Secure Application Development Training | Cprime Learning
Let's Talk
Back

About Cprime Cprime, a Goldman Sachs and Everstone Capital portfolio company, is more than just a full-service consulting firm – we are your strategic partner for driving innovation and agility in your business. With over two decades of experience, we have honed our expertise to help organizations adapt at the speed the market demands.

Back Enterprise Agility Development Business Technology Training Global Talent
Back

Enterprise Agility Need to respond to change faster? To do more with less? To surpass your competition? Adopting a holistic approach to change and continuous improvement across the organization can achieve all that and more Learn more >

Back

Global TalentElevate your pool of talent to beat the global tech talent shortage and remain competitive in the marketplace with end-to-end solutions for enhancing your tech teams Learn more >

Back

Development Support lean, cost-effective workflows focused on delivering value to your customer by leveraging individual specialists or entire teams of experienced software engineers to build custom applications and integrations Learn more >

Back

Business Technology Establish the optimal tool stacks to streamline workflows, data capture, and transparency across the organization, supporting decision making and agility Learn more >

Back

Training From new ways of working to deeply technical tools-based topics, leverage 30 years of experience to bridge skills gaps, empower excellence, and foster innovation for unmatched growth. Cprime Learning >

Pages

Courses

ALL COURSES

Resources

ALL RESOURCES

Blogs

ALL BLOGS

Courses

ALL COURSES

Certifications

ALL CERTIFICATIONS

Instructors

ALL INSTRUCTORS

Fundamentals of Secure Application Development

Application developers often aren’t trained in security, yet the vast majority of breaches are related to the application layer. Learn secure development best practices that keep software safe.

Overview

The vast majority of hacks are not due to insecure networks or misconfigured firewalls; they are a result of common software flaws that get coded into applications. Even with good information security policy and staff, the reality is that software developers are often underserved when it comes to security strategy. If their applications get built without attention to good software security practices, the risk gets passed downstream and by the time an incident occurs, it’s too late to be proactive.

From proactive requirements to coding and testing, this information security training course covers the best practices any software developer needs to avoid opening up their users, customers, and organization to attack at the application layer. We teach only constantly updated best practices, and our experts answer your questions live in class. Return to work ready to build higher quality, more robustly protected applications.

View Course Outline Download Brochure
Reserve Your Seat
$1295 (USD)
Standard Delivery: 14 hours of instruction over 2 days
Group (3+): $1195 USD
GSA: $1185 USD
Education Credits:
14 PDUs
14 Technical PDUs
1 RMP PDUs
14 PDUs

Next Upcoming Course

Live Online

Jan 16th - 17th, 2025
12:00 PM - 8:00 PM ET
$1295(usd)
Register
Private Group Training View Public Schedule
form pictures
private group

Train up your teams with private group training

Have a group of 5 or more students? Cprime also provides specialist private training with exclusive discounts for tailored, high-impact learning.

Contact Us

Fundamentals of Secure Application Development Schedule

Delivery
Date
Price
Reserve your seat

Live Online

Jan 16th - 17th, 2025
12:00 PM - 8:00 PM ET
$1295(usd)
Register

Live Online

Mar 17th - 18th, 2025
9:00 AM - 5:00 PM ET
$1295(usd)
Register

Live Online

May 5th - 6th, 2025
10:00 AM - 6:00 PM ET
$1295(usd)
Register

Live Online

Jul 24th - 25th, 2025
9:00 AM - 5:00 PM ET
$1295(usd)
Register

Live Online

Sep 8th - 9th, 2025
8:30 AM - 4:30 PM ET
$1295(usd)
Register

Live Online

Nov 19th - 20th, 2025
9:00 AM - 5:00 PM ET
$1295(usd)
Register

Full Course Details

Part 1: Secure Software Development

  1. Assets, Threats & Vulnerabilities
  2. Security Risk Analysis (Bus & Tech)
  3. Secure Dev Processes (MS, BSI…)
  4. Defense in Depth
  5. Approach for this course

Introductory Case Study

Part 2: The Context for Secure Development

  1. Assets to be protected
  2. Threats Expected
  3. Security Imperatives (int&external)
  4. Organization's Risk Appetite
  5. Security Terminology
  6. Organizational Security Policy
  7. Security Roles and Responsibilities
  8. Security Training for Roles
  9. Generic Security Goals & Requirements

Exercise: Our Own Security Context

Part 3: Security Requirements

  1. Project-Specific Security Terms
  2. Project-Related Assets & Security Goals
  3. Product Architecture Analysis
  4. Use Cases & MisUse/Abuse Cases
  5. Dataflows with Trust Boundaries
  6. Product Security Risk Analysis
  7. Elicit, Categorize, Prioritize SecRqts
  8. Validate Security Requirements

Exercise: Managing Security Requirements

Part 4: Designing Secure Software

  1. High-Level Design
    1. Architectural Risk Analysis
    2. Design Requirements
    3. Analyze Attack Surface
    4. Threat Modeling
    5. Trust Boundaries
    6. Eliminate Race Objects
  2. Detail-Level Design
    1. Secure Design Principles
    2. Use of Security Wrappers
    3. Input Validation
    4. Design Pitfalls
    5. Validating Design Security
    6. Pairing Mem Mgmt Functions
    7. Exclude User Input from format strings
    8. Canonicalization
    9. TOCTOU
    10. Close Race Windows
    11. Taint Analysis

Exercise: A Secure Software Design, Instructor Q and A

Part 5: Writing Secure Code

  1. Coding
    1. Developer guidelines & checklists
    2. Compiler Security Settings (per)
    3. Tools to use
    4. Coding Standards (per language)
    5. Common pitfalls (per language)
    6. Secure/Safe functions/methods
      1. Stack Canaries
      2. Encrypted Pointers
      3. Memory Initialization
      4. Function Return Checking (e.e. malloc)
      5. Dereferencing Pointers
    7. Integer type selection
      1. Range Checking
      2. Pre/post checking
    8. Synchronization Primitives
  2. Early Verification
    1. Static Analysis (Code Review w/tools)
    2. Unit & Dev Team Testing
    3. Risk-Based Security Testing
    4. Taint Analysis

Exercise: Secure Coding Q and A

Part 6: Testing for Software Security

  1. Assets to be protected
  2. Threats Expected
  3. Security Imperatives (int&external)
  4. Organization's Risk Appetite
  5. Static Analysis
  6. Dynamic Analysis
  7. Risk-Based Security testing
  8. Fuzz Testing (Whitebox vs Blackbox)
  9. Penetration Testing (Whitebox vs Blackbox)
  10. Attack Surface Review
  11. Code audits
  12. Independent Security Review

Exercise: Testing Software for Security

Part 7: Releasing & Operating Secure Software

  1. Incident Response Planning
  2. Final Security Review
  3. Release Archive
  4. OS Protections:
    1. Address Space Layout Randomization
    2. Non-Executable Stacks
    3. W^X
    4. Data Execution Prevention
  5. Monitoring
  6. Incident Response
  7. Penetration Testing

Exercise: A Secure Software Release

Part 8: Making Software Development More Secure

  1. Process Review
  2. Getting Started
  3. Priorities

Exercise: Your Secure Software Plan

Professionals who may benefit include:

  • Application Development Managers
  • Software Engineers and Developers
  • CISOs, CISAs and Security Professionals
  • Software Testers
  • QA Managers, Directors, and Staff
  • Test Management
  • Business Analysts
  • Project Managers
  • IT Specialists (Security, Capacity Management, Networking…)

  • Understand assets, threats, vulnerabilities, and risks
  • Gather and understand security requirements
  • Design secure software
  • Write secure code
  • Test your software for security
  • Release & operate secure software

Request Private Group Training