OpenCourser brand icon
Sign in
We may earn an affiliate commission when you visit our partners.
Course image
edX logo

Secure Software Development Fundamentals

David A. Wheeler

The program discusses risks and requirements, design principles, and evaluating code (such as packages) for reuse. It then focuses on key implementation issues: input validation (such as why allowlists and not denylists should be used), processing data securely, calling out to other programs, sending output, cryptography, error handling, and incident response. This is followed by a discussion on various kinds of verification issues, including tests, including security testing and penetration testing, and security tools. It ends with a discussion on deployment and handling vulnerability reports.

Read more

The program discusses risks and requirements, design principles, and evaluating code (such as packages) for reuse. It then focuses on key implementation issues: input validation (such as why allowlists and not denylists should be used), processing data securely, calling out to other programs, sending output, cryptography, error handling, and incident response. This is followed by a discussion on various kinds of verification issues, including tests, including security testing and penetration testing, and security tools. It ends with a discussion on deployment and handling vulnerability reports.

The training courses included in this program focus on practical steps that you (as a developer) can take to counter most common kinds of attacks. It does not focus on how to attack systems, how attacks work, or longer-term research.

Modern software development depends on open source software, with open source now being pervasive in data centers, consumer devices, and services. It is important that those responsible for cybersecurity are able to understand and verify the security of the open source chain of contributors and dependencies. Thanks to the involvement of OpenSFF, a cross-industry collaboration that brings together leaders to improve the security of open source software by building a broader community, targeted initiatives, and best practices, this program provides specific tips on how to use and develop open source securely.

What you'll learn

  • Security basics: Learn about risk management, the “CIA” triad, and requirements.
  • Secure design principles: Discuss principles such as “least privilege” and how to apply these principles.
  • Supply chain evaluation: Learn tips on how to choose packages to reuse, and how to reuse them so that you can rapidly be alerted & update the software.
  • Implementation: Learn how to implement more secure software (how to do input validation, process data securely, call out to other programs, and send output), and more specialized approaches (such as basics of cryptography and handling problems).
  • Security Verification: Learn how to examine software, include some key tool types, how to apply them in continuous integration (CI).
  • Fielding: Learn how to deploy and operate secure software, handle vulnerability reports, and how to rapidly update when reused components have publicly-known vulnerabilities.
  • Learn how to securely use and develop open source software.
Enroll now

Share

Help others find this collection page by sharing it with your friends and followers:
Facebook
LinkedIn
Reddit
X
Link
Email

What's inside

Three courses

Secure Software Development: Implementation

(10 hours)
Modern software faces constant attacks, and many developers lack the knowledge to counter them. This course provides practical steps for developing secure software, focusing on implementation issues like input validation, data processing, and error handling. It aims to enable developers to create systems that are more resistant to attacks and reduce damage when attacks occur.
View more details for this course

Secure Software Development: Verification and More Specialized Topics

(10 hours)
Modern software is under constant attack, but many software developers have never been told how to effectively counter those attacks. This course works to solve that problem, by explaining the fundamentals of developing secure software.
View more details for this course

Secure Software Development: Requirements, Design, and Reuse

(10 hours)
Modern software is under constant attack. This course teaches the fundamentals of developing secure software. It focuses on practical steps that can be taken to improve information security. This course will enable software developers to create and maintain systems that are much harder to successfully attack, reduce the damage when attacks are successful, and speed the response so that any latent vulnerabilities can be rapidly repaired.
View more details for this course

Save this collection

Save Secure Software Development Fundamentals to your list so you can find it easily later:
Save
collection image
Time
30 hours
Via
edX
Institution
The Linux Foundation
Instructor
David A. Wheeler
Share and help others discover this collection.
Facebook LinkedIn X Reddit Link Email
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2024 OpenCourser