Preferred method of contact:

Fundamentals of Secure Application Development



Course Number



2 Days

PDF Add to WishList

The rules of information security aren’t what they used to be. Hackers aren’t kids in basements–they’re state sponsored professionals and organized criminal groups all around the world. They break into systems and steal data any way they can.

Unfortunately, the vast majority of hacks are not due to insecure networks or misconfigured firewalls; they are a result of common software flaws that get coded into applications. Even with good information security policy and staff, the reality is that software developers are often underserved when it comes to security strategy. If their applications get built without attention to good software security practices, risk gets passed downstream and by the time an incident occurs it’s too late to be proactive.

From proactive requirements to coding and testing, this course covers the best practices any software developer needs to avoid opening up their users, customers and organization to attack at the application layer. We teach only constantly updated best practices, and our experts answer your questions live in class. Return to work ready to build higher quality, more robustly protected applications.

Course Outline


Secure Software Development

  • Assets, Threats & Vulnerabilities
  • Security Risk Analysis (Bus & Tech)
  • Secure Dev Processes (MS, BSI…)
  • Defense in Depth
  • Approach for this course

Introductory Case Study

The Context for Secure Development

  • Assets to be protected
  • Threats Expected
  • Security Imperatives (int&external)
  • Organization's Risk Appetite
  • Security Terminology
  • Organizational Security Policy
  • Security Roles and Responsibilities
  • Security Training for Roles
  • Generic Security Goals & Requirements

Exercise:  Our Own Security Context

Security Requirements

  • Project-Specific Security Terms
  • Project-Related Assets & Security Goals
  • Product Architecture Analysis
  • Use Cases & MisUse/Abuse Cases
  • Dataflows with Trust Boundaries
  • Product Security Risk Analysis
  • Elicit, Categorize, Prioritize SecRqts
  • Validate Security Requirements

Exercise: Managing Security Requirements

Designing Secure Software

  • High-Level Design
    • Architectural Risk Analysis
    • Design Requirements
    • Analyze Attack Surface
    • Threat Modeling
    • Trust Boundaries
    • Eliminate Race Objects
  • Detail-Level Design
    • Secure Design Principles
    • Use of Security Wrappers
    • Input Validation
    • Design Pitfalls
    • Validating Design Security
    • Pairing Mem Mgmt Functinos
    • Exclude User Input from format strings
    • Canonicalization
    • TOCTOU
    • Close Race Windows
    • Taint Analysis

Exercise: A Secure Software Design, Instructor Q & A

Writing Secure Code

  • Coding
    • Developer guidelines & checklists
    • Compiler Security Settings (per)
    • Tools to use
    • Coding Standards (per language)
    • Common pitfalls (per language)
    • Secure/Safe functions/methods
      • Stack Canaries
      • Encrypted Pointers
      • Memory Initialization
      • Function Retrun Checking (e.e. malloc)
      • Dereferencing Pointers
    • Integer type selection
      • Range Checking
      • Pre/post checking
    • Synchronization Primatives
    • Early Verification
    • Static Analysis (Code Review w/tools)
    • Unit & Dev Team Testing
    • Risk-Based Security Testing
    • Taint Analysis

Exercise: Securing Coding Q & A

Testing for Software Security

  • Assets to be protected
  • Threats Expected
  • Security Imperatives (int&external)
  • Organization's Risk Appetite
  • Static Analysis
  • Dynamic Analysis
  • Risk-Based Security testing
  • Fuzz Testing (Whitebox vs Blackbox)
  • Penetration Testing (Whitebox vs Blackbox)
  • Attack Surface Review
  • Code audits
  • Independent Security Review

Exercise: Testing Software for Security

Releasing & Operating Secure Software

  • Incident Response Planning
  • Final Security Review
  • Release Archive
  • OS Protections:
    • Address Space Layout Randomization
    • Non-Executable Stacks
    • W^X
    • Data Execution Prevention
    • /ul>
    • Monitoring
    • Incident Response
    • Penetration Testing

    Exercise: A Secure Software Release

    Making Software Development More Secure

  • Process Review
  • Getting Started
  • Priorities

Exercise: Your Secure Software Plan

Convenient Ways to Attend This Instructor-Led Course

Hassle-Free Enrollment: No advance payment required to reserve your seat.
Tuition due 30 days after you attend your course.

Live, Online

Private Team Training

Live, Online

Tuition — Standard: $1395  

Sep 25 - 26 (2 Days)
9:00 AM - 4:30 PM EST
Live Online Live Online Reserve Your Seat

How would you like to attend?

Live, Online

Nov 27 - 28 (2 Days)
9:00 AM - 4:30 PM EST
Live Online Live Online Reserve Your Seat

How would you like to attend?

Live, Online

Guaranteed to Run

Private Team Training

Enrolling at least 3 people in this course? Consider bringing this (or any course that can be custom designed) to your preferred location as a private team training.

For details, call 1-888-843-8733 or Click Here »



In Classroom or



Private Team Training

Contact Us »

Training Hours

Standard Course Hours: 9:00 am – 4:30 pm
*Informal discussion with instructor about your projects or areas of special interest: 4:30 pm – 5:30 pm

FREE Online Course Exam (if applicable) – Last Day: 3:30 pm – 4:30 pm
By successfully completing your FREE online course exam, you will:

  • Have a record of your growth and learning results
  • Bring proof of your progress back to your organization
  • Earn credits toward industry certifications (if applicable)

Enhance Your Credentials with Professional Certification

Learning Tree's comprehensive training and exam preparation guarantees that you will gain the knowledge and confidence to achieve professional certification and advance your career.

Earn 14 PDUs

PMI, the Registered Education Provider logo, PMP, CAPM, PMI-ACP,
and PMBOK are marks of the Project Management Institute, Inc.

This course is approved by PMI® for 14 professional development units (PDUs). For more on the Project Management Institute and a full list of courses approved for PDUs.

Technical : 14 PDUs

Read more ...

- ,

Chat Now

Please Choose a Language

Canada - English

Canada - Français