Live Online Training
Presented by NCC Group
The 3 day course will take place online between 9am and 5pm (GMT) on 21–23 March 2022.
The price is £2,202 (inc VAT/£1,835 ex VAT).
This course has been cancelled.
Do you develop software? Whether bespoke or off the shelf, does it put your customers at risk of a security breach? Do you choose components for your enterprise architecture with security in mind and an awareness of how they impact your exposure? Beyond a pre-release penetration test, do you follow secure development best practices throughout the product’s lifecycle?
This course demonstrates the approach you should take in planning and developing a secure software development lifecycle.
Agenda – 3 days
- SDLC place in organisation’s security program. Maturity models.
- Types of SDLC: waterfall, agile, lean etc.
- Stages of SDLC: requirements gathering, architecture and design, development, testing/ validation, release/maintenance.
- Detailed coverage of security activities suitable for each stage. Software-centric threat modelling.
- Analysing and decomposing the application.
- Applying STRIDE to identify potential threats.
- DREAD and other methods of prioritisation. Determining the countermeasures and mitigations.
Who should take this course?
This course is aimed at senior software developers, QA engineers, software architects, technical project/ product/program managers, business analysts and team leaders who want to understand how to satisfy expectations around security and privacy for software and hardware over which they have responsibility or liability.
- There is no requirement to have programming skills, however, a technical understanding would be beneficial to follow secure design principles and architecture decomposition.
- One computer per delegate running Windows that you have the rights to install applications on.
- Modular PDF slide-deck of the material covered during the training
- Answers to the threat modelling exercises
About the trainers
NCC Group is a global expert in cyber security and risk mitigation, working with businesses to protect their brand, value and reputation against the ever-evolving threat landscape.
With their knowledge, experience and global footprint, they are best placed to help businesses identify, assess, mitigate & respond to the risks they face.