Learn about our course, Secure Software Coding.
Course Learning Objectives
Secure Software Coding covers the fundamentals of programming and different software development methodologies. This course helps you to identify common software attacks and vulnerabilities, describe defensive coding practices and controls, implement programming safeguards using defensive coding principles, explain the difference between static and dynamic code analysis, and describe how to build software with security mechanisms in place.
Description
Secure Software Coding was created to provide Certified Secure Software Lifecycle Professionals (CSSLP) with an understanding of the importance of programming concepts that can effectively protect software from vulnerabilities.
Learners will touch on topics such as software coding vulnerabilities, defensive coding techniques and processes, code analysis and protection, and environmental security considerations that should be factored into software.
| Audience | Time Required |
|---|---|
| Certified Secure Software Lifecycle Professional (CSSLP) | Tailored learning – 40 minutes total approx. |
Course Outline
1. Architecture and Programming Languages
- Basic architecture
- CPU components
- The machine cycle
- Internal memory
- Stack PUSH POP operations
- General qualities of programming languages
- About abstraction
- Abstraction
- Compiled languages
- Interpreted and hybrid languages
- Managed vs. unmanaged languages
- External and untrusted code
- .NET security transparency
2. Common Software Vulnerabilities
- Industry databases
- Desktop software vulnerabilities
- Locality of reference
- Buffer overflow explained
- Code obfuscation
- Address Space Layout Randomization (ASLR)
- Data Execution Protection (DEP)
3. Secure Software Processes
- Introduction
- Code analysis
- Static analysis
- Dynamic analysis
- Static vs. dynamic analysis
- Code review
- Threat modeling and code review
- Securing build environments
- Maintaining legacy code
- Securing build automation