Secure Software Development Training 3

1
SECURIUM FOX offers cyber security consultancy
services with its expert and experienced team. We
are providing consulting services to prevent
cyber attacks, data leak and to ensure that our
customers are ready and safe against cyber
attacks, with more than 15 years of
experience.In addition to pentests and
consulting services, SECURIUM FOX prepares its
customers and field enthusiasts for real life
scenarios by providing trainings in the lab
environment which was prepared by themselves,
with its young, dynamic and constantly following
team.Everytime that hackers are in our lives,
there are always risks that we can face with a
cyber attack. Over the years cyber security has
become a critical precaution for all
organizations and companies after the effects and
number of attacks. SECURIUM FOX tests the weak
points of customers for possible attacks and
provides consulting services to eliminate these
weak points.SECURIUM FOX team also offers
support for the development of our country in
this field by supporting free events being
organized as a volunteer by the Octosec team.
ABOUT US
2

• SECURE SOFTWARE DEVELOPMENT TRAINING

3
SECURE SOFTWARE DEVELOPMENT

• Pre-Requisite Knowledge
• Programming 2, Database Systems Development,
  Fundamentals Software Engineering or equivalent
• Summary of Content
• Poor software design is at the core of many
  software vulnerabilities. This module equips
  students with deep knowledge and understanding of
  the risk to information security and the
  principles and skills of building secure software
  systems. Security is considered throughout the
  software development life cycle. Students examine
  the technologies that underpin software security
  and develop advanced skills in testing software
  for vulnerabilities and applying secure
  programming techniques.

4
A Step-by-Step Guide to Secure Software
Development

• Its a common practice among companies providing
  custom software development to disregard security
  issues at the early phases of software
  development lifecycle (SDLC). With such an
  approach, every succeeding phase inherits
  vulnerabilities of the previous one, and the
  final product cumulates multiple security
  breaches. As a result, your company will have to
  pay through the nose to close these breaches and
  enhance the software security in the future.
• Best practices of secure software development
  suggest integrating security aspect into each
  phase of SDLC, from the requirement analysis to
  the maintenance, regardless of the project
  methodology, waterfall or agile.
• A golden rule here is the earlier custom software
  providers integrate security aspect into an SDLC,
  the less money will be spent on fixing security
  vulnerabilities later on.

5
Syllabus

• Security objectives including authentication,
  authorization, access control, data integrity and
  non-repudiation. Fundamentals of cryptography
  symmetrical and asymmetrical encryption, e.g.
  Diffie-Hellman, Station-to-Station,
  Needham-Schroeder, Kerberos key exchange
  protocols, public key infrastructure (PKI)
  systems, digital signatures, Transport Layer
  Security, secure hash algorithms. Secure Software
  Development Lifecycle secure software
  requirements, secure software design, secure
  programming principles, security testing and
  secure deployment. Secure Software Design
  Principles securing the weakest link, defence in
  depth, diversity in defence, failing securely,
  least privilege, economy of mechanism, complete
  mediation, open design, separation of privilege,
  least common mechanism, psychological
  acceptability, fail-safe defaults. Secure
  Programming Practices input validation, output
  encoding, authentication and password management,
  session management, access control, cryptographic
  practices, error handling and logging, data
  protection, communication security, system
  configuration, database security, file
  management, memory management. The use of
  off-the-shelf tools to analyse and secure
  software. Trends in software security.

6
Learning Outcomes

• On completion of this module students should be
  able toExplain and discuss security
  objectives.Explain and critically evaluate the
  technologies that underpin software
  security.Critically analyse the software
  development life cycle and explain and discuss

7
Teaching / Learning StrategyThe Learning and
Teaching Strategy is informed by the University's
Strategy for Learning. The contents of this
module are introduced in lectures. These are
supported by practical exercises in laboratory
sessions. Tutorials are used to help explain and
elaborate on both the lecture material and the
laboratory exercises. All lecture, laboratory and
tutorial material will be made available on GCU
Learn and links will be provided to appropriate
external material such as research papers,
podcasts, MOOCs, videos and literature. During
all lab and tutorial sessions students will
receive formative feedback on their performance
in undertaking the laboratory and tutorial
exercises. Summative feedback and marks will be
provided for the coursework assignments
undertaken as part of the module using GCU Learn.
GCU Learn will also be used to provide the
students with module specific forums to stimulate
student and lecturer interaction outwith the
normal lecture, laboratory and tutorial
sessions.
8
Indicative Reading

• J. Viega, G. McGraw. Building Secure Software
  How to Avoid Security Problems the Right Way.
  Addison-Wesley, 2001. J. Viega, M. Messier
  "Secure Programming Cookbook", O'Reilley 2003 M.
  Howard, D. LeBlanc "Writing Secure Code",
  Microsoft, 2002 M. Howard, S. Lipner "The
  Security Development Lifecycle Book", Microsoft
  Press 2006 C Adams, S Lloyd "Understanding PKI
  concepts, standards, and deployment
  considerations" Addison-Wesley Professional 2003
  W. Mao "Modern Cryptography Theory and
  Practice", Prentice Hall 2003 G. McGraw, Software
  Security Building Security in, Addison Wesley
  2006

9
You can always contact with SECURIUM FOX. You can
contact us through our email addresses or by
using the contact form on the side.

• INFO
• 3rd Floor,Lohia Towers,
• Nirmala Convent Rd,
• Gurunanak Nagar,Patamata,Vijyawada,
• Andhra Pradesh -520010
• 9652038194
• 08666678997
• info_at_securiumfoxtechnologies.com

10

• info_at_securiumfoxtechnologies.com
• Andhra Pradesh Office
• 91 8666678997,91 91652038194
• 3rd Floor,Lohia Towers,
• Nirmala Convent Rd,Gurunanak Nagar,Patamata,Vijaya
  wada,
• info_at_securiumfoxtechnologies.com
• UK Office
• 44 2030263164
• Velevate, Kemp House, 152 - 160,City Road,EC1V
  2NX
• London
• info_at_securiumfoxtechnologies.com
• Tamil Nadu Office
• 91 9566884661
• Kailash Nagar, Nagar, Tiruchirappalli, Tamil Nadu
  620019
• info_at_securiumfoxtechnologies.com

• Noida Office
• 91 (120) 4291672, 91 9319918771
• A-25, Block A,
• Second Floor,Sector - 3,
• Noida, India
• info_at_securiumfoxtechnologies.com
• USA Office
• 1 (315)933-3016
• 33 West,17th Street,
• New York,
• NY-10011, USA
• info_at_securiumfoxtechnologies.com
• Dubai Office
• 971 545391952
• Al Ansari Exchange, Ansar Gallery - Karama
  Branch, Hamsah-A Building - 3 A St - Dubai -
  United Arab Emirates