The most trusted source for computer security training, certification and research.

select a course
Global Information Assurance Certification

I learned techniques and processes that I can use as soon as I walk back into work.
-Michael Marrion

DEVELOPER 304

Software Security Awareness

3 CPE Credits

This awareness course discusses design and implementation of software applications to reduce the risk from hackers and attacks. The concept is to engineer software so that it continues to function correctly under malicious attack. This course introduces defensive coding and tips to avoid creating problems or vulnerabilities. We also examine the most common flaws of software design and implementation, and you will learn about specific practices to avoid those flaws.

This is an introductory course, suitable for managers as well as developers to get them thinking about baking security into software. The next courses in this track would be SANS Web application security and then language specific developer security training or tester-specific courses.

  • Who Should Attend
    • Software developers
    • Software testers
    • Managers with software development responsibility
  • Prerequisites
    • There are no prerequisites; this is the introductory course to this subject.
  • A Sampling of Topics
    • Vulnerability Cycle – Discovery, Exploit and Patching
    • Principles of Security Applicable to All
  • Software
    • 9 Steps to Designing Secure Software
    • 18 Software Implementation Flaws
    • Recommended Practices for Safe Data Handling
    • Recommended Techniques and Tools for Testing the Security of Software

Instructors have excellent hands on real life experience.
-Terry Kuxhaus, State of South Dakota

Author Statement

Today, vulnerabilities are regularly found in software and patches are issued. We try to create the patches fast enough and apply them in a timely manner to avoid successful attacks targeting those vulnerabilities. But still, billions of dollars are squandered in lost productivity and downtime just from attacks against known vulnerabilities in software. Although some vulnerabilities will always exist in complex systems, there has to be a better way! There is "baking security into software," which we define as building software to be secure, robust, and reliable from the ground up. Join us as we introduce issues and approaches to bake security into software.

- Ted Demopoulos, Ralph Durkee, Stephen Northcutt

Training Events By Course