The Synopsys Software Integrity Group is now Black Duck®. Learn More

close search bar

Sorry, not available in this language yet

close language selection

Principles of Software Security (eLearning)

Course Description

Dive into the basics of software security inside the development process. This course introduces the fundamentals of software security problems, risks, and general approaches for producing better software. It also presents an approach to building software security into the development process, further enabling developers to deliver better software. This course was created by the experts who wrote the book on software security. The approaches described in this course are used by leading global companies with mature software security initiatives.

Learning Objectives

  • Discuss basic security terminology comfortably when discussing your own development work
  • Confidently contribute to discussions of software security principles
  • Participate in the initial strategy, formation, and role delegation of a software security initiative
  • Confidently begin to contribute to your company’s overall design of a software security strategy strategy.

Details

Delivery Format: eLearning

Duration: 45 Minutes

Level: Beginner

Intended Audience:

  • Back-End Developers
  • Front-End Developers
  • Enterprise Developers
  • QA Engineers
  • Mobile Developers
  • Architects

Prerequisites: None

Course Outline

Basic Software Security Concepts

  • The Importance of Software Security
  • Software Security Vocabulary
  • What Is Secure Software?
  • Obstacles in Software Security
  • Building Security In
  • Roles in Software Security

Fundamentals of an SSI

  • Goals of a Software Security Initiative
  • Engineering and Governance
  • Software Security Group
  • Vendor Management
  • Vetting Third-Party Software
  • SSI Evolution
  • SSI Evolution: Breadth, Depth, and Efficiency

Software Development Life Cycle (SDLC)

  • Touchpoints
  • Secure SDLC
  • Secure SDLC: Waterfall vs. Agile
  • Software Security Intelligence
  • Technical Standards and Reference Frameworks
  • Training

Assessing Software and Code Review

  • Assessing Software Is Critical
  • Discovery Methods
  • Architecture Risk Management
  • Manual Code Review
  • Static Analysis
  • Dynamic Analysis
  • Fuzz Testing
  • Risk-Based Security Testing
  • Penetration Testing
  • Interactive Application Security Testing
  • Fixing Software Is Important

Training

Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster