Training

Software security doesn't mean security software

The training you need for everyone who contributes to your secure software development life cycle.

Improving software security means applying a number of best practices throughout the software development life cycle. Such best practices (or touchpoints) allow software professionals to build applications that behave appropriately even when attacked. Integrating these best practices into a secure SDLC requires knowing and understanding non-functional security requirements, common attacks, secure design, and defensive programming, and also subjecting all software artifacts to thorough, objective threat modeling, risk analyses, and security testing.

Most companies have only begun to apply real solutions, often because the problem simply seems too large to manage. Applying the security touchpoints reinforced throughout our software security training courses is a solid start toward producing secure software.

As shown in the diagram below, our training covers topics such as software security fundamentals, security requirements, architectural risk analysis, defensive programming, secure code review, static analysis tools, risk-based testing strategy, and SOA, Web Services, and XML security. These topics provide technical training for every role in a secure SDLC. Software security training is available for on-site delivery and some courses are offered as eLearning modules for computer-based training (CBT). We can also combine courses to create multi-day curriculums. See the complete listing of the Cigital Security Training Series.

Course applicability by role graphic - Foundations of Software Security and Core Principals, Detailed Principals and For Executives; Attack and Defense; Architecture and Risk Analysis; Software Security Requirements; SOA, Web Services and XML Security; Defensive Programming (C/C++/C#/VB.NET/Java EE); Risk-Based Testing Strategy; Secure Code Review and Static Analysis, Fortify Add-Ons

Cigital can also work with you to customize a proficiency maturity program for all secure SDLC stakeholders. By determining the current state of software security knowledge within your organization and defining career tracks for each major role, organizations can quickly improve their overall ability to produce secure software. The diagram below gives an example of such a program.

Proficiency Maturity graphic - Organized by: Software Developers, Architects & Designers, Development & Project Managers, Business Analysts & Product Managers, Security Auditors & Compliance Assessors, Testers & QA Planners

Cigital can customize a course to meet your specific needs, click here for our Training catalog [PDF]. Call us at 800-824-0022 or e-mail us to discuss a tailored solution. To see the greatest improvement toward a secure SDLC, software security training may be needed for each of the following roles within software development and quality assurance organizations.