Training Course | Security by Design
Gain an understanding of how to write code that is more secure by adopting great software engineering practices.
Security by Design is an essential training course for any software engineer wanting to develop their skills in secure coding. Delegates will learn directly from industry leaders in a course outline that keeps up-to-date with modern development practices.
Duration: 2 days
Location: Virtual | Classroom
Skill Level: Intermediate
Course delegates will complete the course having gained the following knowledge.
- Design patterns that lead to more secure code
- Architectural patterns that more secure systems
- How to test your system from a security perspective
Throughout the duration of the two-day course, delegates will be armed with the ability to identify security issues much earlier in the development cycle, thus saving cost and removing business critical bugs before they appear in the wild.
Hugely interesting course and eye opening to understand all the vulnerabilities that exist. Even though we have security reps within the company this would make you think there is a need for specially trained staff whose sole focus is that.
Delegates will complete training in the following modules.
1. Code Patterns
- Data structures: Immutability and managing state, avoiding shared mutable state, domain primitives, and avoiding collections that can grow infinitely.
- Contracts and validation: Escaping inputs, and validation options built into commonly used frameworks.
- Failure handling: Avoid logging sensitive info in logs and information exposure (system internals, passwords, exception safety, etc.).
- Preventing common vulnerabilities: SQL & noSQL injection.
2. Architectural Patterns
- Managing user data and logs
- Avoid logging PII
- Secrets management / vaults
- Circuit breakers, retries and timeouts
- Using Caches to enable graceful degradation
- Principle of least privilege
- Zero trust security
- CSRF tokens
- Protocols (REST, HTTPS, Binary)
- Avoiding defaults e.g. commonly used headers that expose server information
3. Testing your Design
- How to validate that software is secure.
- Boundary testing
- Input and validation testing
- Load testing
- Exploratory testing
- Automated security testing (Pipelines, security policy as code, SAST, DAST)
Benefits of penetration testing
Delegates should be comfortable writing code in any high-level language e.g. Java, Kotlin, C# and should also have a good understanding of engineering best practices.
Looking to continue on your learning path? The following courses are ideal as follow-on courses to Security by Design.
Or send us a quick message