Home > Course Catalog > Security > Software Application Security

Secure Software Design Training

This outline is also available in these languages: ??languagelist??

Course #:

SPSE-105

Format:

Classroom

Duration:

3 days

Price*:

2,010.00 USD

Professional Development Units:

Continuing Development Units:

Course Tier: ??Tier??

Per Student Kit Price: ??KitPricePerStudent??

ibm

Delivery Options:

Public Scheduled Classes - Register for classes below Search Catalog Sign Up to be notified
Self-Paced Training - Purchase below Search Catalog
Public Scheduled Webinar - Register below Sign Up to be notified
Webinar Recording - View Now

Custom Group Training - Request a proposal



See all
Format
 
Self-Paced
Purchase ??country-to-buy-from?? course Add to Cart
here's the message from the cart

To view the cart, you can click "View Cart" on the right side of the heading on each page
Close


 
Classes marked with a are Guaranteed to Run on the scheduled dates.
 

There are ??othercoursecount?? similar courses in different countries and/or formats.Click here to see them.

Need a customized class for your group? Contact Us.

No classes scheduled? Sign Up to be notified when new classes are added.


*Public Price per Student


This course is designed to provide students with the knowledge and skills required to recognize software vulnerabilities (actual and potential) and design defenses for those vulnerabilities. This course quickly introduces developers to the various types of threats against their software. The concept and process of Threat Risk Modeling is introduced as a key enabler for architecting effective and appropriate security for software and information assets.

This course combines expert lecture with open discussions, high-level demonstrations and extensive hands-on labs. It is an intermediate level software design course.

 


Upon completion of the course, students will be able to:
  • Explain the concepts and terminology behind defensive coding
  • Identify software vulnerabilities based on realistic threats against meaningful assets using Threat Risk Modeling
  • Describe the entire spectrum of threats and attacks that take place against software applications in today’s world
  • Identify potential vulnerabilities in a real life case study using Threat Risk Modeling
  • Explain and implement the processes and measures associated with the security development lifecycle (SDL)
  • Acquire the skills, tools and best practices for design reviews as well as testing initiatives
  • List the basics of security testing and planning
  • Work through a comprehensive testing plan for recognized vulnerabilities and weaknesses

  • Software Architects
  • Software Designers
  • Software Developers
  • Project Stakeholders

  • Basic familiarity with software design and technologies
  • Basic experience in real-world programming
  • At least six months to a year of working knowledge of a programming language is recommended

  1. Defensive Coding Overview
    • Security concepts
    • Principles of defensive coding
    • Threat Risk Modeling
    • Threat Risk Modeling of case study
  2. Vulnerabilities
    • Unvalidated input
    • Broken authentication
    • Cross Site Scripting (XSS)
    • Injection flaws
    • Error handling, logging, and information leakage
    • Insecure storage
    • Direct object access
    • XML vulnerabilities
    • Web services vulnerabilities
    • Ajax vulnerabilities
  3. Defensive Coding Applied
    • Basic principles revisited
    • Defensive coding
  4. Security Design Patterns
    • Authentication enforcer
    • Authorization enforcer
    • Intercepting validator
    • Secure base action
    • Secure logger
    • Secure pipe
    • Secure service proxy
    • Intercepting Web agent
  5. Security Development Lifecycle (SDL)
    • SDL process overview
      • CLASP defined
      • CLASP applied
    • Asset identification
    • Boundary identification
    • Vulnerability identification
    • Vulnerability response
    • Design and code reviews
    • Applying processes and practices
    • Risk analysis
  6. Security Testing
    • Testing as lifecycle process
    • Testing planning and documentation
    • Testing tools
    • Static and dynamic code analysis
    • Approaches for testing
      • Information leakage
      • Business logic
      • Authentication
      • Session management
      • Input data validation
      • Denial of service
      • Web services

??Testimonials??


This course is included in the following Roadmaps:

Do you have an IBM EdPack?

Find out why you should transfer to a LearnPass

Check Out the LearnQuest Blog

Read More.

Learn how you can save up to 20% on LearnPass

Click to find out more.

LearnQuest is an Authorized IBM Global Training Provider

Learn more about IBM training with LearnQuest

Training Roadmaps

Training roadmaps can help you plan your course to success

Events

LearnQuest attends and exhibits regularly at industry events.

See what some of our clients have said about us

View client testimonials
View a list of LearnQuest clients.