You are leaving our Website
Using an external Link:
You are now leaving our website. The following page is operated by a third party. We accept no responsibility for the content, data protection, or security of the linked page..
URL:
SC460: Secure Architecture and Design
Training: Security - Software Development
Software developers and software and cloud architects receive a practical introduction to Secure Architecture and Design. The course covers best practices for secure application architectures and methods to reduce the attack surface. It addresses threat perspectives, threat modeling for identifying vulnerabilities, as well as exercises to apply and reinforce security measures in a targeted manner.
Hybrid training
Start: 2026-01-12 | 10:00 am
End: 2026-01-16 | 01:30 pm
Location: Nürnberg
Price: 3.450,00 € plus VAT.
Hybrid training
Start: 2026-04-20 | 10:00 am
End: 2026-04-24 | 01:30 pm
Location: Nürnberg
Price: 3.450,00 € plus VAT.
Hybrid training
Start: 2026-07-13 | 10:00 am
End: 2026-07-17 | 01:30 pm
Location: Nürnberg
Price: 3.450,00 € plus VAT.
Hybrid training
Start: 2026-09-28 | 10:00 am
End: 2026-10-02 | 01:30 pm
Location: Nürnberg
Price: 3.450,00 € plus VAT.
Agenda:
- Security design principles – Introduction, application and measurability
- Trust / Trust principals
- "Never trust the Client"
- "Zero trust"
- "Trusted 3rd party"
- Secure design - Authentication
- Secure identifiers / Identities
- Password-Based authentication
- Secure implementation of cryptographic methods
- Kerkhof's principal
- Secure design principles: Authorization
- "Segregation of duties"
- "Least privilege"
- "Avoid broadly generic functions"
- "Authorize close to the source"
- "Extension of Kerkhoffs-Principle"
- Additional principles overview
- "Do not be chatty"
- "Encrypt high"
- "Decrease visibility"
- Secure Design – Input / Output / Communication
- "Input validation"
- "Output validation"
- "Black-Listing / White-Listing"
- "Do not interpret – discard"
- "Intercept – do not process"
- "Don't call me – I call you!"
- "Resilient design"
- Secure Design – "Miscellaneous"
- "Visibility"
- "Default is tight"
- "Fail safe"
- "Double book-keeping"
- "No filesystem"
- Threat modelling
- Introduction, application, history, fundamentals
- Introduction, application, history, fundamentals
- Threat modelling methods
- Misuse-Cases
- Attack-Trees
- STRIDE
- EoP-Card-Game
- Tools
- Application-Level-Threat-Modelling
- Vulnerabilities and practical exercise
- Identity management
- Authentication
- Authorization
- Vulnerabilities
- Communication
- Memory
- Input-Attacks
- Attacks by privileged users
- Attack detection
- Traceability
- Attacks via infrastructure
- Data protection
- Open-Source-Security
- Attacks on software lifecycle
- Attacks on cryptography
- Attacks on error situations
- Vulnerability assessment
- Attack vector
- CVSS
- Risk assessment
- Conducting and documenting workshops
- Workshop facilitation
- Final exercise
- Threat modelling
- Risk assessment of findings
- Analyze secure design measures
- Many practical exercises for individual modules
Objectives:
The training SC460 Secure Architecture and Design has the following course objectives:
- Knowledge and application of common security design principles
- Skills to conduct a threat modeling workshop
- Knowledge of common design vulnerabilities and their remediation
Target audience:
The training SC460 Secure Architecture and Design is ideally suited for:
- Software Developers
- Software Architects
- Cloud Architects
Prerequisites:
To be able to follow the course content and learning pace in the workshop SC460 Secure Architecture and Design effectively, you should bring the following prerequisites:
- basic IT knowledge
- basic IT security terminology
Description:
The world is changing at a rapid pace and with it the demand for new technologies. This also increases the risk for digital threats and the importance of cybersecurity rises. Organizations and enterprises require a variety of complex systems and measures to ensure the protection and security of large data volumes and critical assets. Through outdated and incomplete security architecture, companies become targets for internal and external hacker attacks. For this reason, architecture concepts must be developed in such a way that they provide the smallest possible attack surface. The workshop SC460 Secure Architecture and Design enables you to counteract such threats.
Secure Architecture and Design is a basic requirement to build a secure application. A secure architecture can be achieved through different approaches, either using a classic, somewhat "mechanical" method in which BSI™-Grundschutz is applied or alternatively through somewhat freer risk-based methods.
In this seminar, the focus is on two essential perspectives: In the Best Practice perspective, the application of generally recognized design principles is examined more closely. The threat perspective, in turn, makes clear what can go wrong. In this context, you will learn about Threat Modeling. With this very valuable conceptual analysis technique, potential vulnerabilities and risks can be identified early in the development of applications and required measures can be derived.
The course places special emphasis on practical applications by offering numerous exercises that enable participants to directly implement and consolidate their acquired knowledge.
The course is part of the "qSkills™ Secure Software Quadrant", consisting of:
- SC460 Secure Architecture and Design
- SC470 Secure Development Principles
- SC475 OWASP Security Champion
- SC480 Secure Operations
Guaranteed implementation:
from 2 Attendees
Booking information:
Duration:
5 Days
Price:
3.450,00 € plus VAT.
(including lunch & drinks)
Exam (Optional):
100,00 € plus VAT.
Appointment selection:
Authorized training partner
Authorized training partner
Memberships
Memberships
Shopping cart
SC460: Secure Architecture and Design
was added to the shopping cart.