tel +66(0) 2634 7993-4
Youtube Facebook Twitter
Schedule NTC Network Training Center

Secure Software Development Life Cycle (SDLC)

 
Duration 2 Days
 
 
COURSE DESCRIPTION
 
This course is an intensive 2-days course that provides the principles of Secure Software Development Life Cycle (SSDLC) and practical methods to secure requirements, Design, Implementation, Testing, Deployment and Maintenance your software development.
 
 
COURSE OBJECTIVES
  • To understand how to establish secure software development life cycle processes within your Organization
  • To understand how to assess security requirements for software development
  • To understand software vulnerability
  • To understand how to evaluate security risks to your software
 
 
COURSE OUTLINE
 
Module 1: Introduction to software security
  • Topology of an Application Attack
  • Challenge
  • Attacker vs Defender
  • Cost of Software Security
 
Module 2: SDLC Model
  • Waterfall
  • Iterative
  • Spiral
  • Extreme Programming(XP)
  • Scrum
  • SSDLC
 
Module 3: Software Security
  • Risk Management
  • Security Profile
  • Governance
  • Compliance and Privacy
  • Methodologies and Frameworks
  • Trusted Computing
  • Acquisitions
 
Module 4: Requirement phase
  • Security Requirement
  • Requirements Elicitation Techniques
  • Policy Decomposition
  • Data Classification
  • Subject/Object Modeling
  • Use/Misuse Case Modeling
  • Requirements Documentation
 
Module 5: Design phase
  • Secure Design Principle
  • Views
  • Security Models
  • Design Considerations
  • Threat Modeling
  • Architectures
  • Technologies
  • Design Review
 
Module 6: Implementation phase
  • Programming Concepts
  • Methodologies
  • Software Attacks
  • Secure Software Process
  • Build Environment Security
 
Module 7: Testing phase
  • Software Quality Assurance
  • Security Testing
 
Module 8: Deployment, Operations, Maintenance and Disposal Phase
  • Hardening
  • Secure Installation
  • Configuration Management
  • Post Deployment Assessment
  • Continuous monitoring
  • Incident Management
  • Problem Management
  • Secure Disposal
 
WHO SHOULD ATTEND
  • Application developer, Software development project manager, IT auditor, Tester, Software Quality
  • Assurance (SQA), Software Engineer, Information Security officer, Database administrator
 
Name :
Email :
 
Youtube Facebook Twitter