Secure Software Development: Verification and More Specialized Topics from edX

Modern software is under constant attack, but many software developers have never been told how to effectively counter those attacks. This course works to solve that problem, by explaining the fundamentals of developing secure software. Geared towards software developers, DevOps professionals, software engineers, web application developers, and others interested in learning how to develop secure software, this course focuses on practical steps that can be taken, even with limited resources to improve information security. This course will enable software developers to create and maintain systems that are much harder to successfully attack, reduce the damage when attacks are successful, and speed the response so that any latent vulnerabilities can be rapidly repaired.

This course discusses how to verify software for security. In particular, it discusses the various static and dynamic analyses approaches, as well as how to apply them (e.g., in a continuous integration pipeline). It also discusses more specialized topics, such as the basics of how to develop a threat model and how to apply various cryptographic capabilities.

This is the third of the three courses in the Secure Software Development Fundamentals Professional Certificate program, and was developed by the Open Source Security Foundation (OpenSSF), a project of the Linux Foundation focused on securing the open source ecosystem. The training courses included in this program focus on practical steps that you (as a developer) can take to counter most common kinds of attacks.

What you'll learn

Security Verification: How to examine software, include some key tool types, and how to apply them in continuous integration (CI). This includes learning about security code scanners/static application security testing (SAST) tools, software component analysis (SCA)/dependency analysis tools, fuzzers, and web application scanners.
Threat modeling/Attack modeling: How to consider your system from an attacker’s point of view and how to apply a simple design analysis approach called STRIDE.
Fielding: How to deploy and operate secure software, handle vulnerability reports, and how to rapidly update when reused components have publicly-known vulnerabilities.
Assurance cases & formal methods: The basics of approaches to more strongly analyze and justify that your software is secure.

What's inside

Learning objectives

Security verification: how to examine software, include some key tool types, and how to apply them in continuous integration (ci). this includes learning about security code scanners/static application security testing (sast) tools, software component analysis (sca)/dependency analysis tools, fuzzers, and web application scanners.
Threat modeling/attack modeling: how to consider your system from an attacker’s point of view and how to apply a simple design analysis approach called stride.

Fielding: how to deploy and operate secure software, handle vulnerability reports, and how to rapidly update when reused components have publicly-known vulnerabilities.
Assurance cases & formal methods: the basics of approaches to more strongly analyze and justify that your software is secure.

Security verification: how to examine software, include some key tool types, and how to apply them in continuous integration (ci). this includes learning about security code scanners/static application security testing (sast) tools, software component analysis (sca)/dependency analysis tools, fuzzers, and web application scanners.
Threat modeling/attack modeling: how to consider your system from an attacker’s point of view and how to apply a simple design analysis approach called stride.
Fielding: how to deploy and operate secure software, handle vulnerability reports, and how to rapidly update when reused components have publicly-known vulnerabilities.
Assurance cases & formal methods: the basics of approaches to more strongly analyze and justify that your software is secure.

Syllabus

Welcome!

Chapter 1. Verification (basics of verification; static analysis; software component analysis - SCA/dependency analysis; dynamic analysis; other verification topics - combining verification approaches)

Chapter 2. Threat Modeling

Chapter 3. Cryptography (symmetric/shared key encryption; cryptographic hashes (digital fingerprints); public-key (asymmetric) cryptography; cryptographic pseudo-random number generator (PRNG); storing passwords; transport layer security (TLS); other topics in cryptography)

Chapter 4. Other Topics (vulnerability disclosures; assurance cases; distributing, fielding/deploying, operations and disposal; formal methods; top vulnerability lists)

Final Exam (Verified Certificate track only)

Good to know

Know what's good

, what to watch for

, and possible dealbreakers

Strong reputation of the instructor, David A. Wheeler, who is recognized for their work in the topic that the course teaches

Taught by Open Source Security Foundation (OpenSSF), a project of the Linux Foundation focused on securing the open source ecosystem

Examines security verification, a highly relevant topic for professionals working in information security

Teaches about threat modeling, a core skill for software developers

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Secure Software Development: Verification and More Specialized Topics with these activities:

Review Software Security Fundamentals

Show steps

Refresh your understanding of software security concepts, best practices, and common threats to better grasp the course material.

Browse courses on Software Security

Show steps

Revisit textbooks or online resources on software security
Review security advisories and vulnerability reports
Attend webinars or workshops on software security

Seek Guidance from Experienced Security Professionals

Show steps

Identify and connect with mentors who can provide insights, advice, and support on your journey in software security.

Show steps

Attend industry events and conferences
Join online communities and forums
Reach out to professionals on LinkedIn
Ask for introductions from colleagues and friends

Cryptography and Network Security - Principles and Practice, 7th Edition

Show steps

Review this comprehensive text to gain a foundational understanding of cryptography and how it is applied to securing networks.

View Computer Security: Principles and Practice PDF... on Amazon

Show steps

Read chapters 1-6
Work through the end-of-chapter exercises
Create a summary of the key concepts covered in each chapter
Identify how the concepts apply to real-world security challenges

Five other activities

Expand to see all activities and additional details

Show all eight activities

Participate in Security Code Reviews

Show steps

Participate in peer code reviews to identify and discuss security vulnerabilities and best practices.

Browse courses on Code Review

Show steps

Join a code review team
Review code for potential vulnerabilities
Discuss findings with the developer
Help develop and implement security best practices

Develop a Threat Model for a Web Application

Show steps

Create a threat model for a web application to identify potential security risks and develop mitigation strategies.

Browse courses on Threat Modeling

Show steps

Identify the assets and their value
Identify potential threats and vulnerabilities
Analyze the likelihood and impact of each threat
Develop mitigation strategies
Document the threat model

Complete an Online Course on Security Testing

Show steps

Expand your knowledge of security testing by completing an online course that covers best practices and techniques for identifying and exploiting vulnerabilities.

Browse courses on Security Testing

Show steps

Enroll in an online security testing course
Complete the course modules
Practice the techniques on a virtual environment
Obtain a security testing certification

Write and Test Secure Code

Show steps

Practice writing secure code and testing it for vulnerabilities by working through a series of coding exercises and using automated testing tools.

Browse courses on Secure Coding

Show steps

Review the coding guidelines for your programming language
Write code that follows the guidelines
Use automated testing tools to identify vulnerabilities
Fix the vulnerabilities and retest

Secure a Linux Server

Show steps

Set up a Linux server and implement security measures to protect it from common threats.

Browse courses on System Security

Show steps

Install a Linux distribution
Configure a firewall
Install security updates
Configure intrusion detection systems
Test the security measures

Career center

Learners who complete Secure Software Development: Verification and More Specialized Topics will develop knowledge and skills that may be useful to these careers:

Software Developer

A Software Developer builds out software applications, ensuring they are secure and efficient. This course can help the Software Developer build a foundation in secure software development. Learners will study key tool types, including security code scanners, software component analysis tools, fuzzers, and web application scanners. These tools will help Software Developers ensure their software is secure against vulnerabilities and attacks.

See salaries and explore the career path for Software Developer

DevOps Engineer

A DevOps Engineer is responsible for the planning, design, implementation, and maintenance of software systems. This course can help a DevOps Engineer learn how to develop secure software, reducing the risk of security breaches and vulnerabilities. Learners will study static and dynamic code analysis techniques, threat modeling, and cryptography, all of which are essential for building secure software.

See salaries and explore the career path for DevOps Engineer

Information Security Analyst

An Information Security Analyst is responsible for protecting an organization's computer systems and data from unauthorized access, use, disclosure, disruption, modification, or destruction. This course can help an Information Security Analyst build a foundation in software security. Learners will study threat modeling, cryptography, and software verification techniques.

See salaries and explore the career path for Information Security Analyst

Software Architect

A Software Architect designs, develops, and maintains the architecture of software systems. This course can help a Software Architect learn how to design and develop secure software systems. Learners will study threat modeling, cryptography, and software verification techniques, all of which are essential for building secure software systems.

See salaries and explore the career path for Software Architect

Web Application Developer

A Web Application Developer designs, develops, and maintains web applications. This course can help a Web Application Developer learn how to develop secure web applications. Learners will study threat modeling, cryptography, and web application security techniques. Gaining knowledge in these areas ensures that any web applications you create will be secure against common attacks.

See salaries and explore the career path for Web Application Developer

Security Engineer

A Security Engineer is responsible for designing, implementing, and maintaining security measures to protect an organization's computer systems and data. This course can help a Security Engineer learn how to develop secure software. Learners will study threat modeling, cryptography, and software verification techniques.

See salaries and explore the career path for Security Engineer

IT Manager

An IT Manager plans, organizes, and directs the activities of an organization's IT department. This course can help an IT Manager learn how to develop secure software. Learners will study threat modeling, cryptography, and software verification techniques.

See salaries and explore the career path for IT Manager

Chief Information Security Officer (CISO)

A Chief Information Security Officer (CISO) is responsible for developing and implementing an organization's information security strategy. This course can help a CISO learn how to develop secure software. Learners will study threat modeling, cryptography, and software verification techniques.

See salaries and explore the career path for Chief Information Security Officer (CISO)

Information Technology Auditor

An Information Technology Auditor evaluates an organization's IT systems and processes to ensure they are secure and compliant. This course can help an Information Technology Auditor learn how to develop secure software. Learners will study threat modeling, cryptography, and software verification techniques.

See salaries and explore the career path for Information Technology Auditor

Cryptographer

A Cryptographer designs and develops cryptographic algorithms and protocols. This course can help a Cryptographer learn how to develop secure software. Learners will study cryptography, threat modeling, and software verification techniques.

See salaries and explore the career path for Cryptographer

Software Tester

A Software Tester tests software to identify defects and ensure it meets requirements. This course can help a Software Tester learn how to develop secure software. Learners will study threat modeling, cryptography, and software verification techniques.

See salaries and explore the career path for Software Tester

Threat Intelligence Analyst

A Threat Intelligence Analyst collects and analyzes information about threats to an organization's computer systems and data. This course can help a Threat Intelligence Analyst learn how to develop secure software. Learners will study threat modeling, cryptography, and software verification techniques.

See salaries and explore the career path for Threat Intelligence Analyst

Risk Manager

A Risk Manager identifies, assesses, and mitigates risks to an organization's computer systems and data. This course can help a Risk Manager learn how to develop secure software. Learners will study threat modeling, cryptography, and software verification techniques.

See salaries and explore the career path for Risk Manager

Data Scientist

A Data Scientist collects, analyzes, and interprets data to help organizations make informed decisions. This course may be useful for a Data Scientist who wants to learn how to develop secure software. Learners will study threat modeling, cryptography, and software verification techniques.

See salaries and explore the career path for Data Scientist

Business Analyst

A Business Analyst identifies, analyzes, and solves business problems. This course may be useful for a Business Analyst who wants to learn how to develop secure software. Learners will study threat modeling, cryptography, and software verification techniques.

See salaries and explore the career path for Business Analyst