We may earn an affiliate commission when you visit our partners.
Course image
David A. Wheeler

Modern software is under constant attack, but many software developers have never been told how to effectively counter those attacks. This course works to solve that problem, by explaining the fundamentals of developing secure software. Geared towards software developers, DevOps professionals, software engineers, web application developers, and others interested in learning how to develop secure software, this course focuses on practical steps that can be taken, even with limited resources to improve information security. This course will enable software developers to create and maintain systems that are much harder to successfully attack, reduce the damage when attacks are successful, and speed the response so that any latent vulnerabilities can be rapidly repaired.

Read more

Modern software is under constant attack, but many software developers have never been told how to effectively counter those attacks. This course works to solve that problem, by explaining the fundamentals of developing secure software. Geared towards software developers, DevOps professionals, software engineers, web application developers, and others interested in learning how to develop secure software, this course focuses on practical steps that can be taken, even with limited resources to improve information security. This course will enable software developers to create and maintain systems that are much harder to successfully attack, reduce the damage when attacks are successful, and speed the response so that any latent vulnerabilities can be rapidly repaired.

This course discusses how to verify software for security. In particular, it discusses the various static and dynamic analyses approaches, as well as how to apply them (e.g., in a continuous integration pipeline). It also discusses more specialized topics, such as the basics of how to develop a threat model and how to apply various cryptographic capabilities.

This is the third of the three courses in the Secure Software Development Fundamentals Professional Certificate program, and was developed by the Open Source Security Foundation (OpenSSF), a project of the Linux Foundation focused on securing the open source ecosystem. The training courses included in this program focus on practical steps that you (as a developer) can take to counter most common kinds of attacks.

What you'll learn

  • Security Verification: How to examine software, include some key tool types, and how to apply them in continuous integration (CI). This includes learning about security code scanners/static application security testing (SAST) tools, software component analysis (SCA)/dependency analysis tools, fuzzers, and web application scanners.
  • Threat modeling/Attack modeling: How to consider your system from an attacker’s point of view and how to apply a simple design analysis approach called STRIDE.
  • Fielding: How to deploy and operate secure software, handle vulnerability reports, and how to rapidly update when reused components have publicly-known vulnerabilities.
  • Assurance cases & formal methods: The basics of approaches to more strongly analyze and justify that your software is secure.

What's inside

Learning objectives

  • Security verification: how to examine software, include some key tool types, and how to apply them in continuous integration (ci). this includes learning about security code scanners/static application security testing (sast) tools, software component analysis (sca)/dependency analysis tools, fuzzers, and web application scanners.
  • Threat modeling/attack modeling: how to consider your system from an attacker’s point of view and how to apply a simple design analysis approach called stride.
  • Fielding: how to deploy and operate secure software, handle vulnerability reports, and how to rapidly update when reused components have publicly-known vulnerabilities.
  • Assurance cases & formal methods: the basics of approaches to more strongly analyze and justify that your software is secure.

Syllabus

Welcome!
Chapter 1. Verification (basics of verification; static analysis; software component analysis - SCA/dependency analysis; dynamic analysis; other verification topics - combining verification approaches)
Read more
Chapter 2. Threat Modeling
Chapter 3. Cryptography (symmetric/shared key encryption; cryptographic hashes (digital fingerprints); public-key (asymmetric) cryptography; cryptographic pseudo-random number generator (PRNG); storing passwords; transport layer security (TLS); other topics in cryptography)
Chapter 4. Other Topics (vulnerability disclosures; assurance cases; distributing, fielding/deploying, operations and disposal; formal methods; top vulnerability lists)
Final Exam (Verified Certificate track only)

Good to know

Know what's good
, what to watch for
, and possible dealbreakers
Strong reputation of the instructor, David A. Wheeler, who is recognized for their work in the topic that the course teaches
Taught by Open Source Security Foundation (OpenSSF), a project of the Linux Foundation focused on securing the open source ecosystem
Examines security verification, a highly relevant topic for professionals working in information security
Teaches about threat modeling, a core skill for software developers

Save this course

Save Secure Software Development: Verification and More Specialized Topics to your list so you can find it easily later:
Save

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Secure Software Development: Verification and More Specialized Topics with these activities:
Review Software Security Fundamentals
Refresh your understanding of software security concepts, best practices, and common threats to better grasp the course material.
Browse courses on Software Security
Show steps
  • Revisit textbooks or online resources on software security
  • Review security advisories and vulnerability reports
  • Attend webinars or workshops on software security
Seek Guidance from Experienced Security Professionals
Identify and connect with mentors who can provide insights, advice, and support on your journey in software security.
Show steps
  • Attend industry events and conferences
  • Join online communities and forums
  • Reach out to professionals on LinkedIn
  • Ask for introductions from colleagues and friends
Cryptography and Network Security - Principles and Practice, 7th Edition
Review this comprehensive text to gain a foundational understanding of cryptography and how it is applied to securing networks.
Show steps
  • Read chapters 1-6
  • Work through the end-of-chapter exercises
  • Create a summary of the key concepts covered in each chapter
  • Identify how the concepts apply to real-world security challenges
Five other activities
Expand to see all activities and additional details
Show all eight activities
Participate in Security Code Reviews
Participate in peer code reviews to identify and discuss security vulnerabilities and best practices.
Browse courses on Code Review
Show steps
  • Join a code review team
  • Review code for potential vulnerabilities
  • Discuss findings with the developer
  • Help develop and implement security best practices
Develop a Threat Model for a Web Application
Create a threat model for a web application to identify potential security risks and develop mitigation strategies.
Browse courses on Threat Modeling
Show steps
  • Identify the assets and their value
  • Identify potential threats and vulnerabilities
  • Analyze the likelihood and impact of each threat
  • Develop mitigation strategies
  • Document the threat model
Complete an Online Course on Security Testing
Expand your knowledge of security testing by completing an online course that covers best practices and techniques for identifying and exploiting vulnerabilities.
Browse courses on Security Testing
Show steps
  • Enroll in an online security testing course
  • Complete the course modules
  • Practice the techniques on a virtual environment
  • Obtain a security testing certification
Write and Test Secure Code
Practice writing secure code and testing it for vulnerabilities by working through a series of coding exercises and using automated testing tools.
Browse courses on Secure Coding
Show steps
  • Review the coding guidelines for your programming language
  • Write code that follows the guidelines
  • Use automated testing tools to identify vulnerabilities
  • Fix the vulnerabilities and retest
Secure a Linux Server
Set up a Linux server and implement security measures to protect it from common threats.
Browse courses on System Security
Show steps
  • Install a Linux distribution
  • Configure a firewall
  • Install security updates
  • Configure intrusion detection systems
  • Test the security measures

Career center

Learners who complete Secure Software Development: Verification and More Specialized Topics will develop knowledge and skills that may be useful to these careers:
Software Developer
A Software Developer builds out software applications, ensuring they are secure and efficient. This course can help the Software Developer build a foundation in secure software development. Learners will study key tool types, including security code scanners, software component analysis tools, fuzzers, and web application scanners. These tools will help Software Developers ensure their software is secure against vulnerabilities and attacks.
DevOps Engineer
A DevOps Engineer is responsible for the planning, design, implementation, and maintenance of software systems. This course can help a DevOps Engineer learn how to develop secure software, reducing the risk of security breaches and vulnerabilities. Learners will study static and dynamic code analysis techniques, threat modeling, and cryptography, all of which are essential for building secure software.
Information Security Analyst
An Information Security Analyst is responsible for protecting an organization's computer systems and data from unauthorized access, use, disclosure, disruption, modification, or destruction. This course can help an Information Security Analyst build a foundation in software security. Learners will study threat modeling, cryptography, and software verification techniques.
Software Architect
A Software Architect designs, develops, and maintains the architecture of software systems. This course can help a Software Architect learn how to design and develop secure software systems. Learners will study threat modeling, cryptography, and software verification techniques, all of which are essential for building secure software systems.
Web Application Developer
A Web Application Developer designs, develops, and maintains web applications. This course can help a Web Application Developer learn how to develop secure web applications. Learners will study threat modeling, cryptography, and web application security techniques. Gaining knowledge in these areas ensures that any web applications you create will be secure against common attacks.
Security Engineer
A Security Engineer is responsible for designing, implementing, and maintaining security measures to protect an organization's computer systems and data. This course can help a Security Engineer learn how to develop secure software. Learners will study threat modeling, cryptography, and software verification techniques.
IT Manager
An IT Manager plans, organizes, and directs the activities of an organization's IT department. This course can help an IT Manager learn how to develop secure software. Learners will study threat modeling, cryptography, and software verification techniques.
Chief Information Security Officer (CISO)
A Chief Information Security Officer (CISO) is responsible for developing and implementing an organization's information security strategy. This course can help a CISO learn how to develop secure software. Learners will study threat modeling, cryptography, and software verification techniques.
Information Technology Auditor
An Information Technology Auditor evaluates an organization's IT systems and processes to ensure they are secure and compliant. This course can help an Information Technology Auditor learn how to develop secure software. Learners will study threat modeling, cryptography, and software verification techniques.
Cryptographer
A Cryptographer designs and develops cryptographic algorithms and protocols. This course can help a Cryptographer learn how to develop secure software. Learners will study cryptography, threat modeling, and software verification techniques.
Software Tester
A Software Tester tests software to identify defects and ensure it meets requirements. This course can help a Software Tester learn how to develop secure software. Learners will study threat modeling, cryptography, and software verification techniques.
Threat Intelligence Analyst
A Threat Intelligence Analyst collects and analyzes information about threats to an organization's computer systems and data. This course can help a Threat Intelligence Analyst learn how to develop secure software. Learners will study threat modeling, cryptography, and software verification techniques.
Risk Manager
A Risk Manager identifies, assesses, and mitigates risks to an organization's computer systems and data. This course can help a Risk Manager learn how to develop secure software. Learners will study threat modeling, cryptography, and software verification techniques.
Data Scientist
A Data Scientist collects, analyzes, and interprets data to help organizations make informed decisions. This course may be useful for a Data Scientist who wants to learn how to develop secure software. Learners will study threat modeling, cryptography, and software verification techniques.
Business Analyst
A Business Analyst identifies, analyzes, and solves business problems. This course may be useful for a Business Analyst who wants to learn how to develop secure software. Learners will study threat modeling, cryptography, and software verification techniques.

Reading list

We've selected nine books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Secure Software Development: Verification and More Specialized Topics.
Focuses on the design principles and practices that can be used to develop secure software. It covers topics such as threat modeling, secure coding practices, and security testing. It valuable resource for software architects, developers, and security engineers.
Provides a comprehensive overview of threat modeling, a process for identifying and mitigating security risks in software systems. It valuable resource for software architects, developers, and security engineers.
Provides a comprehensive overview of cryptography, covering topics such as symmetric-key cryptography, public-key cryptography, and hash functions. It valuable resource for anyone interested in learning more about cryptography and its applications in secure software development.
This document provides a comprehensive set of security and privacy controls that can be used to protect information systems and organizations. It valuable resource for anyone interested in implementing or improving the security of their organization.
Provides a comprehensive overview of reverse engineering, a technique for understanding how software works. It valuable resource for security researchers, developers, and anyone else interested in learning more about software.
Provides a comprehensive overview of software development best practices, including topics such as code readability, maintainability, and testing. It valuable resource for software developers of all levels.
Provides a comprehensive overview of software development best practices, including topics such as team dynamics, project management, and software architecture. It valuable resource for software developers of all levels.
Provides a comprehensive overview of software development best practices, including topics such as team dynamics, project management, and software architecture. It valuable resource for software developers of all levels.

Share

Help others find this course page by sharing it with your friends and followers:

Similar courses

Here are nine courses similar to Secure Software Development: Verification and More Specialized Topics.
Secure Software Development: Requirements, Design, and...
Most relevant
Designing Robust Information System Security Architectures
Most relevant
Secure Software Development: Implementation
Most relevant
Secure Coding with C#
Most relevant
Threat Modeling with the Microsoft Threat Modeling Tool
Most relevant
Secure Coding in React
Most relevant
Analyzing and Visualizing Data in Looker
Most relevant
Security Hot Takes: Rackspace Breach
Most relevant
Palo Alto Networks Cybersecurity Foundation
Most relevant
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2024 OpenCourser