g., web, embedded, thick client, mobile). Each is presented with its standard attacks and the standard solutions that defend against those attacks. Rather than follow industry-standard security taxonomies that categorize mistakes, this course is organized around common software user stories, and how to do them securely. Topics include proper use of encryption, and handling of data across module boundaries, validation and encoding, and authentication and authorization issues.

At the end of this course, students will have the foundational knowledge to expand their software security and learn specific engineering techniques such as defensive programming, threat modeling, and penetration testing.

Learning Objectives

After successfully completing this course, the student will be able to:

  • Recognize security needs around common software use cases
  • Match the standard attacks to common software use cases
  • Choose standard defenses that are appropriate, given the software’s use case

Details

Delivery Format & Duration: 

  1. Live traditional or virtual classroom (8 hours)
  2. eLearning (1 hour)

Intended Audience:

  • Developer
  • Architect
  • QA and Testing
  • IS Security Team

 

Get more course information