secure software development lifecycle workshop

Secure SDLC is a structural concept to integrate Security at every phase of Software Development Lifecycle. Ensuring security in a product from scratch, not only helps in ensuring Security Standards but can also assist in optimizing Product Development and Security Control implementation cost.
 

Hack2Secure’s Secure Software Development LifeCycle (Secure SDLC or SSDLC) Workshop provides hands-on exposure and relevant Case Studies to assist in integrating Security at every phase of Web Application Development Lifecycle. It ensures exposure on different Application Security standards and best practices taken from NIST, OWASP, CERT, PCI-DSS etc.

Security Scope across SDLC Phases

SSDLC Phase#1: Security Training & Awareness 

  • Information Security Concepts
  • Awareness of avaialble Security Controls across Development Phases
  • Security Assurance Methodologies
  • Secure SDLC Standards and Frameworks

SSDLC Phase#2: Building Security Requirements 

  • Gathering Security Requirements
  • Building Checklist and defining Security Gates
  • Setting Product Security Baselines

SSDLC Phase#3: Ensuring Secure Design

  • Secure Design Priniciples
  • Design Level Security Controls
  • Threat Modeling

SSDLC Phase#4: Secure Implementation (Coding)

  • CWE Top25 Programming Errors
  • Secure Coding Best Practices
  • Code Review Process

SSDLC Phase#5: Security Verification (Testing)

  • Application Security Testing: Tools & Techniques
  • Handling Security Defects

SSDLC Phase#6: Security Review & Response Plan

  • Final Security Review Plan
  • Security Review Processes: Auditing, Vulnerability Assessment, Penetration Testing
  • Incident Handling Process
  • Supply Chain Risk Management (SCRM)

SSDLC Phase#7: Security in Maintenance Cycle

  • Security Patch Management
  • Handling 3rd Party Library upgrades
  • Application Disposal Policy

Get aligned with Industry Security Standards & Best Practices

  • NIST SP 800-64, ISO 27034
  • PCI DSS, NIST & FIPS Recommended Security Practices
  • BSIMM & OpenSAMM Frameworks
  • OWASP Web Application Security Testing Guide
  • OWASP Secure Coding Practices, Review Guide
  • CERT Secure Coding Practices .. & many more

What You will Learn

  • Deep-dive into different phases of SDL from Security prospect
  • Learn to integrate Security in different development methodologies like Agile
  • Walk through different Security Assurance Methodologies & Risk Management Techniques
  • Learn to identify Application Security Requirements and build Checklist accordingly
  • Walk through Product Security Policy
  • Deep-dive into Threat Modeling process & Secure design Considerations
  • Deep-dive on OWASP Top10 Web Application Security Risk
  • Secure Coding practices and Manual Review Guidelines
  • Application Security Testing Methods, Tools & Techniques
  • Building Final Security Review Plan
  • Software Supply Chain Risk Management
  • Incident Handling Plan
  • Security Patch Management
  • Application Disposal Policies

Who Needs to Attend?

  • Software Development Team
    • Application/Software Architects
    • Software Developers
    • QE/QA/Testing Team
    • Software Consultants
    • Research Engineers
  • Security Team
    • Security Engineers, Testers and Analyst
    • Application Penetration Testers
    • Security Consultants
    • Auditors
    • Product Security Office
  • Software Management Team
    • Program / Project / Product Managers & Directors
    • Team Leads
    • Assurance Team
    • Application Senior Management
  • Students [Both Management & Technical Stram], Who are looking to pursue Career in Secure Software Development and Management
  • Anyone, who wants to explore practices and processes in Secure Application Development

Requirement/Pre-Requisites

  • Awareness on Software Development Methodologies
  • Knowledge of Web Technologies
  • Basic Protocol functionality of Protocols especially HTTP
  • Basic knowledge of UNIX & WINDOWS Operating System

Curriculum

Secure SDLC Phase#1: Training & Awareness

  • About Secure SDLC Process, Requirements & Methodologies
  • Core & Design Security Concepts
  • Security Assurance Methodologies
  • OWASP Top10 Web Application Security Risk
  • Secure SDLC Standards & Frameworks

Secure SDLC Phase#2: Building Security Requirements

  • Gathering Security Requirements
  • Building Checklist and Defining Security Quality Gates
  • Setting Product Security Baseline
  • Addressing Web Vulnerabilities in Requirement Phase

Secure SDLC Phase#3: Ensuring Secure Design

  • Why we Need to Secure Design
  • Secure Design Methodologies
  • Design Level Security Controls
  • Threat Modeling

Secure SDLC Phase#4: Establishing Secure Implementation Process

  • Common Web Application (Top25) Security Coding Errors
  • Secure Coding Best Practices
  • Security Code Review/Analysis
  • Manual Code Review Checkpoints
  • Automated Code Review Process

Secure SDLC Phase#5: Application Security Testing / Verification

  • Application Security Testing Techniques & Methodologies
  • Web Application Security Testing (WAST) for OWASP Top10 Web Security Risk
  • Handling Security Defects

Phase#6: Security Review & Response

  • Final Security Review Plan
  • Security Review Processes: Auditing, Vulnerability Assessment & Penetration Testing
  • Incident Handling Process
  • Software Supply Chain Risk Management (SCRM)

Phase#7: Security in Maintenance Cycle

  • Security Patch Management
  • Handling 3rd Party Library upgrades
  • Application Disposal Policy

Look into Reference Guide for Detailed Workshop Curriculum

Secure SDLC Workshop: Key Take Aways

SSDLC WORKSHOP

    Basic Security Concepts & OWASP Top10

    Different Security Controls across SDL phases

    Secure Software Development & Assurance Methodologies

    Security Requirements & Establishing Baseline

    Software Security Risk Management

    Secure Design Principles & Threat Modeling

    Secure Coding Practices & Review Guidelines

    Web Application Security Testing Tools & Techniques

    Final Security Review Plan

Send Details

Learn More about Secure SDLC Workshop

Learn More

Secure Web Application Development Lifecycle Practitioner (SWADLP)

Learn More

Secure SDLC Exam (SWADLP) Challenge

Schedule Now

Take SWADLP Exam via Pearson VUE

    Book an Exam  Contact Us  Enquire Now !