Fundamentals of Secure Software Development Training

Level: Foundation

From proactive requirements to coding and testing, this secure software development training course covers the best practices any software developer needs to avoid opening up their users, customers and organization to attack at the application layer. We teach only constantly updated best practices, and our experts answer your questions live in class.

Even with good information security policy and staff, the reality is that software developers are often underserved when it comes to security strategy. If their applications get built without attention to good software security practices, risk gets passed downstream and by the time an incident occurs it’s too late to be proactive. To mitigate these risks, attend this secure software development course and return to work ready to build higher quality, more robustly protected applications.

Key Features of this Secure Software Development Training:

  • After-course instructor coaching benefit
  • Learning Tree end-of-course exam included

You Will Learn How To:

  • Best practices any software developer needs to avoid opening up their users, customers and organization to attack at the application layer.

Choose the Training Solution That Best Fits Your Individual Needs or Organizational Goals


In Class & Live, Online Training

  • 2-day instructor-led training course
  • After-course instructor coaching benefit
  • Learning Tree end-of-course exam included
View Course Details & Schedule

Standard $1885

Government $1885




Team Training

  • Bring this or any training to your organization
  • Full - scale program development
  • Delivered when, where, and how you want it
  • Blended learning models
  • Tailored content
  • Expert team coaching

Customize Your Team Training Experience


Save More On Training with FlexVouchers – A Unique Training Savings Account

Our FlexVouchers help you lock in your training budgets without having to commit to a traditional 1 voucher = 1 course classroom-only attendance. FlexVouchers expand your purchasing power to modern blended solutions and services that are completely customizable. For details, please call 888-843-8733 or chat live.

In Class & Live, Online Training

Time Zone Legend:
Eastern Time Zone Central Time Zone
Mountain Time Zone Pacific Time Zone

Note: This course runs for 2 Days *

*Events with the Partial Day Event clock icon run longer than normal but provide the convenience of half-day sessions.

Guaranteed to Run

When you see the "Guaranteed to Run" icon next to a course event, you can rest assured that your course event — date, time — will run. Guaranteed.

Partial Day Event

Learning Tree offers a flexible schedule program. If you cannot attend full day sessions, this option consists of four-hour sessions per day instead of the full-day session.

Important Secure Software Development Course Information

  • Requirements

    There are no formal prerequisites for this course.

Secure Software Development Course Outline

  • Secure Software Development

    • Assets, Threats & Vulnerabilities
    • Security Risk Analysis (Bus & Tech)
    • Secure Dev Processes (MS, BSI…)
    • Defence in Depth
    • Approach for this course
  • The Context for Secure Development

    • Assets to be protected
    • Threats Expected
    • Security Imperatives (int&external)
    • Organization's Risk Appetite
    • Security Terminology
    • Organizational Security Policy
    • Security Roles and Responsibilities
    • Security Training for Roles
    • Generic Security Goals & Requirements

    Exercise:  Our Own Security Context

  • Security Requirements

    • Project-Specific Security Terms
    • Project-Related Assets & Security Goals
    • Product Architecture Analysis
    • Use Cases & MisUse/Abuse Cases
    • Dataflows with Trust Boundaries
    • Product Security Risk Analysis
    • Elicit, Categorize, Prioritize SecRqts
    • Validate Security Requirements

    Exercise: Managing Security Requirements

  • Designing Secure Software

    • High-Level Design
      • Architectural Risk Analysis
      • Design Requirements
      • Analyze Attack Surface
      • Threat Modeling
      • Trust Boundaries
      • Eliminate Race Objects
    • Detail-Level Design
      • Secure Design Principles
      • Use of Security Wrappers
      • Input Validation
      • Design Pitfalls
      • Validating Design Security
      • Pairing Mem Mgmt Functinos
      • Exclude User Input from format strings
      • Canonicalization
      • TOCTOU
      • Close Race Windows
      • Taint Analysis

    Exercise: A Secure Software Design, Instructor Q & A

  • Writing Secure Code

    • Coding
      • Developer guidelines & checklists
      • Compiler Security Settings (per)
      • Tools to use
      • Coding Standards (per language)
      • Common pitfalls (per language)
      • Secure/Safe functions/methods
        • Stack Canaries
        • Encrypted Pointers
        • Memory Initialization
        • Function Retrun Checking (e.e. malloc)
        • Dereferencing Pointers
      • Integer type selection
        • Range Checking
        • Pre/post checking
      • Synchronization Primatives
      • Early Verification
      • Static Analysis (Code Review w/tools)
      • Unit & Dev Team Testing
      • Risk-Based Security Testing
      • Taint Analysis

    Exercise: Securing Coding Q & A

  • Testing for Software Security

    • Assets to be protected
    • Threats Expected
    • Security Imperatives (int&external)
    • Organization's Risk Appetite
    • Static Analysis
    • Dynamic Analysis
    • Risk-Based Security testing
    • Fuzz Testing (Whitebox vs Blackbox)
    • Penetration Testing (Whitebox vs Blackbox)
    • Attack Surface Review
    • Code audits
    • Independent Security Review

    Exercise: Testing Software for Security

    Releasing & Operating Secure Software

    Exercise: A Secure Software Release

  • Making Software Development More Secure

    • Incident Response Planning
    • Final Security Review
    • Release Archive
    • OS Protections:
      • Address Space Layout Randomization
      • Non-Executable Stacks
      • W^X
      • Data Execution Prevention
      • /ul>
      • Monitoring
      • Incident Response
      • Penetration Testing
    • Process Review
    • Getting Started
    • Priorities

    Exercise: Your Secure Software Plan

Team Training

Secure Software Development Training FAQs

  • What is secure software development?

    Practice ensuring that the code and processes that go into developing applications are as secure as they can possibly be.

  • Can I learn secure software development online?

    Yes! We know your busy work schedule may prevent you from getting to one of our classrooms which is why we offer convenient online training to meet your needs wherever you want. This course is available in class and live online.

Questions about which training is right for you?

call 888-843-8733
chat Live Chat

100% Satisfaction Guaranteed

Your Training Comes with a 100% Satisfaction Guarantee!*

*Partner-delivered courses may have different terms that apply. Ask for details.

Live Online
Live Online
Live Online
Live Online
Live Online
Live Online
Preferred method of contact:
Chat Now

Please Choose a Language

Canada - English

Canada - Français