Secure Software Development: Verification and More Specialized Topics

About

Modern software is under constant attack, but many software developers have never been told how to effectively counter those attacks. This course works to solve that problem, by explaining the fundamentals of developing secure software. Geared towards software developers, DevOps professionals, software engineers, web application developers, and others interested in learning how to develop secure software, this course focuses on practical steps that can be taken, even with limited resources to improve information security. This course will enable software developers to create and maintain systems that are much harder to successfully attack, reduce the damage when attacks are successful, and speed the response so that any latent vulnerabilities can be rapidly repaired.

This course discusses how to verify software for security. In particular, it discusses the various static and dynamic analyses approaches, as well as how to apply them (e.g., in a continuous integration pipeline). It also discusses more specialized topics, such as the basics of how to develop a threat model and how to apply various cryptographic capabilities.

This is the third of the three courses in the Secure Software Development Fundamentals Professional Certificate program, and was developed by the Open Source Security Foundation (OpenSSF), a project of the Linux Foundation focused on securing the open source ecosystem. The training courses included in this program focus on practical steps that you (as a developer) can take to counter most common kinds of attacks.

What you will learn

• Security Verification: How to examine software, include some key tool types, and how to apply them in continuous integration (CI). This includes learning about security code scanners/static application security testing (SAST) tools, software component analysis (SCA)/dependency analysis tools, fuzzers, and web application scanners.
• Threat modeling/Attack modeling: How to consider your system from an attacker’s point of view and how to apply a simple design analysis approach called STRIDE.
• Fielding: How to deploy and operate secure software, handle vulnerability reports, and how to rapidly update when reused components have publicly-known vulnerabilities.
• Assurance cases & formal methods: The basics of approaches to more strongly analyze and justify that your software is secure.

Skills you learn

• Cryptography
• Software Development
• Continuous Integration
• Open Source Technology
• Linux
• DevOps
• Threat Modeling
• Software Engineering

Syllabus

• Welcome!
• Chapter 1. Verification (basics of verification; static analysis; software component analysis - SCA/dependency analysis; dynamic analysis; other verification topics - combining verification approaches)
• Chapter 2. Threat Modeling
• Chapter 3. Cryptography (symmetric/shared key encryption; cryptographic hashes (digital fingerprints); public-key (asymmetric) cryptography; cryptographic pseudo-random number generator (PRNG); storing passwords; transport layer security (TLS); other topics in cryptography)
• Chapter 4. Other Topics (vulnerability disclosures; assurance cases; distributing, fielding/deploying, operations and disposal; formal methods; top vulnerability lists)
• Final Exam (Verified Certificate track only)

Auto Summary

Immerse yourself in the essential practices of creating resilient and secure software with the "Secure Software Development: Verification and More Specialized Topics" course. This course, curated by the esteemed Open Source Security Foundation (OpenSSF) as part of the Linux Foundation, provides invaluable insights for software developers, DevOps professionals, software engineers, and web application developers aiming to fortify their applications against cyber threats. This engaging and practical course delves deep into the verification of software security, covering both static and dynamic analysis techniques. You'll learn how to integrate these methods into continuous integration pipelines, develop robust threat models, and apply critical cryptographic capabilities. By adopting these strategies, you can significantly enhance the security posture of your software, making it more resilient to attacks, minimizing potential damage, and ensuring swift responses to vulnerabilities. As the third installment in the Secure Software Development Fundamentals Professional Certificate program, this course builds on foundational knowledge, enabling you to take practical, resource-efficient steps to safeguard your applications. Offered by edX, this course is designed for learners at the foundational level, ensuring accessibility and relevance for professionals at various stages of their careers. With the convenience of a Starter subscription, you can access this comprehensive training and equip yourself with the skills necessary to proactively defend against the ever-evolving landscape of cyber threats. Join now and become adept at developing secure software that stands strong against modern attacks.