This course will educate all attendees on the principles and practicalities of developing secure software and systems, threat modelling, rating risks in information security and will provide the foundations of best practices. The course is suitable both for penetration testers looking to better understand the systems they are testing from their clients' point of view and for development teams.

Who is it for?

Knowledge of development techniques, programming and methodologies such as Agile, Waterfall etc. is advisable but not required. This course is designed to give the candidates a thorough grounding in secure development principles.

Qualification

Successful candidates will receive a ‘Certificate of Attainment’ and become a ‘Member’ of Cyber Scheme as a Certified Secure Development Team Member.

Assessment

Continual assessment of understanding by the course instructor will be carried out over the duration of the course.

Objectives

The objectives for this course are to give attendees a solid and repeatable methodology when designing and working with an SDLC.

Skills Covered

Security modelling
Threat modelling
Secure development life cycle
Understanding aspects of the SDLC, including:

• Staged methodologies
• Security principles
• Risk rating
• Bug bars and gates
• Incident response principles

Understanding the assurance process:

• Penetration testing
• DAS/SAS
• Code reviews
• Risk rating practical from the pen tester's perspective

Prerequisites

A working, but basic understanding of software, operating systems and networking is beneficial, but it is not a requirement to have knowledge in all of these areas.

‍