Back to training

Designing for Security

About

This 2-day hands-on workshop will teach you how to handle security while developing a software system. The purpose is to help you become aware of security risks and start improving the security of your software system, with a practical approach on the code design.

Who should attend

Any software professional involved in a software project or product.

Objectives

  • Understand the security mindset
  • Learn and practice principles of secure software
  • Model and practice the security of your software

Course Outline

  • Intro. Security mindset.
  • Common vulnerabilities & how to avoid them
  • Principle: Defense in Depth
  • Exercise: Design against vulnerabilities
  • Validation. How to do it right. Caveats
  • Exercise: Design validation
  • Practical cryptography
  • How to store passwords & secrets
  • Exercise cryptography
  • Data flows. Data flow diagram
  • Exercise: create data flow diagram. Acknowledge risks
  • Testing for security. Tools
  • Exercise: testing for security
  • THREAT modelling
  • Exercise: Model your threats
  • (Optional) Basic penetration testing and security test automation
  • (Optional) Review your colleagues’ code for security issues
  • Final Debriefing. What’s next?

Prerequisites

  • At least 2 years of experience in software development

Course Delivery

  • 40% coding exercises
  • 30% lectures, explanations
  • 30% Q&A, Anti-patterns, Feedback
  • Demo from trainer
  • Continuous Feedback. Helping participants unblock at any moment during the exercises

Practical details

  • Duration: 2 days, from 09:00 to 17:30
  • Training language: English / Romanian / French

What’s next?

  • Schedule a few Hands-on Training on the Job sessions with the trainer so that you will apply the concepts in production
  • Attend the Designing for Performance workshop

 

Need a customized workshop? Contact us and we’ll adapt the content as required.