What's the topic?

Free Session: Practical Secure Software Development Lifecycle Fundamentals

Did you ever wonder what it takes to ensure holistic and manageable software security? Would you like to be compliant to laws and regulations that demand action in that area, maybe via your customers? Or do you simply want to drive software quality through security and make it visible? Then this fundamental training is for you. In this training, you will be guided through the world of secure software development from different perspectives, ranging from governance topics to technological aspects like design, coding, testing, and operations. The training outline is based on OWASP SAMM, an open-source assurance maturity model for software security. Use this training to kick-start your secure development lifecycle, to reach the next level of software security, and to demonstrate the endeavor to your stakeholders.

Session Outline

The following topics are covered:

  • Introduction: Why should we care?
  • The essential terms
  • Security requirements engineering
  • Common requirements by the example of the GDPR
  • Secure design and architecture
  • Threat modeling
  • Security design patterns that solve common problems
  • Fundamental secure coding principles
  • Build process and deployment security
  • Overview of software security testing types
  • Automated tool types (SAST, DAST, IAST, dependency checks)
  • The pros and cons of each tool type
  • Common vulnerability classes and their automated testability
  • Vulnerability management
  • Logging and monitoring
  • Incident management
  • Configuration management
  • Making software security manageable and traceable
  • Education and guidance
  • Compliance

We approach each domain (governance, design, implementation, verification, operations) in the following way:

  1. Common real-world example
  2. Theoretic concepts underpinned with examples
  3. Common pitfalls in the area
  4. Touchpoints with OWASP SAMM
  5. Developer's checklist to get started

Audience

  • Everyone who is involved in software development
  • Developers
  • Software security engineers
  • Software testers
  • Team leads of software-driven teams
  • CISOs of software-driven organizations

Prerequisites

Ideally, you have some experience in software development or in managing a software development team. But even if you are just getting started with it, there will be insights for you to take away and to apply in your future work.

Training Duration

4 hours

Speaker: