| Kursbeschreibung (description): |
The SC470-EN Secure Development workshop teaches you the basics of secure software development in a professional environment.
In addition to robust architecture and security-conscious implementation, the focus is also on threat modelling and risk handling.
You will learn all the steps of the Secure Development Lifecycle: Requirement Gathering, Secure Design, Secure Implementation, Testing and Deployment & Maintenance.
Specifically, topics such as business and project requirements, threat modelling, secure design, OWASP Top 10, automated testing and disaster recovery will be covered.
The workshop places particular emphasis on practical applications by providing numerous exercises that enable participants to directly put into practice and consolidate their learned knowledge.
By the end of the workshop, participants will have gained a solid understanding of secure software development in a professional environment and will be able to develop, implement and maintain robust and secure applications.
|
|
| Zielgruppe (target group): |
The training SC470-EN Secure Development is suitable for:
- Software Developers
- Software Architects
- Testers
- Cloud Architects
- DevOps Engineers
|
|
| Voraussetzungen (requirements): |
In order to be able to follow the course content and the learning pace in the workshop SC470-EN Secure Development well, general programming knowledge is necessary and professional experience as a software developer is helpful.
|
|
| Ziele (objectives): |
The SC470-EN Secure Development course provides:
- Identify vulnerabilities in concepts and architectures
- Identify business critical assets
- Develop and describe attack vectors
- Consequences of constraints and requirements
- Hardening of applications and infrastructure
- Responding to security incidents
|
|
| Preis und Dauer (price and duration): |
Dauer (duration): 5 Tage
Preis (price): 3490,- Euro zzgl. MwSt.
The optional certificate exam is not included in the course price and can be booked separately for €100.
Eine Druckansicht dieses Workshops finden Sie hier.
|
|
| Termine (dates): |
Termine auf Anfrage.
Falls Sie einen Terminwunsch für diesen Workshop haben, werden wir dies gerne für Sie prüfen!
|
|
|
| Inhalte (agenda): |
- Introduction
- What is secure coding and what is it not?
- Concepts and concept of training
- Requirement Gathering
- Business Requirements (business domain, processes, assets, etc.)
- Project Requirements (code maturity, internal functionality requirements, budget, regulatory requirements, etc.)
- Threat Model (protection goals, identification of attack vectors, risk management, mitigation strategies)
- Secure Design
- Secure Design Principles (Bugchains, Security by Design, Viega's and Graw's Principle)
- Robust Architecture (Application Components, The Dependency Rule, Service Mesh)
- Robust Technology design (Development Considerations, Supply Chain Considerations)
- Secure Implementation
- OWASP Top 10, CWE, Best Practices
- Authentication (Identification & Authentication, Broken Access Control)
- Processing (Input Parsing, Injection)
- Storage (Software & Data Integrity, Cryptographic Failures, Logging & Monitoring Failures)
- Testing
- Automated Testing (Test Cases, Test Setups, Tools)
- Penetration Testing (Concept, Methods, Tools)
- Chaos Engineering (Concept, Resilience, Case Study)
- Deployment & Maintenance
- Launch (Release Strategies, Hypercare)
- Longterm Support (Change Management, Feature Requests, future-proof)
- Disaster Recovery (Backups, Supply Chain, Business Continuity)
- Many practical exercises for the individual modules
- Learning level check / exam
|
|
|
