CYBERSECURE CODER (CSC)

This course presents secure programming concepts that apply to many different types of software development projects. While this course uses Python, HTML, and JavaScript to demonstrate various programming concepts, you do not need to have experience in these languages to benefit from this course. However, you should have some programming experience, whether it be developing desktop, mobile, web, or cloud applications. A variety of courses covering software development that you might use to prepare for this course, such as:

• Developing Secure Universal Windows® Platform Apps in C# and XAML
• Developing Secure iOS® Apps for Business
• Developing Secure Android™ Apps for Business
• Python® Programming: Introduction
• Python® Programming: Advanced
• Programming Google App Engine™ Applications in Python®
• HTML5: Content Authoring with New and Advanced Features
• SQL Querying: Fundamentals

The significance of software security is extremely high. However, many development teams tend to address software security only after the code has been written and the software is almost ready for release. Just like any other aspect of software quality, ensuring a successful implementation requires the management of security and privacy concerns throughout the entire software development process.

This course introduces an approach to handle security and privacy concerns throughout the complete software development cycle. You will gain insights into vulnerabilities that can compromise security and learn how to recognize and resolve them in your own projects. The course covers general strategies for addressing security flaws and misconfigurations, techniques for designing software that accounts for human factors in security, and methods for integrating security into all stages of development.

Target Audience

This course caters to individuals such as software developers, testers, and architects involved in creating software using different programming languages and platforms like desktop, web, cloud, and mobile. It aims to enhance their capacity to produce software of superior quality, with a special focus on security and privacy aspects.

Objectives:

Throughout this course, you will utilize top-notch techniques in software development to create software with robust security measures.

You will:

• Recognize the necessity for security in your software undertakings.
• Eradicate weaknesses within the software.
• Employ a Security by Design methodology to construct a secure structure for your software.
• Incorporate standard safeguards to uphold user and data security.
• Utilize diverse testing approaches to pinpoint and rectify security flaws in your software.
• Sustain the security of deployed software for continuous protection.

Lesson 1: Identifying the Need for Security in Your Software Projects

Topic A: Identify Security Requirements and Expectations
Topic B: Identify Factors That Undermine Software Security
Topic C: Find Vulnerabilities in Your Software
Topic D: Gather Intelligence on Vulnerabilities and Exploits

Lesson 2: Handling Vulnerabilities

Topic A: Handle Vulnerabilities Due to Software Defects and Misconfiguration
Topic B: Handle Vulnerabilities Due to Human Factors
Topic C: Handle Vulnerabilities Due to Process Shortcomings

Lesson 3: Designing for Security

Topic A: Apply General Principles for Secure Design
Topic B: Design Software to Counter Specific Threats

Lesson 4: Developing Secure Code

Topic A: Follow Best Practices for Secure Coding
Topic B: Prevent Platform Vulnerabilities
Topic C: Prevent Privacy Vulnerabilities

Lesson 5: Implementing Common Protections

Topic A: Limit Access Using Login and User Roles
Topic B: Protect Data in Transit and At Rest
Topic C: Implement Error Handling and Logging
Topic D: Protect Sensitive Data and Functions
Topic E: Protect Database Access

Lesson 6: Testing Software Security

Topic A: Perform Security Testing
Topic B: Analyze Code to find Security Problems
Topic C: Use Automated Testing Tools to Find Security Problems

Lesson 7: Maintaining Security in Deployed Software

Topic A: Monitor and Log Applications to Support Security
Topic B: Maintain Security after Deployment

Appendix A: Mapping Course Content to Cyber Secure Coder (Exam CSC-110)