Training
Course Catalog
On-site Training
Catalog
Programming Paradigms
Programming Languages
Enterprise Programming
Web Frameworks
Mobile Programming
Software Design
UML
Software Security
andreaprovaglio.com

Designing Secure Applications

Printed from http://andreaprovaglio.com. All rights reserved.

Track: Software Security
Platform: Java Ruby Platform-agnostic
Days: 2
Code: 901
Author: Andrea Cogliati

This course is an introduction to secure software development. The course covers the skills needed to build secure applications, that is, applications resilient to potential attacks and intrusions. It targets both software architects and developers and provides a common vocabulary and a shared approach to software development.

Description

The course starts with an introduction to information security and motivations for secure software development and analyzes a few successful intrusions to information systems, showing their causes and how a better design can improve the security of the applications.

Then, major information system threats are described for both Intranet and Internet applications.

Finally, a practical methodology to effectively manage security issues in a software development process, presenting techniques for secure software design and implementation.

During the course, a list of Security Patterns are presented. Security Patterns are standard solutions and guidelines to common security problems. Particularly, the importance of using and leveraging standard security libraries and frameworks instead of creating proprietary solutions is explained.

Several group activities will explain how to describe the security requirements of a project, how to manage the potential risks and design a security architecture of an application.

A case study for a real world application is presented during the course.

About 25% of the time is on guided exercises.

Contents

  • Information security
  • Software security
  • Software threats and vulnerabilities
  • Security goals
  • Risk management
  • Software security principles
  • Security in enterprise applications (Authentication, Authorization and Audit)
  • J2EE Security Patterns
  • Multi-Layer Security
  • Managing security in software development lifecycle

Skills you'll learn

  • Risk management fundamentals
  • Secure Unified Process
  • Secure software design

Notes

Proved experience in software development or software project management is recommended.

For additional information, please contact us.

Get Connected!
Twitter RSS Newsletter
Latest Updates
Speaking at Agile Eastern Europe 2010
I'll be giving my "Beyond Agile" presentation at AgileEE 2010 on Oct. 9th 2010 in Kyiv, Ukraine.
Speaking at WebExpo 2010
I'll be giving my "Beyond Agile" presentation at WebExpo 2010 on Sept. 25th 2010 in Prague, Czech Republic.
Speaking at DevCon 2010
I'll be giving my "Beyond Agile" presentation at DevCon 2010 on May 18th 2010 in Milan, Italy.
Speaking at GeeCON 2010
I'll be giving my "Beyond Agile" presentation at GeeCON on May 13-14 2010 in Poznan, Poland.