Training: Secure Software Architecture, Development Processes and Security Engineering
IT security is an extremely complex topic – and the more complicated and extensive an application or software project, the more difficult it becomes to master the topic of security. Often, the topic of IT security is also dealt with very late or only when it is too late. The first case often leads to large costs in fixing security problems, the second in the worst case to enormous damage from hacker attacks. In these attacks, the data of the users or the systems of the operator of an application can come under external control. In addition, reputational, legal and financial damage may also result.
But there is another way. Software can be conceived and designed securely from the outset, so that security vulnerabilities are very unlikely to occur or can be eliminated altogether. Just as important as secure architecture, conception and design are secure development processes, specifications, and practices – and, of course, secure code itself.
In this training course, participants learn about everything that is involved in secure software development – from the design and conception phase to implementation, go-live and ongoing operation.
What do participants learn in the training course?
This training course presents participants with the ‘big picture’ of secure software development: Secure architecture and secure development processes, together known as Security Engineering. They learn how to design software securely from the beginning, how to consider security in the architecture, and how to ensure security throughout the lifecycle of a software project. Topics covered include policies and baselines, security requirements elicitation and specification, process guidelines, code quality, DevSecOps, security testing, dealing with dependencies, relevant security standards and norms, secure ongoing operations, monitoring/logging/visibility, and much more. Problems that the participants know from their own professional practice and that are unclear to them can be discussed in open question sessions.
This enables participants to understand all the aspects mentioned and how they interact. They are then able to transfer this knowledge to their own projects in order to strengthen the security of their software projects fundamentally, comprehensively and cost-effectively.
What are the contents?
- Topics covered include the following:
- Secure software architecture and architecture concepts
- Secure design concepts
- Standards for secure software
- How to distinguish and prioritize the effectiveness of security measures
- Security requirements elicitation and engineering
- Baselines and policies
- Code quality
- Forms of security testing
- DevSecOps
- Secure development lifecycle models
- Technical vulnerabilities, secure code and insecure code
- Vulnerability catalogs and verification standards
- Dependencies and how to deal with them
- Secure and insecure patterns
- Secure and insecure libraries
- – Open Q&A session with the trainer, where participants’ concerns can be discussed
What is the target audience (prior knowledge etc.)?
Product owners, development team leaders, technical project managers, software architects as well as software engineers and developers with influence on processes and architecture in their projects, interested developers.
How long does the training take?
Duration: 2 days