Synopsys Software Integrity Group is now operating as Black Duck Software, Inc., a subsidiary of Synopsys. Click to learn more.

close search bar

Sorry, not available in this language yet

close language selection

Software Security Requirements

Course Description

This course introduces the role of security requirements in the software development life cycle and how to write effective, verifiable requirements. The goal is to understand first how to incorporate security into the SDLC and then how to choose a style of security requirements that fits your project’s and organization’s needs. The course wraps up with an action plan to help learners verify the effectiveness of security requirements through security testing and hands-on auditing.

Learning Objectives

  • Explain the benefit of introducing security-specific requirements as part of an overall requirements-gathering strategy.
  • Understand the approaches and methodologies used to write software security requirements.
  • Differentiate between functional and nonfunctional software requirements, and understand which type of requirements-gathering technique best fits an organization.
  • Describe the qualities of effective security requirements, and implement requirements that increase application security.
  • Implement verification to ensure security requirements are met and enforced during and after deployment.

Details

Delivery Format: eLearning

Duration: 45 Minutes

Level: Introductory

Intended Audience:

  • Architects
  • Back-End Developers
  • Enterprise Developers
  • Front-End Developers
  • QA Engineers
Prerequisites: None

Course Outline

Introducing Security in the SDLC

  • The Importance of Requirement Gathering
  • What Are Software Security Requirements?
  • Types of Software Security Requirements
  • Internal Risk and Threat Assessment
  • Threat Modeling
  • Security Training and Awareness

Types of Software Security Requirements

  • Software Security Requirements
  • Requirements Gathering and Methodologies: Intro
  • Requirements Gathering Methodologies: Specifications
  • Requirements Gathering Methodologies: Use Cases
  • Requirements Gathering Methodologies: User Stories
  • User Stories: Misuse Stories

The Role of Software Security Requirements

  • Security Requirements Overview
  • Approaches to Security Requirements
  • Collecting and Prioritizing Security Requirements

Writing Effective Security Requirements

  • Introduction to SMART Requirements
  • Understanding SMART Requirements
  • SMART Example
  • Categories of Software Security Requirements
  • Examples of Software Security Requirements
  • Operational Security Requirements

Verifying Security Requirements

  • Verifying Security Requirements
  • Code Review
  • Security Testing

Compliance Audit

Training

Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster