description: |
The SC470-EN Secure Development Foundation workshop teaches you the basics of secure software development in a professional environment.
In addition to robust architecture and security-conscious implementation, the focus is also on threat modelling and risk handling. You will learn about two central building blocks of the Secure Development Lifecycle: Requirement Gathering and Secure Design. Specifically, the topics of business and project requirements, threat modelling and secure design will be covered.
The workshop places particular emphasis on practical applications by offering numerous exercises that enable participants to put their newly acquired knowledge directly into practice and consolidate it. At the end of the workshop, participants will have gained a solid basic understanding of secure software development in a professional environment and will be able to plan and support the implementation of robust and secure applications.
The course is part of the "qSkills Secure Software Quadrant", consisting of:
|
|
target group: |
The SC470 Secure Development Foundation training is ideal for:
- Software Project Managers
- Business Analysts
- IT Consultants / Advisors
- Junior Software Developers
- DevOps Engineers
|
|
requirements: |
In order to be able to follow the course content and the pace of learning in the SC470-EN Secure Development Foundation workshop, basic programming knowledge and professional experience in software development are helpful.
|
|
objectives: |
The SC470-EN Secure Development course provides:
- Identify vulnerabilities in concepts and architectures
- Identify business critical assets
- Develop and describe attack vectors
|
|
price and duration: |
duration: 2 days price: 1450,- Euro + VAT The optional certificate exam is not included in the course price and can be booked separately for €100 + VAT.
You can find the print view here.
|
|
dates: |
Will be scheduled on request Please let us know here, when you prefer to have this workshop!
|
|
|
agenda: |
- Introduction
- What is secure coding and what is it not?
- Concepts and concept of training
- Requirement Gathering
- Business Requirements (business domain, processes, assets, etc.)
- Project Requirements (code maturity, internal functionality requirements, budget, regulatory requirements, etc.)
- Threat Model (protection goals, identification of attack vectors, risk management, mitigation strategies)
- Secure Design
- Secure Design Principles (Bugchains, Security by Design, Viega's and Graw's Principle)
- Robust Architecture (Application Components, The Dependency Rule, Service Mesh)
- Robust Technology design (Development Considerations, Supply Chain Considerations)
- Many practical exercises for the individual modules
- Learning level check / exam
|
|
|