secure software development lifecycle swadlp training workshop

Secure SDLC Workshop

Hands ON | 5 DAYS | LAPTOP REQUIRED | 36 CPEs | SWADLP CURRICULUM

Secure Software Development Life Cycle or Secure SDLC is a systematic and structured concept to integrate Security at every phase of Software Development Life Cycle. Ensuring security in a product from scratch, not only helps in ensuring all compliances and basic security requirements but can also assist in implementing Security Controls at Low Cost.

It is adopted as a standard procedure by organizations to meet the Industry requirements and deliver high-quality and secure software.

Hack2Secure’s Secure Software Development LifeCycle (Secure SDLC or SSDLC) Workshop provides hands-on exposure and relevant Case Studies to assist in integrating Security at every phase of Web Application Development Lifecycle. It ensures exposure on different Application Security standards and best practices from NIST, OWASP, CERT, PCI-DSS etc.

Key Take Away

  • Incident Handling Plan
  • Product Security Policy
  • Final Security Review Plan
  • Supply Chain Risk Management
  • Software Security Risk Management
  • Security Checkpoints & Quality Gates
  • Basic Security Concepts & OWASP Top10
  • Secure Design Principles & Threat Modeling
  • Secure Coding Practices & Review Guidelines
  • Different phases of SDL from Security prospect
  • Gathering Security Requirements and Establishing Baseline
  • Secure Software Development and Assurance Methodologies
  • Web Application Security Testing Tools, Techniques and Methodologies

Alignment with Industry Security Standard & Practices

  • NIST SP 800-64, ISO 27034
  • PCI DSS, NIST & FIPS Recommended Security Practices
  • BSIMM & OpenSAMM Frameworks
  • OWASP Web Application Security Testing Guide
  • OWASP Secure Coding Practices and Review Guide
  • CERT Secure Coding Practices

.. & many more

Workshop Agenda

Secure SDLC Phase#1: Training and Awareness

  • About Secure SDLC Process, Requirements & Methodologies
  • Adoption of Secure SDLC in Agile
  • Core Security Concepts & Related Attacks
  • Security Design Principles
  • Risk, Threat & Vulnerability. Risk Management concept
  • Secure SDLC Standards & Frameworks
  • Security Assurance Methodologies
  • Common Vulnerability Scoring System
  • Overview on OWASP Top10 Web Application Security Risk

Secure SDLC Phase#2: Security Requirements

  • Building Security Requirement Checklist and Defining Security Quality Gates
  • Creating Product Security Baseline
  • Addressing Web Vulnerabilities in Requirement gathering phase

Secure SDLC Phase#3: Ensuring Secure Design

  • Secure Design Methodologies
  • Design Level Security Controls
  • Threat Modeling [based on STRIDE]

Secure SDLC Phase#4: Secure Implementation (Coding)

  • Application Coding: Common Security Myths
  • CWE Top25 Programming Errors
  • Implementation Security Level Controls against different Web Security Attacks
  • Defensive Coding Practices
  • Security Code Review process & Best Practices

Secure SDLC Phase#5: Web Application Security Testing

  • Application Security Testing Tools, Techniques & Methodologies
    • Testing for Core Security Concepts
    • Testing for OWASP Top10 Web Application Vulnerabilities
  • Handling Security Defects

Secure SDLC Phase#6: Security Review & Response

  • Building Final Security Review Plan
  • Overview on Security Review Processes: Auditing, VA-PT
  • Incident Handling Process
  • Threats to Supply Chain Software
  • Software Deployment & Procurement Risk

Secure SDLC Phase#7: Security in Maintenance Cycle

  • Security Patch Management
  • Handling 3rd Party Library Upgrades
  • Application Disposal Policy

Who should Attend this Workshop?

  • Software Development Team
    • Application/Software Architects
    • Software Developers
    • QE/QA/Testing Team
    • Software Consultants
    • Research Engineers
  • Security Team
    • Security Engineers, Testers and Analyst
    • Application Penetration Testers
    • Security Consultants
    • Auditors
    • Product Security Office
  • Software Management Team
    • Program / Project / Product Managers & Directors
    • Team Leads
    • Assurance Team
    • Application Senior Management
  • Students [Management & Technical Stream], looking to pursue Career in Secure Software Development and Management

WORKSHOP REGISTRATION PROCEDURE 

For SecSDLC_Blr_02

Batch Date: July 6-8, 14-15

** Register Now to get FREE Attempt to SWADLP Exam **

What to Expect?

  • 5 Days of intensive and deep-dive sessions on Secure SDLC practices and Implementation techniques
  • Dedicated Lab Setup for each Student
  • Complementary attempt to SWADLP Exam
  • Slide-deck & Lab-guide
  • Training & CPE Certificate from Hack2Secure
  • Lunch & Snacks
  • Goodies (Surprises!!)

What NOT to Expect?

  • Deep-dive to Information Security Basic concepts, apart from scoped curriculum
  • Providing deep-dive on any Programming Language or Technology
  • Any distribution of License or Key of Commercial Security Tools
  • Job Opportunity (But, it will be easy to find with this curriculum and skill-set)
  • Travel, Accommodation
  • Breakfast & Dinner

Requirements/Pre-requisites

  • Awareness on Software Development Methodologies
  • Knowledge of Web Technologies
  • Basic Protocol functionality of Protocols especially HTTP
  • Basic knowledge of UNIX & WINDOWS Operating System

Must Have

  • Students need to bring their Laptop to access Lab environment

Min. Laptop Configuration

Operating System: Windows 7, 8, 8.1, 10, Unix (Ubuntu)
RAM: Min. 4 GB (Recommended)
Modern Browser: Chrome, Firefox …
Ethernet Port (Must Have)

Software: VMware Player or Workstation

LAB Environment

  • Virtual Machine based dedicated practice environment for individuals
  • Lab environment contain all pre-installed essential Scripts & Tools, accessible via SSH, RDP and VNC interfaces
  • Lab environment contains required Open-Source Tools for in-depth exploration
  • Target Servers will also be provided in form of Virtual Machines, as part of content take-away for further exploration
  • All required (open-source) security tools will be provided at the end of the session for further practice

Download

Secure SDLC Workshop Reference Guide

Secure SDLC Workshop Schedule

Batch# Duration When Where SWADLP Attempt More Details
SecSDLC_Blr_02 5 Days 6-8, 14-15 July 2017 H2S, Bangalore Included Email us: training@hack2secure.com
Learn More

Secure Web Application Development Lifecycle Practitioner (SWADLP)

Frequently Asked Questions

Can we take Secure Web Application Development Lifecycle Practitioner (SWADLP) Exam after attending this Workshop?

We will definitely say YES, if you are confident enough provided content, concepts and Case Studies delivered across the Workshop. This program is scoped to cover almost all sections and topics as per SWADLP exam curriculum, in fact a level higher than what is required from exam preparation prospect.

Can we take SWADLP Exam without attending this Workshop?

No specific training is required for SWADLP Certification. There are many sources of information available regarding the certification objectives' knowledge areas. Practical experience is an option; there are also numerous books and documentation available in the market covering Secure SDLC process. Another option is any relevant courses from training providers, like current one from Hack2Secure.

How this program can assist in my Professional Growth?

Today, Information Security Market is witnessing a surge in demand for skilled Security Professionals. As per Techcrunch, companies have now started giving preference to professionals, who possess Information Security skills along with domain knowledge in order to combat security job crunch. Professionals possessing unique Secure SDLC process implementation skills tends to get much higher preference over other and grow faster in the industry.

Will I have brighter Job Prospect, after attending this program?

Companies around the world use "certificate" as an assurance of Candidate skills. Due to real-time 'practical' orientation and Case study based process analysis, SWADLP program ensures hiring employer that candidates possesses required security skills and know-how to get the job done.

    Book an Exam  Contact Us  Enquire Now !