セキュアソフトウェア開発：検証、専門的トピック from edX

現代のソフトウェアは常に攻撃を受けていますが、多くのソフトウェア開発者は、それらの攻撃に効果的に対処する方法を教わったことがありません。このコースでは、この問題を解決するために、セキュアなソフトウェアを開発するための基本的な知識を解説します。このコースは、ソフトウェア開発者、DevOpsプロフェッショナル、ソフトウェア技術者、Webアプリケーション開発者、およびセキュアなソフトウェアの開発方法を学ぶことに関心のある人を対象としており、情報セキュリティを改善するために、限られたリソースでも実行可能な実践的なステップに重点を置いています。このコースでは、ソフトウェア開発者が、攻撃を成功させるのが格段に難しいシステムを開発し、維持すること、攻撃が成功した場合の被害を減らすこと、潜在的な脆弱性を速やかに修復できるよう対応を迅速化することができるようになることを目指します。

このコースでは、ソフトウェアのセキュリティを検証する方法について説明します。特に、様々な静的解析および動的解析の手法と、その適用方法（継続的インテグレーションパイプラインでの適用など）について説明します。また、脅威モデルの開発方法の基本や、様々な暗号機能の適用方法など、より専門的なトピックについても説明します。

このコースは、「セキュアソフトウェア開発の基礎」のプロフェッショナル認定プログラムの3つのコースのうちの3つ目のコースで、オープンソースのエコシステムのセキュリティにフォーカスしたLinux FoundationのプロジェクトであるOpen Source Security Foundation（OpenSSF）によって開発されたものです。このプログラムに含まれるトレーニングコースは、最も一般的な種類の攻撃に対処するために、（開発者として）あなたが取ることができる実践的なステップに重点を置いています。

What you'll learn

セキュリティの検証：主要なツールの種類を含む、ソフトウェアの検査方法と、継続的インテグレーション（CI）における適用方法。これには、セキュリティコードスキャナ/静的アプリケーションセキュリティテスト（SAST）ツール、ソフトウェア構成解析（SCA）/依存性解析ツール、ファザー（fuzzer）、およびWebアプリケーションスキャナについての学習が含まれます。
脅威モデリング/攻撃モデリング：攻撃者の視点からシステムを考える方法と、STRIDEと呼ばれるシンプルな設計分析手法の適用方法。
フィールディング：セキュアなソフトウェアのデプロイと運用方法、脆弱性レポートの取り扱い、再利用されるコンポーネントに公知の脆弱性がある場合の迅速なアップデート方法など。
アシュアランスケースと形式手法：ソフトウェアがセキュアであることをより厳密に分析し、証明する手法の基礎。

What's inside

Syllabus

ようこそ！

第１章検証（検証の基礎、静的解析、ソフトウェア構成解析 - SCA/依存性解析、動的解析、その他の検証トピック - 検証手法の組み合わせ）

第２章脅威モデリング

第３章暗号（対称／共有鍵暗号化、暗号学的ハッシュ（デジタルフィンガープリント）、公開鍵（非対称）暗号化、暗号論的擬似乱数生成器（CSPRNG）、パスワードを安全に保存する方法、トランスポートレイヤーセキュリティ（TLS）、暗号に関するその他のトピック）

第４章その他のトピック（脆弱性の開示、アシュアランスケース、配布、フィールディング/デプロイ、運用、廃棄、形式手法、トップ脆弱性リスト）

最終問題（ベリファイドトラックのみ）

Good to know

Know what's good

, what to watch for

, and possible dealbreakers

Explores security tools, analysis techniques, and approaches, which are standard in industry

Taught by David A. Wheeler, who are recognized for their work in software security

Examines threat modeling, which is highly relevant to software development

Introduces cryptographic functions, which are fundamental to secure software

Covers assurance cases and formal methods, which are advanced topics in security

Requires some background knowledge in software development

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in セキュアソフトウェア開発：検証、専門的トピック with these activities:

Review basic programming and software development concepts.

Show steps

Ensure a strong foundation in programming and software development principles.

Browse courses on Programming

Show steps

Revisit fundamental data structures and algorithms.
Review software design patterns and best practices.

Participate in online tutorials on software security best practices.

Show steps

Gain exposure to industry best practices for software security.

Browse courses on Security

Show steps

Identify reputable sources for software security tutorials.
Select tutorials that align with the specific areas of interest.

Read 'Building Secure Software: How to Avoid Security Problems the Right Way'

Show steps

Review the foundational principles of software security.

View ビルディングセキュアソフトウェア on Amazon

Show steps

Read the chapters on security vulnerabilities and exploits.
Read the chapters on security design principles and patterns.

11 other activities

Expand to see all activities and additional details

Show all 14 activities

Compile research materials

Show steps

Gather articles, books, and other resources related to software security to deepen your understanding of the topics covered in the course.

Show steps

Identify relevant keywords and search engines
Search for academic papers, industry reports, and blog posts
Organize and categorize the materials
Create a bibliography or reference list

Join a study group to discuss software security concepts.

Show steps

Engage in peer-to-peer learning and reinforce understanding of software security concepts.

Browse courses on Security

Show steps

Find or form a study group with peers enrolled in the course.
Establish regular meeting times and create a structured agenda.

Practice static analysis techniques

Show steps

Use static analysis tools like SAST and SCA to identify potential vulnerabilities and improve the security of your code.

Browse courses on Static Code Analysis

Show steps

Install and configure a static analysis tool
Run the tool on a sample codebase
Analyze the results and identify vulnerabilities
Fix the vulnerabilities and re-run the tool

Practice writing secure code in the preferred programming language.

Show steps

Develop the ability to write secure code in the preferred programming language.

Browse courses on Secure Coding

Show steps

Choose a programming language and review its security features.
Practice writing code that handles user input securely.

Develop a software security policy or framework for a hypothetical organization.

Show steps

Apply theoretical knowledge to a practical scenario and enhance problem-solving skills.

Show steps

Define the scope and objectives of the policy or framework.
Research industry standards and best practices for software security.

Build a threat model for a real-world system

Show steps

Develop a threat model for an existing software system to identify and mitigate potential security risks.

Browse courses on Threat Modeling

Show steps

Identify the system's assets and vulnerabilities
Develop a threat list and analyze potential threats
Evaluate the likelihood and impact of each threat
Develop and implement mitigation strategies
Monitor and update the threat model over time

Create a presentation on a specific software security topic.

Show steps

Deepen understanding of a specific software security topic and enhance presentation skills.

Browse courses on Software Security

Show steps

Choose a software security topic of interest.
Research the topic and gather relevant information.

Mentor junior developers on software security

Show steps

Share your knowledge and experience by mentoring junior developers to help them improve their software security skills.

Show steps

Identify potential mentees within your network
Develop a mentoring plan and establish regular communication
Provide guidance, feedback, and support on software security topics
Encourage mentees to engage in hands-on activities and projects
Track progress and adjust the mentoring plan as needed

Present on a software security topic

Show steps

Develop and deliver a presentation on a specific software security topic to an audience of peers or industry professionals.

Show steps

Choose a specific software security topic
Research and gather information on the topic
Create slides and prepare a presentation outline
Rehearse and practice the presentation
Deliver the presentation

Attend industry conferences or meetups focused on software security.

Show steps

Connect with professionals in the field and stay abreast of the latest trends and developments.

Browse courses on Software Security

Show steps

Identify relevant conferences or meetups in the local area or online.
Prepare questions and talking points to engage with speakers and attendees.

Contribute to an open-source security project

Show steps

Get hands-on experience in software security by contributing to an open-source project focused on security.

Browse courses on Open Source Software

Show steps

Identify an open-source security project
Review the project's documentation and codebase
Identify areas where you can contribute your skills
Submit pull requests or issue reports to the project
Collaborate with other contributors and the project maintainers

Career center

Learners who complete セキュアソフトウェア開発：検証、専門的トピック will develop knowledge and skills that may be useful to these careers:

Software Developer

Software Developers write code to develop and implement software applications. This course helps build a foundation for writing secure software, which will give you an advantage over others who may not have the same knowledge.

See salaries and explore the career path for Software Developer

Web Application Developer

Web Application Developers develop and maintain websites and web applications. This course can help you build web applications that are more secure against common threats and vulnerabilities.

See salaries and explore the career path for Web Application Developer

DevOps Engineer

DevOps Engineers oversee the development and deployment of software applications. This course may help you implement secure and efficient software development practices, which could increase your value as an engineer.

See salaries and explore the career path for DevOps Engineer

Information Security Analyst

Information Security Analysts help organizations protect their information and computer systems from unauthorized access, use, disclosure, disruption, modification, or destruction. This course may provide you with additional tools to use to protect information at your organization.

See salaries and explore the career path for Information Security Analyst

Systems Security Administrator

Systems Security Administrators oversee the security of computer systems. This course may help you to implement and maintain security measures to protect your organization's systems.

See salaries and explore the career path for Systems Security Administrator

Risk Analyst

Risk Analysts identify, assess, and manage risks to an organization. This course may help you to identify and mitigate the risks associated with software development and deployment.

See salaries and explore the career path for Risk Analyst

Security Consultant

Security Consultants provide advice and guidance to organizations on how to improve their security posture. This course may help you to develop and implement more effective security strategies and policies.

See salaries and explore the career path for Security Consultant

Incident Responder

Incident Responders investigate and respond to security incidents. This course may help you to develop and implement more effective incident response plans and procedures.

See salaries and explore the career path for Incident Responder

Quality Assurance Analyst

Quality Assurance Analysts ensure that software applications meet the requirements of the users and are free of defects. This course may help you to develop and implement more effective quality assurance procedures.

See salaries and explore the career path for Quality Assurance Analyst

Software Test Engineer

Software Test Engineers test software applications to ensure that they are free of defects and meet the requirements of the users. This course may help you to develop and implement more effective test plans and procedures.

See salaries and explore the career path for Software Test Engineer

Penetration Tester

Penetration Testers identify and exploit vulnerabilities in computer systems and networks. This course may help you to develop and implement more effective penetration testing strategies.

See salaries and explore the career path for Penetration Tester

Security Architect

Security Architects design and implement security solutions for organizations. This course may help you to develop and implement more effective security architectures.

See salaries and explore the career path for Security Architect

Security Auditor

Security Auditors assess the security of computer systems and networks. This course may help you to identify and mitigate the risks associated with software development and deployment.

See salaries and explore the career path for Security Auditor

Network Engineer

Network Engineers design and implement computer networks. This course may help you to develop and implement more secure network architectures.

See salaries and explore the career path for Network Engineer

IT Manager

IT Managers oversee the computer systems and networks of organizations. This course may help you to develop and implement more effective IT security policies and procedures.

See salaries and explore the career path for IT Manager

Reading list

We've selected seven books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in セキュアソフトウェア開発：検証、専門的トピック.