Overview
Course Description
Thank you for reading this post, don't forget to subscribe!The stakes for software security are very high, and yet many development teams deal with software security only after the code has been developed and the software is being prepared for delivery. As with any aspect of software quality, to ensure successful implementation, security and privacy issues should be managed throughout the entire software development lifecycle. This course presents an approach for dealing with security and privacy throughout the entire software development lifecycle. You will learn about vulnerabilities that undermine security, and how to identify and remediate them in your own projects. You will learn general strategies for dealing with security defects and misconfiguration, how to design software to deal with the human element in security, and how to incorporate security into all phases of development.
Audience Profile
This course is designed for software developers, testers, and architects who design and develop software in various programming languages and platforms including desktop, web, cloud, and mobile, and who want to improve their ability to deliver software that is of high quality, particularly regarding security and privacy. This course is also designed for students who are seeking the Logical Operations Cyber Secure Coder (CSC) Exam CSC-110 certification.
Prerequisites
This course presents secure programming concepts that apply to many different types of software development projects. While this course uses Python, HTML, and JavaScript to demonstrate various programming concepts, you do not need to have experience in these languages to benefit from this course. However, you should have some programming experience, whether it be developing desktop, mobile, web, or cloud applications. A variety of courses covering software development that you might use to prepare for this course, such as:
• Developing Secure Universal Windows® Platform Apps in C# and XAML
• Developing Secure iOS® Apps for Business
• Developing Secure Android™ Apps for Business
• Python® Programming: Introduction
• Python® Programming: Advanced
• Programming Google App Engine™ Applications in Python®
• HTML5: Content Authoring with New and Advanced Features
• SQL Querying: Fundamentals
Course Outline
Lesson 1: Managing IoT Risks
Topic A: Map the IoT Attack Surface
Topic B: Build in Security by Design
Lesson 2: Securing Web and Cloud Interfaces
Topic A: Identify Threats to IoT Web and Cloud Interfaces
Topic B: Prevent Injection Flaws
Topic C: Prevent Session Management Flaws
Topic D: Prevent Cross-Site Scripting Flaws
Topic E: Prevent Cross-Site Request Forgery Flaws
Topic F: Prevent Unvalidated Redirects and Forwards
Lesson 3: Securing Data
Topic A: Use Cryptography Appropriately
Topic B: Protect Data in Motion
Topic C: Protect Data at Rest
Topic D: Protect Data in Use
Lesson 4: Controlling Access to IoT Resources
Topic A: Identify the Need to Protect IoT Resources
Topic B: Implement Secure Authentication
Topic C: Implement Secure Authorization
Topic D: Implement Security Monitoring on IoT Systems
Lesson 5: Securing IoT Networks
Topic A: Ensure the Security of IP Networks
Topic B: Ensure the Security of Wireless Networks
Topic C: Ensure the Security of Mobile Networks
Topic D: Ensure the Security of IoT Edge Networks
Lesson 6: Ensuring Privacy
Topic A: Improve Data Collection to Reduce Privacy Concerns
Topic B: Protect Sensitive Data
Topic C: Dispose of Sensitive Data
Lesson 7: Managing Software and Firmware Risks
Topic A: Manage General Software Risks
Topic B: Manage Risks Related to Software Installation and Configuration
Topic C: Manage Risks Related to Software Patches and Updates
Topic D: Manage Risks Related to IoT Device Firmware
Lesson 8: Promoting Physical Security
Topic A: Protect Local Memory and Storage
Topic B: Prevent Physical Port Access