-
Learn how to incorporate security into the software development life cycle. Add secure coding practices to agile processes to protect data and prevent recurring flaws.
Learn how to incorporate security into the software development life cycle. Move security into your design and build phases by identifying common insecure code issues and embracing the mindset of a security professional. In this course, security architect Frank Moley provides a basic understanding of secure coding practices. Learn how to understand your attackers and risks and mitigate issues at critical junctures in your code, including thick app, client, and server interactions. Plus, explore how to prevent unauthorized access and data leaks with authentication and cryptography. Frank closes with an overview of security in each phase of the software development life cycle, and next steps for strengthening the security posture of your applications.
Overview
Syllabus
-
Introduction
- Implement secure code with your team
- What you need to know
- The goal of secure coding
- Understand an attacker
- Break what you build
- Understand your risks
- Document what you understand
- Input validation issues
- Communication channel issues
- Session management issues
- Error handling issues
- Logging and output issues
- Internal data management issues
- Configuration issues
- Database issues
- File and I/O issues
- Memory management issues
- Dependency issues
- Authentication and password issues
- Authorization and access control issues
- Cryptography issues
- Embrace security in design
- Embrace security in development
- Embrace security in testing
- Embrace security in deployment
- Implement best practices
- Next steps
